Inviting project bots (Project Access Token users) to be members of projects/groups
When searching for members to invite to a project, searching for project_
or _bot
(or other variations) will return user results for bot users that are actually Project Access Tokens.
When you try to invite one of these users, you receive an error stating is not included in the list
and the bot user is not added:
Should you be able to add these bot users as members?
- If so, it's not working (or maybe there are future plans to add this functionality?)
- If not, can we just filter them out from the search here?
- Worst case, we have a regression with regards to name display and they could leak some data (ex token name)
- Otherwise, they're just noise and clutter
- The
is not included in the list
error message is not easy to understand and could be improved upon.
It is worth noting that the member invite modal is properly redacting the token name to ****
unless you have access to the project its a member of.
Plan
Here is what I think we should do to resolve this
-
Trim users from the dropdown in the invite modal to drop project bots from another project...or any project as they should already be members anyway? - project bots can only belong to the project they were created for it seems
- looks like token mgmt is handled via
/-/settings/access_tokens
route and is merely listed on the members page without the ability to change, remove, etc that member. We should likely trim project bots from our invite members modal as the/-/settings/access_tokens
handles those. - !83651 (merged)
-
Enhance the messaging when the policy denies the update here. This isn't the first time I've come upon this and tangled me up a bit on a separate issue recently(which is why I knew where to look here).
Edited by Doug Stull