Inherited group members selected as approvers are not displayed in Policy Drawer/Edit Policy Editor for group-level Scan Result Policies
Summary
- Sub-groups with scan result policies with inherited approvers are not displayed in the policy drawer
- Sub-groups with scan result policies with inherited approvers are not displayed in the policy editor when editing a policy
Steps to reproduce
- Create a group with direct members
- Create a sub-group where the members are inherited from the parent group
- Create a scan result policy with inherited approvers (this will be impossible to do via rule mode because of #389863 (closed), but one can create the policy in the parent group using Rule mode, copy the yaml, and paste it into the sub-group policy editor's yaml mode)
- View the new policy in the policies list
- View the edit page for the the policy
Example Project
(Developers, please feel free to request access if needed)
What is the current bug behavior?
Sub-groups with scan result policies with inherited approvers are not displayed the approvers in the policy drawer
Sub-groups with scan result policies with inherited approvers are not displayed in the edit policy editor
What is the expected correct behavior?
Sub-groups with scan result policies with inherited approvers are not displayed the approvers in the policy drawer
Sub-groups with scan result policies with inherited approvers are not displayed in the edit policy editor
Relevant logs and/or screenshots
Scenario | Screenshot |
---|---|
Policy List | |
scanResultPolicies network request |
|
Policy Editor `el.dataset.scanResultApprovers |
Possible fixes
- The fetch_policy_approvers_service.rb is used to populate both the the graphql/scan_result_policy_resolver.rb/approvers and groups/policies_controller.rb/approvers and I think it only matches user ids to direct users and not inherited users.
- call
authorizable_members_with_parents
instead of users in fetch_policy_approvers_service.rb#L38.
- call
Edited by Alexander Turinske