Projects can link and inherit the same security policy project
It is possible for a project to directly link the same security policy project that is also inherited from a group or subgroup. This can be confusing.
To avoid this, we can make sure directly linking and inheriting the same security policy project is not possible.
This behavior was first described as a bug in #411507 (comment 1451681180) but it is more of a confusing UI than a bug.
Screenshot
Implementation plan
- Return an error response in
ee/app/services/security/orchestration/assign_service.rb:27
if the project already inherits the security policy project. - Show an error message in the UI saying that an already inherited project can't be linked.
- When a new inheritance is created, by adding a security policy project to the parent group of a project, unlink the directly linked security policy project
4. Create a background migration to clean up duplicated links.moved to #454959
Edited by Dominic Bauer