Skip to content

Inconsistent Authorization for XRay Compared to Code Suggestions

A significant discrepancy exists between the availability of Code Suggestions and XRay features within GitLab, especially regarding how Add-On seats are recognized across different group hierarchies. Currently, Code Suggestions are enabled for users if they have an Add-On seat assigned in any group, regardless of the group's relation to the project. In contrast, XRay is restricted to only the group where the seat is directly assigned. This limitation affects users, such as CSM representatives, who cannot enable XRay in personal or demonstration namespaces unrelated to the group where their Add-On seat is assigned.

Steps to Reproduce:

  • Assign a user an Add-On seat within a primary group (e.g., gitlab.com/gitlab-org).
  • Confirm that Code Suggestions are available in a project within a completely independent group or personal namespace (e.g., gitlab.com/other-group/sample-project).
  • Attempt to enable XRay for the same project in the independent group or namespace.
  • Notice the failure to enable XRay due to the current authorization scheme which restricts its availability to the group with the assigned seat.

Expected Behavior:

Both Code Suggestions and XRay should follow a consistent authorization scheme, allowing users with an Add-On seat in any group to enable these features across all their accessible projects, irrespective of the group hierarchy.

Actual Behavior:

While Code Suggestions are universally accessible based on user’s Add-On seats in any group, XRay access is unjustly limited to the projects directly under the group where the seat is assigned. This leads to a lack of feature parity and potential dissatisfaction among users.

Proposed Fix (Option A):

Implement a system-wide check that allows any project member with developer-level access or higher, who possesses an Add-On seat in any group, to enable XRay for the project. This approach might require more complex and potentially costly queries, especially in larger, more populated groups, but it would align XRay's availability with that of Code Suggestions.

Potential Impact:

This fix would ensure feature parity and improve user satisfaction by aligning the accessibility of XRay with the expectations set by Code Suggestions. However, it may impact system performance and would require careful implementation to balance functionality with efficiency.

Edited by Matt Nohr