Require read_code instead of download_code for project related views (!103520) · Merge requests · GitLab.org / GitLab

Jerry Seto requested to merge 376180-separate-view-code-permission-from-download-code-create-2-permissions-4 into master Nov 09, 2022

What does this MR do and why?

Require read_code instead of download_code for project related views

Contributes to: #376180 (closed)

Some screenshots of affected views

!103520 (diffs)
!103520 (diffs)
!103520 (diffs)
!103520 (diffs)
!103520 (diffs)

How to set up and validate locally

The abilities that read_code should allow are intended to be a subset of those of download_code so this should not have any user impact for now (https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/policies/project_policy.rb#L853)

Check that the project page (e.g http://127.0.0.1:3000/root/test_project) looks as expected

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #376180 (closed)

Edited Nov 11, 2022 by Jerry Seto

Require read_code instead of download_code for project related views

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports