Hide `New project` button if visibility is restricted
What does this MR do and why?
To understand what this MR is doing go through the description of the original MR here !110566 (merged).
The above MR was reverted because of the bug mentioned here in the revert MR description !111479 (merged).
This MR fixes the bug due to which the original MR was reverted i.e. New project
button was not being shown for public groups even though only Private visibility was restricted from the admin area.
I have added comprehensive test coverage in spec/policies/group_policy_spec.rb to verify the fix for the revert which I'll explain below:
A group can contain projects with visibility equal to that of the group or tighter than it. Therefore the following holds:
- Public groups can contain public, internal, and private projects
- Internal groups can contain internal and private projects
- Private groups can only contain private projects
We're hiding the New project
button if all the possible visibilities (equal to the group's visibility or tighter than it) are restricted from the admin area. I'll explain it with some examples:
- If private visibility is restricted then it's not possible to create projects in a private group so hide the
New project
button. - If private visibility is restricted then it's possible to create projects in an internal group with internal visibility so show the
New project
button. - If private and internal visibilities are restricted then it's not possible to create projects in an internal group so hide the
New project
button. - If public visibility is restricted then it's possible to create internal and private projects in a public group so show the
New project
button.
The same above logic has been applied in the policy specs. Also note: The admin visibility restrictions don't apply to admin users.
Screenshots or screen recordings
Group overview
Before | After |
---|---|
Create new project
Before (after submitting form) | After |
---|---|
How to set up and validate locally
To valid the solution follow these steps !110566 (merged)
To validate the fix for the revert follow these:
- Create a public group
- Invite a user as an owner to the public group
- Go to the admin area ->
Settings
->General
->Visibility and access controls
- In the
Restricted visibility levels
setting check onlyPrivate
. Save the form. - Go to the admin area ->
Users
- Find the user you invited in step 2
- Click
Impersonate
- Navigate to the group you created in step 1
- The
New project
button should be shown
!110566 (merged)
What was missed in the original MR-
VisibilityLevelChecker
only checks if the visibility level of the passed project is restricted or not. So if a public project is passed to it and public visibility is restricted it won't say that private and internal visibilities are possible. - We were passing Project.new to it and by default
Project.new
creates a project with private visibility. - Even if we pass the group's visibility to
Project.new
it won't account for tighter permissible visibilities like internal and private in a public group when public visibility is restricted.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #384356 (closed)