Part 3: SSO enforcement should respect Admin Mode for groups access
What does this MR do and why?
Related to #405021 (closed)
In !117389 (merged) and !117582 (merged) we added hundreds of specs related to SSO enforcement to change the related code confidently.
In this MR, we extract admin/auditor checks related to bypassing SSO enforcement from Group/Project policy level to ::Gitlab::Auth::GroupSaml::SsoEnforcer
class. By that refactoring, we fixed the typebug that allows admins to access groups regardless Admin Mode. We also add specs for that case and lots of new specs for ::Gitlab::Auth::GroupSaml::SsoEnforcer.group_access_restricted?
method.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.