Add explicit permission for modifying a value stream (!122924) · Merge requests · GitLab.org / GitLab

Adam Hegyi requested to merge ah-explicitly-define-permission-for-modifying-value-streams into master Jun 07, 2023

What does this MR do and why?

This MR fixes a bug by explicitly specify a policy permission for value stream modification actions. With specific project configurations lower access levels might be able to change value stream objects.

This only affects the recently released project level value stream page which requires license. The group-level VSA feature already required a higher level access to visit the page.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 07, 2023 by Adam Hegyi

Add explicit permission for modifying a value stream

What does this MR do and why?

MR acceptance checklist

Merge request reports