Update permissions for creating and destroying related epic links
Related to #397073 (closed)
What does this MR do and why?
Follow-up to !128242 (merged) where we updated the permissions so that non-group-members could relate epics. After further discussion it was decided to strengthen the requirements so that the user needs to be a member of at least one of the epic groups.
This is part of a larger update that involves other epic relationship permissions and it's behind the feature flag epic_relations_for_non_members
.
Action | Before | After |
---|---|---|
Mark a target epic as related to a source epic | source |
source |
Remove related epic | source |
source |
-
🔶 - Guest for public and private groups. The licensed featurerelated_epics
is available for the group. -
🔵 - Can read the epic:Non-member
for a public group,Guest
for a private group.Reporter
if epic is confidential.
How to set up and validate locally
-
In rails console enable the feature flag
Feature.enable(:epic_relations_for_non_members)
-
Create 2 public groups with an epic each
root = User.first group1 = Group.create!(name: 'Test Group 1', path: 'test-group1', owner: root) group2 = Group.create!(name: 'Test Group 2', path: 'test-group2', owner: root) epic1 = Epic.create!(title: 'Epic 1', author: root, group: group1) epic2 = Epic.create!(title: 'Epic 2', author: root, group: group2)
-
Create a new user (or pick an existing one) and add it as a guest to
Test Group 1
-
Log in as the guest user and visit
Epic 1
, verify that the related epics widget displays theAdd
button and addEpic 2
as related. -
Visit
Epic 2
and verify it's missing theAdd
button and the option to remove the item. -
Verify that the option to unlink the epics is present when viewing
Epic 1
Screen_Recording_2023-10-12_at_13.33.01
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.