Update permissions for creating and destroying related epic links
Related to #397073 (closed)
What does this MR do and why?
Follow-up to !128242 (merged) where we updated the permissions so that non-group-members could relate epics. After further discussion it was decided to strengthen the requirements so that the user needs to be a member of at least one of the epic groups.
This is part of a larger update that involves other epic relationship permissions and it's behind the feature flag epic_relations_for_non_members.
| Action | Before | After |
|---|---|---|
| Mark a target epic as related to a source epic | source |
source |
| Remove related epic | source |
source |
-
🔶 - Guest for public and private groups. The licensed featurerelated_epicsis available for the group. -
🔵 - Can read the epic:Non-memberfor a public group,Guestfor a private group.Reporterif epic is confidential.
How to set up and validate locally
-
In rails console enable the feature flag
Feature.enable(:epic_relations_for_non_members) -
Create 2 public groups with an epic each
root = User.first group1 = Group.create!(name: 'Test Group 1', path: 'test-group1', owner: root) group2 = Group.create!(name: 'Test Group 2', path: 'test-group2', owner: root) epic1 = Epic.create!(title: 'Epic 1', author: root, group: group1) epic2 = Epic.create!(title: 'Epic 2', author: root, group: group2) -
Create a new user (or pick an existing one) and add it as a guest to
Test Group 1 -
Log in as the guest user and visit
Epic 1, verify that the related epics widget displays theAddbutton and addEpic 2as related. -
Visit
Epic 2and verify it's missing theAddbutton and the option to remove the item. -
Verify that the option to unlink the epics is present when viewing
Epic 1
Screen_Recording_2023-10-12_at_13.33.01
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.