Archive Project custom permission
What does this MR do and why?
This MR adds Archive Projects
as a customizable permission, so that it can be added onto any base role.
This makes archiving projects available to all roles, as the Owner
role might have too many privileges for all use cases.
Issue: #425957 (closed)
Screenshots or screen recordings
Group owner:
Group member with custom archive_project
role:
How to set up and validate locally
- Enable the
archive_project_custom_permission
Feature Flag:Feature.enable(:archive_project_custom_permission)
- Create a namespace and a project within that namespace and apply the
Ultimate
license to the namespace. - Create a new custom role that enables
archive_project
fromGroup
->Settings
->Roles and Permissions
- Invite a (guest) user to the group and assign this role to the user. As there is currently no UI for doing this, make a REST API call:
curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id": '$MEMBER_ROLE_ID', "access_level": 10}' "http://localhost:3000/api/v4/groups/$ID/members/$USER_ID"
- Log in as the guest user with the archive project custom permission and check if you can do the following actions:
- Archive the project from the UI and via REST API
- Unarchive the project from the UI and via REST API
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Alex Buijs