Skip to content

Remove push_code check on Mutation.securityFindingCreateMergeRequest

mo khan requested to merge 403153/mokhax/permission-specs into master

What does this MR do and why?

In %17.0 the Developer role will no longer have the admin_vulnerability permission. To make sure that we're able to roll out this deprecation in a safe way this MR adds a spec to ensure that a user that belongs to a custom role with the :admin_merge_request permission is able to execute the securityFindingCreateMergeRequest mutation.

An example of where this mutation is used can be found in https://gitlab.com/gitlab-examples/security/security-reports/-/security/vulnerabilities/46961567

image

#403153 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by mo khan

Merge request reports

Loading