Skip to content

Add policies for handling custom roles

Jarka Košanová requested to merge 429455-member-role-policies into master

What does this MR do and why?

It adds policies for handling custom roles. Until now we checked permissions for admin_group or admin_group_member but we didn't specify what should we actually check and also admin_group or admin_group_member gets insufficient with introduction of member roles on instance level.

We decided (see the related issue) that group owners should be able to read and admin member roles on the group level and instance admins should be able to read & admin roles on the instance level.

This MR adds the respective policy rules & changes the current permission checks.

How to set up and validate locally

This is just a background change, no change in functionality. But you can check everything is working by playing around with member roles of a (root) group (eg.https://gdk.test:3443/groups/flightjs/-/settings/roles_and_permissions).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #429455 (closed)

Edited by Jarka Košanová

Merge request reports

Loading