Fixes NonOwnerAlertComponent auth check (!136557) · Merge requests · GitLab.org / GitLab

Vijay Hawoldar requested to merge vij-fix-non-owner-component-auth into master Nov 10, 2023

What does this MR do and why?

Fixes NonOwnerAlertComponent auth check to ensures that only guests and above can view the component via their membership of the root namespace.

Previously to this MR, anyone viewing a public group would have passed the read_ability check and have seen the banner:

[1] pry(main)> Ability.allowed?(nil, :read_group, Group.public_only.first)
=> true

The banner cannot currently be viewed by users - it's a banner displayed to customers who are over both the storage and user limits, but storage limits have not been enabled yet.

This will be false until this feature flag check is true

Refs #431297 (closed)

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 13, 2023 by Vijay Hawoldar

Fixes NonOwnerAlertComponent auth check

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports