Skip to content

Update file permissions.md

Greg Alfaro requested to merge truegreg-master-patch-9f76 into master

What does this MR do and why?

Provides clarification on a technicality regarding the user auth model. The current auth model prohibits Guests from viewing MRs as that permission is a user auth attribute. The attribute is overloaded whenever the project is set to public, effectively allowing for the guest user to view MR lists when it is typically prohibited by his role. Slack convo here.

I'm adding a 25th footnote to help clarify this as it currently reads that guests should not be able to view MRs. This isn't always true as anyone can visit https://gitlab.com/gitlab-org/gitlab/-/merge_requests unauthenticated to view MRs. This change accounts for that instance.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports