Skip to content

Show inherited security policies when user has access to project only

What does this MR do and why?

This MR changes how we display security policies when the given user has access as a developer to the project, but only guest access to the group. Previously they were not able to see policies defined on the group level, although they should be able to see them, as it affects their development workflow.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create a new private group
  2. Create a new project in that group
  3. Create a new user and invite it as a developer to the project
  4. Create policies on the Group level and on the Project level
  5. Log in as a newly created user and verify that you can see policies defined on both levels

Related to #432141 (closed)

Merge request reports

Loading