Test: ensure developers in parent group cannot push without push access
What does this MR do and why?
Adds E2E test as per https://gitlab.com/gitlab-org/gitlab/-/issues/434285 for the scenario described here: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213#particular-group-hierarchy-and-permissions-configuration-impacted
This E2E test is a corrective action identified in this discussion: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17216#note_1681537609
How to set up and validate locally
QA_GITLAB_URL=http://192.168.4.31:3000 GITLAB_QA_PASSWORD_1=<password_for_gitlab-qa-user1> bundle exec rspec qa/specs/features/ee/browser_ui/3_create/repository/restrict_push_protected_branch_spec.rb:102
This has been verified with the problematic MR, see comment: !140765 (comment 1750694960)
Purpose of test
The test setup involves the following elements:
- Sandbox top-level group (All tests use a sandbox group to manage data, this isn't related to the test case)
-
parent_group
-> sub-group of Sandbox group -
sub_group
-> sub-group ofparent_group
-
user_developer
-> member ofparent_group
(Developer) -
project
-> created inparent_group
-
protected_branch
-> created inproject
,sub_group
is allowed to push
The test then ensures that user_developer
cannot push to protected_branch
Screenshots
To explain the scenario i've attached screenshots that the automated test produces.
Parent group
Contains the sub-group and project
Sub group
Contains the developer user (note: i did not add the user, it gets inherited)
Project
Has the developer user and the sub-group as a member
Protected branch:
Sub-group can push and merge, maintainer role added as per https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213#note_1682717117