Add team members to policy project only when not added for the group
What does this MR do and why?
This MR fixes a bug where when the user was added to both the project and group with the Maintainer role Security Policy Project creation was failing as it was impossible to add this user with Developer role to the Security Policy project because of the higher_access_level_than_group
validation.
Queries
https://console.postgres.ai/gitlab/gitlab-production-main/sessions/25409/commands/80479
SELECT DISTINCT
"project_authorizations"."user_id"
FROM
"project_authorizations"
WHERE
"project_authorizations"."project_id" = 278964
AND "project_authorizations"."access_level" IN (40, 30)
AND (NOT EXISTS (
SELECT
1
FROM
"members"
WHERE
"members"."type" = 'GroupMember'
AND "members"."source_type" = 'Namespace'
AND (members.user_id = project_authorizations.user_id)
AND "members"."source_id" = 9970
AND "members"."access_level" >= 30));
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create a new group
- Create a new project in that group
- Create a new user and add it as a Maintainer in both Group and Project
- Go to the Project, then
Secure -> Policies
and try to create a new policy. - The security policy project should be created without issues.
Related to #416875 (closed)
Edited by Dominic Bauer