Skip to content

Log correct audit event when changing custom role

Jarka Košanová requested to merge 427954-audit-role-to-member into master

What does this MR do and why?

It changes the format of audit event details around group/project membership changes.

When handling a default role (static role) we use Default role: ROLE NAME label. When handling a custom role we use Custom role: ROLE NAME label.

A new method was added to the Gitlab::Access as I expect it to be used on more places in the future.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before After
Screenshot_2024-01-17_at_11.33.42_before Screenshot_2024-01-25_at_14.05.59

How to set up and validate locally

If you don't have any custom roles stored on your instance

  1. Run the following graphQL query to create a custom role (skip groupPath if you are on self-managed instance) (https://gdk.test:3443/-/graphql-explorer)
mutation {
  memberRoleCreate(input: {
    groupPath: "flightjs"
    name: "Role name", 
    description: "This is a new test role",
    baseAccessLevel: GUEST,
    permissions: [READ_CODE, READ_VULNERABILITY]
  }) {
    errors
    memberRole {
      id
      name
    }
  }
}
  1. Visit a group or project member page such as https://gdk.test:3443/groups/flightjs/-/group_members
  2. Assign this custom role to a member
  3. Assign a static role to a member with a custom role
  4. Visit Admin - Monitoring - Audit logs or Group -> Secure -> Admin events and verify the correct messages are displayed (the name of the custom role should be displayed)

Related to #427954 (closed)

Edited by Jarka Košanová

Merge request reports

Loading