Add "Manage deploy tokens" custom permission
What does this MR do and why?
This MR adds Manage deploy tokens
as a customizable permission, so that it can be added onto any base role.
This makes managing deploy tokens on group and/or project level available to all roles, as the Owner
role might have too many privileges for all use cases.
issue: #448843 (closed)
Screenshots or screen recordings
Group member with custom role | Project member with custom role |
---|---|
How to set up and validate locally
As admin:
- Create a group and apply the Ultimate license to the group
- If SaaS mode is:
-
off: Visit http://localhost:3000/admin/application_settings/roles_and_permissions and create a custom role with the
Manage deploy tokens
permission enabled, based on Guest access -
on: Visit http://localhost:3000/groups/${new_group}/-/settings/roles_and_permissions and create a custom role with the
Manage deploy tokens
permission enabled, based on Guest access
-
off: Visit http://localhost:3000/admin/application_settings/roles_and_permissions and create a custom role with the
- Invite a user to the group and assign the new custom role to the user
As group member with the custom role:
- Visit http://localhost:3000/groups/${new_group}/-/settings/repository and verify the page is accessible and you can view, add and revoke tokens.
- Verify you can view add and revoke tokens via the deploy tokens API.
As admin:
- Create a project in the group
- Invite another user to the project and assign the new custom role to the user
As project member with the custom role:
- Visit http://localhost:3000/{new_group}/{new_project}/-/settings/repository and verify the page is accessible and you can view, add and revoke tokens.
- Verify you can view add and revoke tokens via the deploy tokens API.
Edited by Alex Buijs