Expose project settings in REST API only for maintainer+ users
What does this MR do and why?
Expose project settings in REST API only for maintainer+ users
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Add a user to as a Guest to a project.
- Create a personal access token as that user and then query the REST API
curl --header "Authorization: Bearer <ACCESS-TOKEN>" "http://127.0.0.1:3000/api/v4/projects/<PROJECT_ID>"
- You shouldn't see any project settings.
- However, if you upgraded that user to the Maintainer of the project, you should see all the project settings
Related to #442899 (closed)
Edited by Hinam Mehra