Fix query in User#authorized_groups (!153205) · Merge requests · GitLab.org / GitLab

Heinrich Lee Yu requested to merge 461528-fix-authorized-groups into master May 16, 2024

What does this MR do and why?

Child project members of an invited group are not given access to the inviting group. Only direct members are given access.

So these records should not be included in User#authorized_groups.

Old query: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/28284/commands/88295

New query: https://postgres.ai/console/gitlab/gitlab-production-main/sessions/28284/commands/88292

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Create a private group named private-group
Create another private group named invited-group
Create a project named invited-group-project under invited-group
Add a user as a member of invited-group-project
Add invited-group as a member of private-group.

As the user, visit /dashboard/groups and you should not see private-group in the list.

Related to #461528

Edited May 16, 2024 by Heinrich Lee Yu

Fix query in User#authorized_groups

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports