Include group links in access level check
What does this MR do and why?
This change attempts to reproduce the defect described in #462596 (closed) and resolve it.
Related to:
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Before | After |
---|---|
Before: 500 error | After: Custom Role Assigned |
How to set up and validate locally
- Create the following group hierarchies
gitlab-org/security-products/analyzers
gitlab-org/secure/managers
- Create a custom role for
gitlab-org
called"Developer+Vuln Admin"
with the:admin_vulnerability
permission and Developer as the base role. - Create a new user account named
@thiagocsf
- Create a new user account named
@smtan
- Add
thiagocsf
as a Developer togitlab-org
- Add
thiagocsf
as an Owner togitlab-org/secure/managers
- Add the
gitlab-org
group to thegitlab-org/secure/managers
group as aDeveloper
- Add the
gitlab-org/secure/managers
group to thegitlab-org/security-products/analyzers
group as anOwner
. - Log in as
thiagocsf
- Navigate to
http://gdk.test:3000/gitlab-org/secure/analyzers/-/group_members
and invite@smtan
as aDeveloper+Vuln Admin
role.
Edited by mo khan