Limit SD configuration route to developer+ roles (!169126) · Merge requests · GitLab.org / GitLab

Ahmed Hemdan requested to merge limit-secret-detection-configuration-route-to-developers-plus into master Oct 14, 2024

What does this MR do and why?

This merge request limits access to the SD configuration route currently only used for managing SD Exclusions to developer+ roles by checking if the current user can read_project_security_exclusions which is only available to developer+ (including auditor) roles.

With this change, accessing the page isn't possible to guest or reporter roles.

No spec changes because the corresponding test was already using developer vs. guest roles.

MR acceptance checklist

I have evaluated this MR against the MR acceptance checklist.

Edited Oct 14, 2024 by Ahmed Hemdan

Limit SD configuration route to developer+ roles

What does this MR do and why?

MR acceptance checklist

Merge request reports