Limit SD configuration route to developer+ roles
What does this MR do and why?
This merge request limits access to the SD configuration route currently only used for managing SD Exclusions to developer+
roles by checking if the current user can read_project_security_exclusions
which is only available to developer+
(including auditor
) roles.
With this change, accessing the page isn't possible to guest
or reporter
roles.
No spec changes because the corresponding test was already using developer
vs. guest
roles.
MR acceptance checklist
I have evaluated this MR against the MR acceptance checklist.
Edited by Ahmed Hemdan