Do not check read_environments for metrics dashboard APIs
What does this MR do?
Previously, users needed to have reporter
or above role in order to see a project's metrics dashboards (since the read_environment
ability is required). Recently, we added a new ProjectFeature
called metrics_dashboard
which controls the visibility of the dashboards.
The read_environment
ability is granted to all users who have the metrics_dashboard
ability so that the dashboards are accessible to those users. This includes anonymous users if metrics_dashboard
is set to public visibility.
The current approach of granting users the read_environment
ability if they have the metrics_dashboard
ability is too excessive, in my opinion. The read_environment
permission gives users the ability to query many environments APIs which allows users to list all environments and their public attributes.
However, in order to view a dashboard, the dashboard only needs a single environment's ID, name, slug and state.
This MR:
- Removes the code to grant users the
read_environment
ability if they have themetrics_dashboard
ability. - It also removes the
read_environment
requirement for metrics APIs.
With this MR, a user will be able to see a dashboard if they have the metrics_dashboard
permission, even if they do not have the read_environment
permission. However, the user will not be able to change the environment selector dropdown to another environment.
If the user has the read_environment
permission, they will be able to change the environment dropdown selector and have access to other dashboard features like annotations.
Discussion Ref: #213833 (comment 344485808)
Public visibility of metrics dashboards:
metrics_dashboard_without_read_environment_all_permissions
Public visibility of metrics dashboards with pipelines disabled:
metrics_dashboard_without_read_environment_without_pipeline_permissions
Public visibility of metrics dashboards with repository disabled:
metrics_dashboard_without_read_environment_without_repository_permissions
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team