Skip to content

Allow access to license scan report when claim is satisfied

mo khan requested to merge 208723-read-licenses into master

What does this MR do?

The current authorization to access the license_scanning report data depends on the read_pipeline claim. This claim is overly restrictive and is not necessary in order to read the license_scanning report. This MR aligns the merge_requests#license_scanning_report endpoint to use the read_licenses claim to match the permission required to view the License Compliance list page and the pipelines#licenses endpoint.

Screenshots

screenshot-2020-09-24-1600973924

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by mo khan

Merge request reports

Loading