Fix: keep latest artifacts checkbox shows always disabled
What does this MR do?
Fix for #322115 (closed)
When viewing the project CI/CD settings as non application admin it shows the checkbox Keep artifacts from most recent successful jobs always disabled, saying that "This feature is disabled at the instance level", although the application settings shows that the feature IS enabled.
The problem is located in the application settings GraphQL response since we authorize reading application settings to only admins.
The frontend uses both:
- project-level setting in order to draw the checkbox and its status
- application-level settings in order to enable/disable changes and showing the help text
Fix
Rather than fetching application-level settings from GraphQL we only display the Artifacts section of the project settings if the application setting keep_latest_artifact is enabled. Otherwise we hide the entire section since that setting is the only one in the section today.
As this is a severity2 regression, this has Pick into auto-deploy
Screenshots (strongly suggested)
| Application setting disabled | Application setting enabled |
|---|---|
 |
 |
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines - [-] Merge request performance guidelines
-
Style guides - [-] Database guides
- [ -] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team