[RUN AS-IF-FOSS] Raise permission to create/edit releases from Developer to Maintainer [RUN ALL RSPEC] (!56259) · Merge requests · GitLab.org / GitLab

Nathan Friend requested to merge nfriend-update-release-permissions-for-create-and-update into master Mar 10, 2021

What does this MR do?

Raises the permission level necessary to create and update a release from Developer to Maintainer.

This permission change applies to both the UI and the API (REST and GraphQL).

Why?

See #323948 (closed) for the rationale behind this change.

Screenshots

All screenshots below were taken while logged in as a user with Developer permissions.

Description	Before	After
When viewing the Releases page with Developer permissions. In the After image, Developers no longer see the New release button or the "edit" pencil button.
When navigating directly to the New Release URL (`-/releases/new`) as a Developer. In the After image, Developers get a 404 page.
When navigating directly to a release's Edit page URL (`-/releases/<tag name>/edit`) as a Developer. In the After image, Developers get a 404 page.

Notes

This is a breaking change, so this MR needs to be merged during %14.0.

Does this MR meet the acceptance criteria

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Related to #323948 (closed)

Edited Mar 16, 2021 by 🤖 GitLab Bot 🤖

[RUN AS-IF-FOSS] Raise permission to create/edit releases from Developer to Maintainer [RUN ALL RSPEC]