Skip to content

Remove push rules lock on group and project level

What does this MR do?

Remove push rule locks on group and project level

When group level push rules are checked, the children project level ones are locked but the values are not checked. This behaviour leaves the permission in inconsistent states. The same issue is also observed between instance level and group level push rules.

This commit remove locks imposed by instance level and group level on the lower lever approval rules.

Screenshots (strongly suggested)

Level Before After
Instance (admin) instance_before instance_after
Group (owner) group_before group_after
Project (maintainer) project_before project_after

Testing

Instance lock Group

  1. As an admin, navigate to application settings page Admin Area > Push Rules
  2. Enable Reject unverified users and Reject unsigned commits
  3. As a group owner, navigate to group push rule page Group > Push Rules
  4. Ensure Reject unverified users and Reject unsigned commits are editable. Please note that the value of the checkbox is not the same the ones from instance level.

Group lock Project

  1. As a group owner, navigate to group push rule page Group > Push Rules
  2. Enable Reject unverified users and Reject unsigned commits
  3. As a project maintainer, navigate to project settings page Settings > Repository > Push Rules
  4. Ensure Reject unverified users and Reject unsigned commits are editable. Please note that the value of the checkbox is not the same the ones from group level.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Related to #301116 (closed)

Edited by Tan Le

Merge request reports

Loading