Skip to content

Remove access request controls in admin area and replace with "Manage access" button

Related to #327369 (closed)

📖 What does this MR do?

In "Admin area" -> "Projects or Groups" -> "Choose project or group" there is a section that lists all the open access requests. This section has controls to change the expiration date, role and accept/deny the access request. These controls are currently broken and have been for a long time (at least a year as far as I can tell). My guess is these controls were accidentally broken when refactoring to page specific JavaScript at some point.

In #327369 (closed) it was decided it would make the most sense to remove these controls and instead add a "Manage access" button that deep links into the "Access requests" tab on the project/group members page. Removing these controls will also allow us to delete a decent amount of legacy HAML and jQuery (will be taken care of in a follow-up MR).

💻 Local testing

  1. Login as an Admin
  2. Create a public group or project and leave that open in a tab
  3. In a new tab click "Menu" -> "Admin" in the top nav
  4. Navigate to "Overview" -> "Users" and choose a user
  5. Click "Impersonate" in the upper right corner
  6. Refresh the other tab with the group or project and click "Request access" under the project/group name
  7. Click the "Stop impersonation" button in the upper right corner
  8. Navigate to "Admin" -> "Groups or Projects" -> the project you created

📷 Screenshots

View Before After
Project Screen_Shot_2021-06-23_at_11.05.49_AM Screen_Shot_2021-06-23_at_11.03.32_AM
Group Screen_Shot_2021-06-23_at_11.06.13_AM Screen_Shot_2021-06-23_at_11.03.12_AM

🚦 Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Peter Hegman

Merge request reports

Loading