Check correct permissions before showing Release Evidence link
What does this MR do and why?
Change EvidenceType
to check if user is authorized to read_release_evidence
. This rule is already used when downloading Release Evidence (see controller).
The read_release_evidence
rule checks download_code
and a few other rules internally (see policy).
Related to #208397 (closed)
Screenshots or screen recordings
read_release_evidence
When user can
read_release_evidence
When user cannot
How to set up and validate locally
- Create a Release.
- Wait for Release Evidence to be created.
- The Release should show a link to the Evidence (see screenshots above).
- Turn off Issues in the project's settings.
-
read_release_evidence
requiresread_issue
, so it will returnfalse
when Issues are turned off.
-
- The Release should not show a link to the Evidence anymore.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Alishan Ladhani