Skip to content

Restrict access to crm to reporter+

Lee Tickett requested to merge 349685-restrict-crm-to-reporters into master

What does this MR do and why?

Related to #349685 (closed)

This MR bumps the minimum membership requirement to view crm contacts/organizations.

How to set up and validate locally

0. Enable :customer_relations feature flag for a group via the rails console
1. Visit a group settings page (e.g. http://gdk.test:3000/groups/flightjs/-/edit
2. Expand "Permissions and group features"
3. At the very bottom, select "Enable customer relations"
4. Select "Save changes"
5. Visit the customer relations > contacts page for the group (e.g. http://gdk.test:3000/groups/flightjs/-/crm/contacts
8. Create a new contact
9. Navigate to an issue in the group
10. Add the contact to the issue using the "/add_contacts email@example.com" quick action
11. Impersonate a user with below reporter permissions
12. Ensure you can't see the customer relations menu item, or access the contacts/organization lists (e.g. http://gdk.test:3000/groups/flightjs/-/crm/contacts and http://gdk.test:3000/groups/flightjs/-/crm/organizations
13. Navigate to the issue you previously attached a contact to
14. Ensure you can't see the contacts widget
15. Impersonate a user with report permissions
You get the idea :)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Lee Tickett

Merge request reports

Loading