Restrict access to crm to reporter+
What does this MR do and why?
Related to #349685 (closed)
This MR bumps the minimum membership requirement to view crm contacts/organizations.
How to set up and validate locally
0. Enable :customer_relations feature flag for a group via the rails console
1. Visit a group settings page (e.g. http://gdk.test:3000/groups/flightjs/-/edit
2. Expand "Permissions and group features"
3. At the very bottom, select "Enable customer relations"
4. Select "Save changes"
5. Visit the customer relations > contacts page for the group (e.g. http://gdk.test:3000/groups/flightjs/-/crm/contacts
8. Create a new contact
9. Navigate to an issue in the group
10. Add the contact to the issue using the "/add_contacts email@example.com" quick action
11. Impersonate a user with below reporter permissions
12. Ensure you can't see the customer relations menu item, or access the contacts/organization lists (e.g. http://gdk.test:3000/groups/flightjs/-/crm/contacts and http://gdk.test:3000/groups/flightjs/-/crm/organizations
13. Navigate to the issue you previously attached a contact to
14. Ensure you can't see the contacts widget
15. Impersonate a user with report permissions
You get the idea :)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Lee Tickett