Skip shared group validation for the approval form
What does this MR do and why?
Contributes to #350596 (closed)
Problem
User access to shared group validation applies only to the group itself and does not check if the user has inherited access rights.
Solution
Skip validation before we find a way to correctly verify user permissions.
Screenshots or screen recordings
FF off | FF on (Group C is available) |
---|---|
How to set up and validate locally
Enable feature flag:
Feature.enable(:permit_all_shared_groups_for_approval)
- Share a group with a project (Project information -> Members -> Groups (tab))
- Setup a user that has access to the project, but don't have access to the group
- Create a merge request as a user
- Edit merge request and click on
Approval rules
- Click
Add approval rule
button - Click on
Add approvers
field - Verify that shared group name is present there (when feature flag is on)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Vasilii Iakliushin