Draft: POC to Add Project Member Access Checks in E2E Framework for Project Authorization Refreshes
What does this MR do and why?
Due to updates with the way project authorizations will work, there may be a slight delay between when a user is added as a member to a project and when a user actually has the proper access to a project. This can cause flakiness in our tests if, after adding a member, we attempt to continue testing before the Sidekiq job to refresh the authorization has had a chance to finish: !92333 (comment 1033648348)
This POC does the following:
- On creation of a project, an issue is created that will be used to check whether project authorization refresh is complete. I decided to choose issues because it is a feature that is available on all tiers and requires minimal setup.
- When a user is added as a member to a project (via API for now), they will perform an action on the issue depending on their role to verify they have the proper access before continuing.
- If a user is being added as a guest, a request is sent to GET
/projects/:id/issues/:issue_iid
to verify they can view an issue - If a user is being added as a reporter or above, a request is sent to PUT
/projects/:id/issues/:issue_iid
to close or reopen an issue, depending on its state -
NO_ACCESS
andMINIMAL_ACCESS
are not considered here, as they are not valid options for adding a project member
- If a user is being added as a guest, a request is sent to GET
- This member access check can be controlled by setting an attribute on the project resource called
check_member_access
. That way, we only need to create the issue & perform these extra steps for tests that add a member to a project, since not all tests do.
This is only a POC for now and only covers adding a project member via API
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.