Add a new policy for reading group members
What does this MR do and why?
In https://gitlab.com/gitlab-org/gitlab/-/issues/371956 we identified that when a root namespace is over it's storage limit, the usage quotas page would render an error because the REST API call to fetch billable members would fail the admin_group_members
policy check.
This MR addresses the issue by adding a new ability for admins/owners to read_billable_members
which is not disabled when the storage limit is reached (over_storage_limit).
With this, customers can still view their usage quotas / billable members, but the related actions via admin_group_members
will still be prohibited as originally intended for namespaces over their storage limit.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
- Checkout
master
branch - Modify
Namespace#over_storage_limit?
to returntrue
- Visit the usage quotas page for a root group
- Observe the error described in https://gitlab.com/gitlab-org/gitlab/-/issues/371956
- Checkout this branch (
vij-fix-usage-quotas-policy
) - Visit the usage quotas page and observe it loads without error
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.