• Stan Hu's avatar
    Allow a member to have an access level equal to parent group · 32ddc3fe
    Stan Hu authored
    Suppose you have this configuration:
    
    1. Subgroup `hello/world`
    2. Subgroup `hello/mergers`.
    3. Project `hello/world/my-project` has invited group `hello/world` to
    access protected branches.
    4. The rule allows the group to merge but no one can push.
    5. User `newuser` has Owner access to the parent group `hello`.
    
    Previously, there was no way for the user `newuser` to be added to the
    `hello/mergers` group since the validation only allowed a user to be
    added at a higher access level.
    
    Since membership in a subgroup confers certain access rights, such as
    being able to merge or push code to protected branches, we have to
    loosen the validation and allow someone to be added at an equal level
    granted by the parent group.
    
    Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/11323
    32ddc3fe
sh-allow-equal-level-in-subgroup-membership.yml 113 Bytes