Skip to content

Limit non-administrators to adding 100 members at a time to groups and projects

What does this MR do?

Introduces a 100-member limit when adding users as members to groups or projects

Are there points in the code the reviewer needs to double check?

The number was chosen entirely arbitrarily in #27148 (closed)

Why was this MR needed?

Allowing unprivileged users to specify arbitrarily large amounts of work for GitLab to do is a security risk

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Closes #27148 (closed)

Merge request reports