Skip to content
Snippets Groups Projects
Commit cdbb4cd8 authored by GitLab Release Tools Bot's avatar GitLab Release Tools Bot
Browse files

Merge branch 'security-fix-cr-edit-17-2' into '17-2-stable-ee' 

Prevent users with admin_group_member custom ab. to manage custom roles

See merge request https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4426



Merged-by: default avatarGitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>
Approved-by: default avatarcharlie ablett <cablett@gitlab.com>
Co-authored-by: Jarka Kadlecova's avatarJarka Košanová <jarka@gitlab.com>
parents 0b865128 d81400b5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
ee/app/policies/ee/group_policy.rb
+ 0
4
View file @ cdbb4cd8
@@ -544,10 +544,6 @@ module GroupPolicy
enable :admin_member_role
end
 
rule { custom_roles_allowed & can?(:admin_group_member) }.policy do
enable :admin_member_role
end
rule { custom_role_enables_admin_cicd_variables }.policy do
enable :admin_cicd_variables
end
ee/spec/policies/group_policy_spec.rb
+ 1
1
View file @ cdbb4cd8
@@ -3582,7 +3582,7 @@ def create_member_role(member, abilities = member_role_abilities)
 
context 'for a member role with admin_group_member true' do
let(:member_role_abilities) { { admin_group_member: true } }
let(:allowed_abilities) { [:admin_group_member, :admin_member_role] }
let(:allowed_abilities) { [:admin_group_member] }
 
it_behaves_like 'custom roles abilities'
 
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment