Allow Minimal Access for Saml Group Links API
What does this MR do and why?
This change adds support for Minimal Access permission level when creating SAML group links. API only allowed standard access levels (Guest, Reporter, Developer, etc.), but now it also accepts the minimal access level as a valid option. Depending on the license/subscription, this is already allowed for the customer in the user interface.
References
- Resolves #420655 (closed)
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
Create a SAML group link with the following Minimal Access for a group on your instance. Please use the patch listed below to allow for easy creation.
curl --request POST --header "PRIVATE-TOKEN: XXX" --header "Content-Type: application/json" --data '{ "saml_group_name": "my_group", "access_level": 5 }' --url "http://localhost:3000/api/v4/groups/<GROUP-ID>/saml_group_links"This should result in the following response.
{"name":"my_group","access_level":5,"member_role_id":null,"provider":null}Patch
diff --git a/ee/lib/ee/gitlab/auth/saml/config.rb b/ee/lib/ee/gitlab/auth/saml/config.rb
index 74b6f46a8421b..e03156c611e25 100644
--- a/ee/lib/ee/gitlab/auth/saml/config.rb
+++ b/ee/lib/ee/gitlab/auth/saml/config.rb
@@ -20,7 +20,7 @@ def duo_add_on_groups
end
def group_sync_enabled?
- self.class.enabled? && groups.present? && ::License.feature_available?(:saml_group_sync)
+ true
end
# This method is specific to a given provider.
diff --git a/lib/gitlab/auth/saml/config.rb b/lib/gitlab/auth/saml/config.rb
index d7aa4f721302f..61b96c73dfaf5 100644
--- a/lib/gitlab/auth/saml/config.rb
+++ b/lib/gitlab/auth/saml/config.rb
@@ -26,7 +26,7 @@ class Config
class << self
def enabled?
- ::AuthHelper.saml_providers.any?
+ true
end
def default_attribute_statementsMR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Lukas Wanko