New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add min_access_level to GitLab groups query #46480
Conversation
❌ Problem: the label |
Codenotify: Notifying subscribers in CODENOTIFY files for diff e06b1cc...1a5b237.
|
@@ -19,7 +19,7 @@ func (c *Client) ListGroups(ctx context.Context, page int) (groups []*Group, has | |||
return MockListGroups(ctx, page) | |||
} | |||
|
|||
url := fmt.Sprintf("groups?per_page=100&page=%d", page) | |||
url := fmt.Sprintf("groups?per_page=100&page=%d&min_access_level=10", page) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if the user is in more than 100 groups? We have no pagination?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is page=%d
in there.
Just about all of our clients depend on the caller to paginate through the list
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤦♂️ Ugh, you're right. Sorry!
When checking if a user belongs to a GitLab group to restrict signup, we hit the /groups endpoint and check whether any of the returned groups are in that endpoint.
However, this endpoint returns all visible groups. Just because a group is visible to a user does not imply the user is a member of that group.
We need to add
min_access_level=10
to the query, so that the user has to, at minimum, be a guest on the group.Test plan
Manual verification