Skip to content

Group minimum role should be Guest for linking an epic

Summary

Currently, in order to link an epic to another epic, the user must have a minimum role of Reporter in the both epics. Since Guest users can view epic data, there is no concern of leaking data by allowing this behavior.

In this issue, we will change the minimum role requirement in both groups to Guest. Note, this change is creating consistency with the change in #381307 (closed).

Note: Permissions should be updated in all endpoints (REST, internal GraphQL)

Note 2: Updated permissions should include checks for related_epics feature Note 3: The policy :admin_epic_relation added in !106415 (merged) should be used to replace :admin_epic.

Docs Support

For issues requiring an update to GitLab docs, please note that this is part of the definition of done for this issue. Please create a separate MR for the docs update related to the MR for the actual change to ensure code reviews are not blocked by TW reviews.

  • This issue requires an update to GitLab docs
Edited by Eugenia Grieff