@rkumar555 can you review this MR please?

This is just a small follow-up to !226213 (merged). I forgot to update the same endpoints at the project-level.

What does this MR do and why?

This matches the group-level autocomplete and other autocomplete endpoints

References

• !226213

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Heinrich Lee Yu (c0464dd6) at 17 Mar 02:59

@imam_h the changes look good. But I think we have a legitimate CI failure: https://gitlab.com/gitlab-org/gitlab/-/jobs/13517115353

Heinrich Lee Yu (9e34b112) at 17 Mar 02:50

... and 1 more commit

Heinrich Lee Yu (508f387f) at 17 Mar 02:50

What does this MR do and why?

The MR changes the way the JwksController compares the request path with the predefined OAUTH_PATHS, to make sure it works when the request.path contains the relative_url_root.

I also updated the test to include the relative_url_root in the request path

References

This is a fix for the issue reported in #593122

How to set up and validate locally

Just run the changed rspec test:

bin/rspec spec/requests/jwks_controller_spec.rb

Related to #593122

I'll try starting a new pipeline.

Heinrich Lee Yu (02692696) at 15 Mar 22:53

... and 1 more commit

Heinrich Lee Yu (3aec8593) at 15 Mar 22:53

What does this MR do and why?

Previously, the work item settings menu items at the root group and subgroup levels only checked whether the relevant feature flag was enabled, without validating user permissions.

This MR adds proper permission validation so that both feature availability and user permissions are checked before displaying the menu items.

To keep the logic consistent and reusable, the permission checks are implemented using the shared logic from the WorkItems::SettingsPermissions concern.

Notes

• The combination of permission checks required for root groups and subgroups was originally introduced in !225424.
• Permission checks at the project level will be introduced in a separate issue: #593299.

References

• #590426
• !225424

Screenshots or screen recordings

	Root group	Subgroup
Authorized user
Unauthorized user

How to set up and validate locally

1. Enable the work_item_configurable_types feature flag.
2. As an authorized user (for example, maintainer), navigate to the root group and subgroup work item settings pages and verify that you can access them. The menu item should be visible.
3. As an unauthorized user (for example, developer), navigate to the root group and subgroup settings pages and verify that you cannot access them. The menu item should not be visible.
4. Disable the feature flag. As an authorized user:
   1. When navigating to the root group settings page, you should still be able to access the page, but the work item types section should not be visible. The menu item should be visible.
   2. When navigating to the subgroup settings page, you should not have access. The menu item should not be visible.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

They all go through the same #provider code path, so maybe it's fine.

It's also fine to add these in a separate MR if you want.

Thanks @alexander.rusa, this looks good 👍

What does this MR do and why?

The MR changes the way the JwksController compares the request path with the predefined OAUTH_PATHS, to make sure it works when the request.path contains the relative_url_root.

I also updated the test to include the relative_url_root in the request path

References

This is a fix for the issue reported in #593122

How to set up and validate locally

Just run the changed rspec test:

bin/rspec spec/requests/jwks_controller_spec.rb

Related to #593122

Heinrich Lee Yu (b63c33c7) at 13 Mar 14:16

@pmurray7 I created the patch here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/227230.patch

I've already removed the spec changes there.

Once the patch is applied, we should not see any NoSpaceLeft exceptions unless they are actually at the min / max positions.

What does this MR do and why?

Applies !226378, !226618, and !226679 to 18.2 without spec changes

This is not meant to be merged

Heinrich Lee Yu (02e1b307) at 13 Mar 09:56

... and 332 more commits

We are currently looking at edge cases where NoSpaceLeft is raised incorrectly and a rebalance is triggered unnecessarily.

We have 2 fixes that are already merged:

1. !226378 (merged)
2. !226618 (merged)

Also, I have an improvement to Issues::PlacementWorker that would reduce the chances of setting items to the same position: !226679 (merged)

Since all 3 are now merged, we can test out a patch that can be applied to 18.2.8

Thanks, looks good to me 👍