Ian Anderson activity https://gitlab.com/imand3r 2026-03-18T17:00:55Z tag:gitlab.com,2026-03-18:5218695302 Ian Anderson commented on merge request !227398 at GitLab.org / GitLab 2026-03-18T17:00:55Z imand3r Ian Anderson

@Bixilon I don't think we want to accept this change to support your custom use case. The members finders are used elsewhere internally in the code base without passing a user argument and making this change will be much more involved than what you have here.

We cannot simply remove this permission because it is a valid permission used for authorization checks.

 tag:gitlab.com,2026-03-18:5218649579 Ian Anderson commented on issue #592814 at GitLab.org / GitLab 2026-03-18T16:53:13Z imand3r Ian Anderson

@ajaythomasinc This issue is not related to the column but to ensure that the organization ID for gPATS is updated when users are transferred to a different organization.

 tag:gitlab.com,2026-03-18:5218647733 Ian Anderson commented on issue #592814 at GitLab.org / GitLab 2026-03-18T16:52:52Z imand3r Ian Anderson

@ajaythomasinc This issue is not related to the column but to ensure that the organization ID for gPATS is updated when users are transferred to a different organization.

 tag:gitlab.com,2026-03-18:5218645268 Ian Anderson opened issue #592814: Ensure gPAT related tables are supported with organization transfer at GitLab.org / GitLab 2026-03-18T16:52:25Z imand3r Ian Anderson tag:gitlab.com,2026-03-18:5218465391 Ian Anderson commented on issue #590835 at GitLab.org / GitLab 2026-03-18T16:17:32Z imand3r Ian Anderson

Thanks for the clarification @dblessing that is helpful. One question I have about the TLG transfer is related to users. What if a user is a member of more than one TLG?

For example, if a user is a member of TLG A and B and group A is transferred to organization X would that mean that users would not longer have access to group B since they are now in a different organization?

The way the MR is written I think for the member roles we shouldn't use user records to figure out what to move. Member roles are either instance-level (for self-managed or admin roles) or namespace-level (for saas). So if a TLG is transferred to an organization in SaaS then we should just use MemberRole.by_namespace(transferred_namespace_id) to move the member roles. For self managed maybe we would need to copy the member roles/admin roles into the organization since there may be users assigned to those roles that are not associated with the transfer. Does that make sense?

 tag:gitlab.com,2026-03-18:5215573766 Ian Anderson approved merge request !227786: Move admin_push_rules permissions to maintainer yaml and custom ability at GitLab.org / GitLab 2026-03-18T03:53:24Z imand3r Ian Anderson

What does this MR do and why?

This MR moves the permissions for code repository rules. These permissions are explicitly listed and granted directly to maintainer roles and users with the admin push rules custom role rather than through the intermediary permission. The change moves these permission definitions from the policy files into a centralized configuration file, making the permission system more organized and easier to maintain.

References

#593256 #593255

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

 tag:gitlab.com,2026-03-18:5215567772 Ian Anderson deleted project branch dlrussel/move-ee-role-permissions-to-yml at GitLab.org / GitLab 2026-03-18T03:48:44Z imand3r Ian Anderson

Ian Anderson (40e8ee79) at 18 Mar 03:48

tag:gitlab.com,2026-03-18:5215567519 Ian Anderson pushed to project branch master at GitLab.org / GitLab 2026-03-18T03:48:34Z imand3r Ian Anderson

Ian Anderson (cfbce70c) at 18 Mar 03:48

Merge branch 'dlrussel/move-ee-role-permissions-to-yml' into 'master'

... and 1 more commit

tag:gitlab.com,2026-03-18:5215566674 Ian Anderson accepted merge request !227705: Move EE role permissions to role yml definitions at GitLab.org / GitLab 2026-03-18T03:47:53Z imand3r Ian Anderson

What does this MR do and why?

This MR reorganizes how user permissions are managed in the system by moving permission definitions from declarative policy files into configuration files. Instead of having permissions scattered throughout the codebase, they're now centrally defined in YAML configuration files for each role.

This restructuring makes the permission system more maintainable and easier to understand, as all permissions for each role are now clearly listed in dedicated configuration files rather than being embedded in complex policy code.

References

#593255 #593256

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

 tag:gitlab.com,2026-03-18:5215565577 Ian Anderson approved merge request !227705: Move EE role permissions to role yml definitions at GitLab.org / GitLab 2026-03-18T03:46:58Z imand3r Ian Anderson

What does this MR do and why?

This MR reorganizes how user permissions are managed in the system by moving permission definitions from declarative policy files into configuration files. Instead of having permissions scattered throughout the codebase, they're now centrally defined in YAML configuration files for each role.

This restructuring makes the permission system more maintainable and easier to understand, as all permissions for each role are now clearly listed in dedicated configuration files rather than being embedded in complex policy code.

References

#593255 #593256

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

 tag:gitlab.com,2026-03-17:5215185938 Ian Anderson commented on task #593260 at GitLab.org / GitLab 2026-03-17T23:59:24Z imand3r Ian Anderson

Related to !227784 (merged)

 tag:gitlab.com,2026-03-17:5215112567 Ian Anderson commented on merge request !227784 at GitLab.org / GitLab 2026-03-17T23:14:04Z imand3r Ian Anderson

@dlrussel Can you take the review for this small cleanup MR? 🙏

 tag:gitlab.com,2026-03-17:5215112064 Ian Anderson opened merge request !227784: Remove unneeded policy conditions at GitLab.org / GitLab 2026-03-17T23:13:42Z imand3r Ian Anderson

What does this MR do and why?

Remove unneeded policy conditions

Since the IssuablePolicy delegates to the container we do not need to specifically check role access when enabling mark_note_as_internal since that is already enabled by the appropriate roles.

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #593261

 tag:gitlab.com,2026-03-17:5215110917 Ian Anderson pushed new project branch 593261-remove-unneded-conditions at GitLab.org / GitLab 2026-03-17T23:12:57Z imand3r Ian Anderson

Ian Anderson (1ee417d4) at 17 Mar 23:12

Remove unneeded policy conditions

 tag:gitlab.com,2026-03-17:5215102998 Ian Anderson closed task #593262: Remove *_access checks from app/policies/wiki_page_policy.rb at GitLab.org / GitLab 2026-03-17T23:08:17Z imand3r Ian Anderson