diff --git a/config/feature_flags/development/override_group_level_protected_environment_settings_permission.yml b/config/feature_flags/development/override_group_level_protected_environment_settings_permission.yml
deleted file mode 100644
index 7e7789e2e8f94e86d50585d4c373b4abd829eaf0..0000000000000000000000000000000000000000
--- a/config/feature_flags/development/override_group_level_protected_environment_settings_permission.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: override_group_level_protected_environment_settings_permission
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92801
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369875
-milestone: '15.3'
-type: development
-group: group::release
-default_enabled: false
diff --git a/ee/app/policies/ee/group_policy.rb b/ee/app/policies/ee/group_policy.rb
index f78f895008f38876a1d611c27df57cc6ce1af2a3..bad03eee07431a9f0bae42edef873511908e703d 100644
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -173,11 +173,6 @@ module GroupPolicy
@user.banned_from_namespace?(root_namespace)
end
- condition(:admin_group_protected_environment_accessible) do
- ::Feature.disabled?(
- :override_group_level_protected_environment_settings_permission, @subject)
- end
-
rule { ~public_group & ~can?(:owner_access) & user_banned_from_group }.policy do
prevent :read_group
end
@@ -208,9 +203,6 @@ module GroupPolicy
enable :admin_wiki
end
- rule { maintainer & ~admin_group_protected_environment_accessible }
- .enable :admin_protected_environment
-
rule { auditor }.policy do
enable :view_productivity_analytics
enable :view_group_devops_adoption
@@ -237,7 +229,7 @@ module GroupPolicy
enable :owner_access
end
- rule { owner & admin_group_protected_environment_accessible }
+ rule { owner }
.enable :admin_protected_environment
rule { can?(:owner_access) }.policy do
diff --git a/ee/spec/requests/api/protected_environments_spec.rb b/ee/spec/requests/api/protected_environments_spec.rb
index 1ca1835d71d73c77996ab65b2454bea50c245b61..b1efcca6ff60880bba88de117e0c2d864e911295 100644
--- a/ee/spec/requests/api/protected_environments_spec.rb
+++ b/ee/spec/requests/api/protected_environments_spec.rb
@@ -404,14 +404,6 @@
it_behaves_like 'group-level request is disallowed for maintainer'
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it_behaves_like 'group-level request is allowed for maintainer'
- end
-
context 'when authenticated as a owner' do
before do
group.add_owner(user)
@@ -437,14 +429,6 @@
it_behaves_like 'group-level request is disallowed for maintainer'
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it_behaves_like 'group-level request is allowed for maintainer'
- end
-
context 'when authenticated as a owner' do
before do
group.add_owner(user)
@@ -495,17 +479,6 @@
let(:request) { post api_url, params: { name: 'staging' } }
end
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it_behaves_like 'group-level request is allowed for maintainer' do
- let(:deployer) { create(:user).tap { |u| group.add_maintainer(u) } }
- let(:request) { post api_url, params: { name: 'staging', deploy_access_levels: [{ user_id: deployer.id }] } }
- end
- end
-
context 'when authenticated as a owner' do
before do
group.add_owner(user)
@@ -615,17 +588,6 @@
let(:request) { put api_url, params: { name: 'production' } }
end
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it_behaves_like 'group-level request is allowed for maintainer' do
- let(:deployer) { create(:user).tap { |u| group.add_maintainer(u) } }
- let(:request) { put api_url, params: { deploy_access_levels: [{ user_id: deployer.id }] } }
- end
- end
-
context 'when authenticated as a owner' do
let_it_be(:deployer) { create(:user) }
let_it_be(:shared_group) { create(:group) }
@@ -706,14 +668,6 @@
it_behaves_like 'group-level request is disallowed for maintainer'
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it_behaves_like 'group-level request is allowed for maintainer'
- end
-
context 'when authenticated as a owner' do
before do
group.add_owner(user)
diff --git a/ee/spec/requests/groups/protected_environments_controller_spec.rb b/ee/spec/requests/groups/protected_environments_controller_spec.rb
index 8e66e1e15796ee36f192ae4ad6a563f384632474..922be0442b13e81dd48d7a331fdf95d3c7ee26c0 100644
--- a/ee/spec/requests/groups/protected_environments_controller_spec.rb
+++ b/ee/spec/requests/groups/protected_environments_controller_spec.rb
@@ -69,16 +69,6 @@
expect(response).to have_gitlab_http_status(:not_found)
end
-
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it 'creates a new ProtectedEnvironment' do
- expect { subject }.to change(ProtectedEnvironment, :count).by(1)
- end
- end
end
end
@@ -131,18 +121,6 @@
expect(response).to have_gitlab_http_status(:not_found)
end
-
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it 'updates the protected environment' do
- subject
-
- expect(response).to have_gitlab_http_status(:ok)
- end
- end
end
end
@@ -191,16 +169,6 @@
expect(response).to have_gitlab_http_status(:not_found)
end
-
- context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
- before do
- stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
- end
-
- it 'deletes the requested protected environment' do
- expect { subject }.to change { ProtectedEnvironment.count }.from(1).to(0)
- end
- end
end
end
end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 6f659b3a41ded5b6a1b41d44d92fed559d63bf4b..9f96162e6291ea81b5f2d4db6d318e1fa706e8d1 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -312,9 +312,6 @@
# See https://docs.gitlab.com/ee/development/feature_flags/#selectively-disable-by-actor
stub_feature_flags(legacy_merge_request_state_check_for_merged_result_pipelines: false)
- # Will be removed in https://gitlab.com/gitlab-org/gitlab/-/issues/369875
- stub_feature_flags(override_group_level_protected_environment_settings_permission: false)
-
allow(Gitlab::GitalyClient).to receive(:can_use_disk?).and_return(enable_rugged)
else
unstub_all_feature_flags