Merge branch 'ff-rm-override-group-protected-environment-settings' into 'master'

Remove FF override_group_level_protected_environment_settings_permission See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/98880 Merged-by: Shinya Maeda <shinya@gitlab.com> Approved-by: Alishan Ladhani <aladhani@gitlab.com> Approved-by: Shinya Maeda <shinya@gitlab.com> Co-authored-by: Bala Kumar <sbalakumar@gitlab.com>

Merge branch 'ff-rm-override-group-protected-environment-settings' into 'master'
2e1ac1a7 · Shinya Maeda · 3b3a5e59 · bf469a52 · 3b3a5e59 · 2e1ac1a7
--- a/config/feature_flags/development/override_group_level_protected_environment_settings_permission.yml
+++ b/config/feature_flags/development/override_group_level_protected_environment_settings_permission.yml
---
-name: override_group_level_protected_environment_settings_permission
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/92801
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/369875
-milestone: '15.3'
-type: development
-group: group::release
-default_enabled: false
--- a/ee/app/policies/ee/group_policy.rb
+++ b/ee/app/policies/ee/group_policy.rb
@@ -173,11 +173,6 @@ module GroupPolicy
        @user.banned_from_namespace?(root_namespace)
      end

-      condition(:admin_group_protected_environment_accessible) do
-        ::Feature.disabled?(
-          :override_group_level_protected_environment_settings_permission, @subject)
-      end
-
      rule { ~public_group & ~can?(:owner_access) & user_banned_from_group }.policy do
        prevent :read_group
      end
@@ -208,9 +203,6 @@ module GroupPolicy
        enable :admin_wiki
      end

-      rule { maintainer & ~admin_group_protected_environment_accessible }
-        .enable :admin_protected_environment
-
      rule { auditor }.policy do
        enable :view_productivity_analytics
        enable :view_group_devops_adoption
@@ -237,7 +229,7 @@ module GroupPolicy
        enable :owner_access
      end

-      rule { owner & admin_group_protected_environment_accessible }
+      rule { owner }
        .enable :admin_protected_environment

      rule { can?(:owner_access) }.policy do

--- a/ee/spec/requests/api/protected_environments_spec.rb
+++ b/ee/spec/requests/api/protected_environments_spec.rb
@@ -404,14 +404,6 @@

    it_behaves_like 'group-level request is disallowed for maintainer'

-    context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-      before do
-        stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-      end
-
-      it_behaves_like 'group-level request is allowed for maintainer'
-    end
-
    context 'when authenticated as a owner' do
      before do
        group.add_owner(user)
@@ -437,14 +429,6 @@

    it_behaves_like 'group-level request is disallowed for maintainer'

-    context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-      before do
-        stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-      end
-
-      it_behaves_like 'group-level request is allowed for maintainer'
-    end
-
    context 'when authenticated as a owner' do
      before do
        group.add_owner(user)
@@ -495,17 +479,6 @@
      let(:request) { post api_url, params: { name: 'staging' } }
    end

-    context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-      before do
-        stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-      end
-
-      it_behaves_like 'group-level request is allowed for maintainer' do
-        let(:deployer) { create(:user).tap { |u| group.add_maintainer(u) } }
-        let(:request) { post api_url, params: { name: 'staging', deploy_access_levels: [{ user_id: deployer.id }] } }
-      end
-    end
-
    context 'when authenticated as a owner' do
      before do
        group.add_owner(user)
@@ -615,17 +588,6 @@
      let(:request) { put api_url, params: { name: 'production' } }
    end

-    context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-      before do
-        stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-      end
-
-      it_behaves_like 'group-level request is allowed for maintainer' do
-        let(:deployer) { create(:user).tap { |u| group.add_maintainer(u) } }
-        let(:request) { put api_url, params: { deploy_access_levels: [{ user_id: deployer.id }] } }
-      end
-    end
-
    context 'when authenticated as a owner' do
      let_it_be(:deployer) { create(:user) }
      let_it_be(:shared_group) { create(:group) }
@@ -706,14 +668,6 @@

    it_behaves_like 'group-level request is disallowed for maintainer'

-    context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-      before do
-        stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-      end
-
-      it_behaves_like 'group-level request is allowed for maintainer'
-    end
-
    context 'when authenticated as a owner' do
      before do
        group.add_owner(user)

--- a/ee/spec/requests/groups/protected_environments_controller_spec.rb
+++ b/ee/spec/requests/groups/protected_environments_controller_spec.rb
@@ -69,16 +69,6 @@

        expect(response).to have_gitlab_http_status(:not_found)
      end
-
-      context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-        before do
-          stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-        end
-
-        it 'creates a new ProtectedEnvironment' do
-          expect { subject }.to change(ProtectedEnvironment, :count).by(1)
-        end
-      end
    end
  end

@@ -131,18 +121,6 @@

        expect(response).to have_gitlab_http_status(:not_found)
      end
-
-      context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-        before do
-          stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-        end
-
-        it 'updates the protected environment' do
-          subject
-
-          expect(response).to have_gitlab_http_status(:ok)
-        end
-      end
    end
  end

@@ -191,16 +169,6 @@

        expect(response).to have_gitlab_http_status(:not_found)
      end
-
-      context 'when override_group_level_protected_environment_settings_permission feature flag is enabled' do
-        before do
-          stub_feature_flags(override_group_level_protected_environment_settings_permission: true)
-        end
-
-        it 'deletes the requested protected environment' do
-          expect { subject }.to change { ProtectedEnvironment.count }.from(1).to(0)
-        end
-      end
    end
  end
 end
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -312,9 +312,6 @@
      # See https://docs.gitlab.com/ee/development/feature_flags/#selectively-disable-by-actor
      stub_feature_flags(legacy_merge_request_state_check_for_merged_result_pipelines: false)

-      # Will be removed in https://gitlab.com/gitlab-org/gitlab/-/issues/369875
-      stub_feature_flags(override_group_level_protected_environment_settings_permission: false)
-
      allow(Gitlab::GitalyClient).to receive(:can_use_disk?).and_return(enable_rugged)
    else
      unstub_all_feature_flags