Group branch rule update fails with permission error
Summary
Updating a group branch rule from the Branch rule page fails with "Something went wrong while updating branch rule." error message.
Implementation plan
- Extend
BranchProtectioninterface to include indicator of where the rule was created. This could be-
protectionLevel: Stringwith valuesgrouporproject inherited: Boolean
-
- add visual indicator to protected branches section on a project branch rule details page. This will show if a protection was created on a group level.
- disable editing of protected branch section for group level rule.
Steps to reproduce
- Navigate to a top-level group's Settings > Repository
- Expand "Protected branches" section
- Select "Add protected branch"
- Create a protected branch rule (e.g., branch name:
main, configure merge/push permissions) - Select "Protect" to save the rule
- Navigate to Settings > Repository and expand "Branch rules" section
- Select "View details" on the created branch rule
- Make changes to any branch rule settings (e.g., modify merge permissions)
- Attempt to save the changes
Actual result
- User sees error message: "Something went wrong while updating branch rule."
- The GraphQL mutation
branchRuleUpdatereturns permission error
Expected result
- Branch rule should be successfully updated
- Success message should be displayed
Design proposal
See #555424 (comment 2669177163)
| Location | Scenario | Popover text | Screen |
|---|---|---|---|
| Settings > Repository > Branch rules | User DOES NOT have permission to edit group-level Protected branches |
Title: "Setting inherited" Body: "This setting is configured for the group. To make changes, contact a user with the required permissions." |
 |
| Settings > Repository > Branch rules | User DOES have permission to edit group-level Protected branches |
Title: "Setting inherited" Body: "This setting is configured for the group. To make changes, go to your group's repository settings." |
 |
| Settings > Merge requests > Approval settings |
Title: "Setting inherited" Body: "This setting is configured for the instance. To make changes, contact your administrator." |
 |
Relevant logs and/or screenshots
GraphQL Error Response:
{
"errors": [
{
"message": "The resource that you are attempting to access does not exist or you don't have permission to perform this action",
"locations": [
{
"line": 2,
"column": 3
}
],
"path": [
"branchRuleUpdate"
]
}
],
"data": {
"branchRuleUpdate": null
}
}GraphQL Query:
mutation editBrachRuleEE($input: BranchRuleUpdateInput!) {
branchRuleUpdate(input: $input) {
errors
branchRule {
id
name
branchProtection {
allowForcePush
codeOwnerApprovalRequired
mergeAccessLevels {
nodes {
accessLevel
accessLevelDescription
user {
id
typename
}
group {
id
typename
}
typename
}
typename
}
pushAccessLevels {
nodes {
accessLevel
accessLevelDescription
user {
id
typename
}
group {
id
typename
}
deployKey {
id
typename
}
typename
}
typename
}
typename
}
typename
}
typename
}
}Environment
- GitLab version: GitLab.com
- Browser: Any browser
Additional Notes
This issue only occurs with branch rules created at the group level. Branch rules created at the project level can be updated without errors.
Edited by 🤖 GitLab Bot 🤖