Currently mfc/oauth2 only supports users directly assigned to a projects. Additionally, users in groups directly associated with a project are supported. However, oauth2 lacks support for inherited users from parent groups or nested relations in groups.
This PR adds support for them. Due to a limitation in GitLab's API (https://gitlab.com/gitlab-org/gitlab/-/issues/369592) I re-implemented GitLab's inheritance logic inside the extension.
My implementation currently comes with the caveat that currently the upper boundary for the access_level defined in a group relation is not respected. The code will instead always use the user's access_level inside the related group. This can later be added - although it'd be best if GitLab implemented support for getting the user's access level in a certain project.
Currently mfc/oauth2 only supports users directly assigned to a projects. Additionally, users in groups directly associated with a project are supported. However, oauth2 lacks support for inherited users from parent groups or nested relations in groups.
This PR adds support for them. Due to a limitation in GitLab's API (https://gitlab.com/gitlab-org/gitlab/-/issues/369592) I re-implemented GitLab's inheritance logic inside the extension. My implementation currently comes with the caveat that currently the upper boundary for the
access_leveldefined in a group relation is not respected. The code will instead always use the user'saccess_levelinside the related group. This can later be added - although it'd be best if GitLab implemented support for getting the user's access level in a certain project.