feat(gitlab): dynamic access levels + group & membership ops + full group filters#5743
Conversation
Access levels can now be bound to runtime references (e.g. a policy-table
lookup), not just picked from a static list. The three access-level fields
(accessLevel, memberAccessLevel, invitationAccessLevel) switch from dropdown
to combobox so a reference expression is accepted at Copilot save-time instead
of being rejected as an invalid enum value. The resolved value is validated at
execution time by coerceGitLabAccessLevel, which accepts an integer, a numeric
string, or a level name ("Developer"), and throws a clear error otherwise -
preserving the real safety property (no bad integer reaches GitLab) while
dropping the false one (levels must be known at design time).
Also closes demand gaps from the AskIT data:
- get_group / list_groups: resolve and list groups (provisioning critical path)
- list_user_memberships: admin GET /users/:id/memberships, gated in its
description; the non-admin path is composing list_members
The access-level enum is now a single source of truth in tools/gitlab/utils.ts
(GITLAB_ACCESS_LEVELS) that the block options and runtime coercion both derive
from, replacing three inline copies.
A runtime reference can resolve to the integer 0, but the block still gated access-level presence with truthiness: required ops rejected 0 as missing and optional ops silently omitted it. Add hasGitLabAccessLevel(value) (0 and '0' are provided; undefined/null/'' are not) and use it for all six presence gates so "No access" can be granted or set via a reference.
- list_groups: add visibility, min_access_level, and all_available filters (documented on GET /groups) plus order_by/sort, now surfaced in the block and forwarded in params - order_by widened to include GitLab's documented 'similarity' value - access-level enum label 'Minimal Access' -> 'Minimal access' to match GitLab verbatim; coercion already case-insensitive - min_access_level guard rejects 0 (GitLab floor is 5); reuse the access-level enum for the block dropdown (drops 'No access') - tests: out-of-enum numeric-string coercion case + full list_groups filter mapping
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryMedium Risk Overview Access levels move from fixed dropdowns to comboboxes backed by a shared New operations: Hardening: Reviewed by Cursor Bugbot for commit 160aaaa. Configure here. |
Greptile SummaryThis PR expands the GitLab integration with dynamic access levels and group operations. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (2): Last reviewed commit: "fix(gitlab): validate list_groups min-ac..." | Re-trigger Greptile |
…ering at execution time Greptile round 1 (both P1): - min_access_level: coerce via the shared access-level enum (coerceGitLabMinAccessLevel) and throw on out-of-enum values (31, 999) or 0, so a direct tool call fails loudly instead of sending an invalid filter to GitLab - order_by=similarity now requires a non-empty search term (GitLab ignores similarity ordering without one); throws a clear error otherwise - tests for both validations
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 160aaaa. Configure here.
Summary
Supersedes and bundles #5726, adding the full documented filter surface for group listing on top. Everything ships as one reviewable change.
Dynamic access levels (from #5726)
accessLevel,memberAccessLevel,invitationAccessLevel) arecombobox(notdropdown), so a level can be bound to a runtime reference or picked by name. The resolved value is validated at execution time bycoerceGitLabAccessLevel(accepts integer, numeric string, or case-insensitive name).GITLAB_ACCESS_LEVELSintools/gitlab/utils.tsis the single source of truth for the enum; block options and runtime coercion both derive from it.Group & membership operations (from #5726)
get_group/list_groups— resolve and list groups (GET /groups/:id,GET /groups).list_user_memberships— admin-onlyGET /users/:id/memberships, clearly gated in its description.New in this PR — full group-listing filters + audit hardening
list_groupsnow supports every documentedGET /groupsfilter:visibility,min_access_level,all_available, plusorder_by/sort— all surfaced in the block (advanced mode) and forwarded in params.order_bywidened to include GitLab's documentedsimilarityvalue (requires a search term).min_access_levelreuses the access-level enum for the block dropdown (dropsNo access); the tool guard rejects0since GitLab's floor is5.Minimal Access→Minimal accessto match GitLab verbatim.Validation
15 Planner,25 Security Manager).Type of Change
Testing
tsc --noEmitclean.Checklist