Permission development guidelines

There are multiple types of permissions across GitLab, and when implementing anything that deals with permissions, all of them should be considered. For more information, see:

  • Predefined roles system: a general overview about predefined roles, user types, feature specific permissions or permissions dependencies.
  • DeclarativePolicy framework: introduction into DeclarativePolicy framework we use for authorization.
  • Naming and conventions: guidance on how to name new permissions and what should be included in policy classes.
  • Authorizations: guidance on where to check permissions.
  • Custom roles: guidance on how to work on custom role, how to introduce a new ability for custom roles, how to refactor permissions.