feat(gitlab): access, membership, and user-admin operations#5710
Conversation
Adds member, invitation, access-request, SAML group link, and user administration tools to the GitLab integration. Resource-scoped ops work against projects or groups; user-admin ops require an admin token. All tools reuse the existing host/SSRF guard via getGitLabApiBase and add a shared getGitLabResourcePath helper.
Adds the new operations to the block dropdown and tools access list, with a named access-level dropdown (enum in, integer out), first-class expires_at, a /members/all default (direct-only opt-in), resource-type selector, and member_role_id passthrough.
Covers the access_level enum-to-integer coercion, the /members/all default vs direct-only, the 409-duplicate-add soft success, invitation per-email error handling, user-status-action response parsing, and getGitLabResourcePath.
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
- update_user now sends admin:false so the Administrator switch can demote (an untouched switch stays undefined and leaves the flag unchanged) - expose the access-level dropdown for Update Invitation - normalize comma-separated invite emails so spaced multi-email input works
Update Invitation now uses a dedicated dropdown that defaults to 'Leave unchanged', so updating only the expiration no longer silently resets the invitation's access level to Developer. The level is sent only when explicitly chosen.
… query filter, moderation user guard, registry order
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryHigh Risk Overview New capabilities cover listing and mutating members (including inherited vs direct members, expirations, and custom roles), email invitations and access-request approve/deny flows, SAML group link management, user search, and admin-only user lifecycle actions (create/update/delete, block/ban/moderation, identity removal). The GitLab block gains operation-specific UI (resource type/id, named access-level dropdowns with careful defaults so expiry-only edits do not reset roles), plus param coercion and validation in Existing DevOps actions are aligned with GitLab API behavior: internal notes on comments, pipeline Reviewed by Cursor Bugbot for commit 6249394. Configure here. |
Greptile SummaryThis PR expands the GitLab integration with access and user administration tools. The main changes are:
Confidence Score: 5/5This looks safe to merge.
Important Files Changed
Reviews (4): Last reviewed commit: "fix(gitlab): tri-state controls for upda..." | Re-trigger Greptile |
- MR draft flag now applied via Draft: title prefix (GitLab has no draft body param) - update_user only sends admin when a real boolean (untouched switch serialized null and could demote admins) - add_member 409 soft-success now verified against the conflict body - auto_merge sent alongside deprecated merge_when_pipeline_succeeds - job log capped at 200k chars, file content at 1M chars, with truncated outputs - MR diffs signal hasMore beyond 100 files - wire dropped params: update_issue milestoneId, MR milestone/squash/removeSourceBranch, pipelines ref, tree ref, branches search, commits since/until/path/author, update_file lastCommitId, jobs includeRetried, create_user forceRandomPassword - complete pipeline/job status enums, access-level enums, widen stale type unions - guards: update_invitation requires a change; create_user requires a password strategy - fix double-encoding trap in path descriptions; doc-accuracy touch-ups
…pdate member, expiration clearing via explicit empty string
|
@cursor review |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 8fb2dec. Configure here.
- membership: add-by-username, remove-member cleanup flags, list-member filters (user_ids/state/seat info), invite_source - listings: search/visibility/owned/membership, assignee/milestone filters, source/target branch filters, per-domain order-by + sort direction - CI: pipeline variables + spec:inputs, manual-job variables - repo: commit authoring (start branch, author, execute flag), release tag message + asset links, cross-fork compare + unidiff, internal notes - catalog: access-governance template + member-provisioning and access-request-audit skills - hardening from 3-agent validation: declared release params, tolerate single-object asset links, NaN guard on assignee filter, null/scalar JSON rejection
|
@cursor review |
…ag, MR squash/remove-source-branch)
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 6249394. Configure here.
Summary
providerparam on SAML group links (required to disambiguate duplicate link names on delete),queryfilter wired through the block for member/invitation listings, moderation responses no longer surface{message: 'Success'}as a user object, registry entries alphabetized, type shapes aligned with documented response fieldsType of Change
Testing
34 gitlab tool/block tests pass; lint and typecheck clean; every endpoint cross-checked against GitLab's Members, Invitations, Access Requests, SAML, Users, and User Moderation API docs
Checklist