Skip to content

Permission development guidelines

There are multiple types of permissions across GitLab, and when implementing anything that deals with permissions, all of them should be considered. For more information, see:

  • Predefined roles system: a general overview about predefined roles, user types, feature specific permissions or permissions dependencies.
  • DeclarativePolicy framework: introduction into DeclarativePolicy framework we use for authorization.
  • Naming and conventions: guidance on how to name new permissions and what should be included in policy classes.
  • Authorizations: guidance on where to check permissions.
  • Custom roles: guidance on how to work on custom role, how to introduce a new ability for custom roles, how to refactor permissions.