Add authorization to the group's members API endpoint
What does this MR do and why?
This change adds a security check to the member creation API endpoint for projects and groups. Before allowing someone to add new members to a project or group, the system now verifies that the person making the request has administrator permissions for that specific project or group. This prevents unauthorized users from adding members to resources to which they shouldn't have access.
References
- Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/546378+
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Lukas Wanko - OOO till 11/21/2025