Bug: Confidential Epic Missing at Dropdown for Developers - fix API & graphQL endpoint
Summary
Confidential epics are missing at the Epic dropdown list when assign issue to epic in Issue edit mode for Developers
.
Steps to reproduce
Setting Up
- Create a group with the following structure:
- Main group
- Subgroup
- Product group
- Test Project
2. Assign User A
as a Developer
at the Subgroup
level
3. Create a confidential epic at Product group
level
Now, impersonate/log in as User A
Create a new issue at Test project
, regardless of whether it is a confidential issue, the confidential epic does not show at the dropdown list when we are assigning issue to epic at Create issue page and Edit issue from sidebar.
The above scenario is reported by Premium Customer via Internal Ticket.
NOTE: It is severely impacting how GitLab is used for project management within their organization.
Backend problem description
The endpoint http://127.0.0.1:3000/api/v4/groups/112/epics?include_ancestor_groups=true&include_descendant_groups=false does not return any results for the described case.
The problem can be verified also using graphql. With the structure described above (Main group, Subgroup, Product group) the following graphql query returns different results for someone who is member of the "Main" group (confidential epic present) and someone who is only member of the "Subgroup" (confidential epic missing)
{
workspace: group(fullPath: "main-group/subgroup/product-group") {
id
epics(includeAncestorGroups: true, includeDescendantGroups: false) {
nodes {
title
id
}
}
}
}
When I skip the includeAncestorGroups=true
param, also a Developer of Subgroup sees the confidential epic correctly.
Example Project
https://gitlab.com/gitlab-gold/emchang-subgroup/sub-group/product-group/test-project/-/issues/2
What is the current bug behavior?
Regardless of whether it is a confidential issue, the confidential epic does not show at the dropdown list when we are assigning issue to epic at Create issue page and Edit issue from sidebar.
User A can view the confidential epic.
What is the expected correct behavior?
Developers should be able to assign issue to confidential epic easily when creating issue or editing issue.
Relevant logs and/or screenshots
Video Demo from User A
Point of View:
Output of checks
This issue is happening on GitLab.com (14.5.0-pre d44dcb90)
Workaround
User A
can add issue to epic by navigating to the confidential epic and select Add > Add an existing issue.
Possible fixes
Since a
Developer
is able to assign an issue to a confidential epic, but it's unavailable at the dropdown list, I'm suspecting this could be a frontend issue.
It seems to be a backend issue as the endpoint http://127.0.0.1:3000/api/v4/groups/112/epics?include_ancestor_groups=true&include_descendant_groups=false does not return any results for the described case.