Skip to content

Implement AccessLevel User and Group types with limited fields

Joe Woodward requested to merge feat/limited-access-level-association-types into master

What does this MR do and why?

#362706 (closed) -> #372362 (closed)

This change is for EE only as the User and Group based access levels are only available to EE installations.

We previously exposed the core user and group types under project.branchRules[].branchProtection.{mergeAccessLevels,pushAccessLevels}, however, this leads to a difficult to optimize query for data that isn't relevant to the branch rules.

I have created 2 new types with a subset of fields from the core types. The user object is an Types::AccessLevel::UserType and the group object is a Types::AccessLevel::GroupType. Both fields can be null. The fields will never both be present. An access rule can be either a user, group, or role rule.

How to set up and validate locally

  1. Find a project.full_path of a project that has at least one protected branch
       user_project = ProtectedBranch::PushAccessLevel.for_user.last.protected_branch.project
       group_project = ProtectedBranch::PushAccessLevel.for_group.last.protected_branch.project
       user_project.full_path
       group_project.full_path
  2. Test permissions by assigning yourself as a guest to the project
      # user = User.find_by(email: "YOUR_EMAIL") # Use this if you do not use the default admin user in GDK
      user = User.find_by(email: "admin@example.com")
      user_project.add_guest(user)
      group_project.add_guest(user)
  3. Visit http://gdk.test:3000/-/graphql-explorer
  4. Execute the following query, replace the full path value (as guest you should not see any rules)
     {
       project(fullPath: "FULL_PATH") {
         branchRules {
           nodes {
             branchProtection {
               pushAccessLevels {
                 nodes {
                   user {
                     name
                     avatarUrl
                   }
                   group {
                     name
                     avatarUrl
                   }
                 }
               }
             }
           }
         }
       }
     }
  5. Make yourself a maintainer
      user_project.add_maintainer(user)
      group_project.add_maintainer(user)
  6. Execute the following query, replace the full path value (as maintainer you should see all the rules)
     {
       project(fullPath: "FULL_PATH") {
         branchRules {
           nodes {
             branchProtection {
               pushAccessLevels {
                 nodes {
                   user {
                     name
                     avatarUrl
                   }
                   group {
                     name
                     avatarUrl
                   }
                 }
               }
             }
           }
         }
       }
     }

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sam Figueroa

Merge request reports

Loading