Implement AccessLevel User and Group types with limited fields
What does this MR do and why?
#362706 (closed) -> #372362 (closed)
This change is for EE only as the User and Group based access levels are only available to EE installations.
We previously exposed the core user and group types under project.branchRules[].branchProtection.{mergeAccessLevels,pushAccessLevels}, however, this leads to a difficult to optimize query for data that isn't relevant to the branch rules.
I have created 2 new types with a subset of fields from the core types. The user object is an Types::AccessLevel::UserType and the group object is a Types::AccessLevel::GroupType. Both fields can be null. The fields will never both be present. An access rule can be either a user, group, or role rule.
How to set up and validate locally
- Find a project.full_path of a project that has at least one protected branch
user_project = ProtectedBranch::PushAccessLevel.for_user.last.protected_branch.project group_project = ProtectedBranch::PushAccessLevel.for_group.last.protected_branch.project user_project.full_path group_project.full_path
- Test permissions by assigning yourself as a guest to the project
# user = User.find_by(email: "YOUR_EMAIL") # Use this if you do not use the default admin user in GDK user = User.find_by(email: "admin@example.com") user_project.add_guest(user) group_project.add_guest(user)
- Visit http://gdk.test:3000/-/graphql-explorer
- Execute the following query, replace the full path value (as guest you should not see any rules)
{ project(fullPath: "FULL_PATH") { branchRules { nodes { branchProtection { pushAccessLevels { nodes { user { name avatarUrl } group { name avatarUrl } } } } } } } }
- Make yourself a maintainer
user_project.add_maintainer(user) group_project.add_maintainer(user)
- Execute the following query, replace the full path value (as maintainer you should see all the rules)
{ project(fullPath: "FULL_PATH") { branchRules { nodes { branchProtection { pushAccessLevels { nodes { user { name avatarUrl } group { name avatarUrl } } } } } } } }
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.