Mask job fields according to :read_build permission if in runner context
What does this MR do and why?
This MR ensures that only OKed job fields are visible for jobs requested from a project runner through the runner { jobs } GraphQL query. The reason is that a project runner can be assigned to many projects, and a user who can access the runner doesn't necessarily have permissions to look at the builds from all the projects that the runner executed. The Resolvers::Ci::RunnerJobsResolver is testing the :read_builds permission, but each individual job should also be authorized with :read_build.
I chose to mask the fields instead of removing the jobs themselves so that paging would work correctly, but also because it helps users to see how busy a runner is.
Changelog: fixed
Closes #410474 (closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
 |
 |
Below is a comparison of the logs of the same GraphQL request (before & after):
We can see that the only change is an additional call to ProjectFeature Load for all the projects involved with the runners, due to the preload.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
See steps in issue.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.