Skip to content

Add user_permissions field to ContainerRepository/Tag type

Dzmitry (Dima) Meshcharakou requested to merge 390754-add-user-permissions-fields-to-container-repository-graphql into master

What does this MR do and why?

This MR adds the new user_permissions fields to ContainerRepositoryType and ContainerRepositoryTagType that will supersede existing can_delete field. And also marks existing can_delete field as deprecated.

The deprecation issue Deprecate canDelete fields of ContainerReposito... (#432238)

Screenshots or screen recordings

Screenshot_2023-11-14_at_11.06.40

How to set up and validate locally

  1. Get the ID of existing ContainerRepository in rails console.

    r = ContainerRepository.last 
r.id

  2. Login as a root user and visit http://gdk.test:3000/-/graphql-explorer and create a graphql query. The response should contain userPermissions field for containerRepository and each tag.

    query {
  containerRepository(id: "gid://gitlab/ContainerRepository/<Container Repository ID>") {
    canDelete
    userPermissions {
      destroyContainerRepository
    }
    tags {
      edges {
        node {
          canDelete
          userPermissions {
            destroyContainerRepositoryTag
          }
        }
      }
    }
  }
}

    Note: that destroyContainerRepository and destroyContainerRepositoryTag fields have the same value as corresponding canDelete field. In case of root user they should be true.

  3. Logout and login as an user with a role reporter (make sure that this user has an access to a project, linked to the requested container repository.

    query {
  containerRepository(id: "gid://gitlab/ContainerRepository/<Container Repository ID>") {
    canDelete
    userPermissions {
      destroyContainerRepository
    }
    tags {
      edges {
        node {
          canDelete
          userPermissions {
            destroyContainerRepositoryTag
          }
        }
      }
    }
  }
}

    Note: now destroyContainerRepository and destroyContainerRepositoryTag fields should be false.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #390754 (closed)

Edited by Dzmitry (Dima) Meshcharakou

Merge request reports