Expose instance level custom roles
What does this MR do and why?
This MR adds the possibility to list all custom roles using a GraphQL query. This is allowed only for instance administrators and is not possible on SaaS.
Database
Query plan
SELECT "member_roles".* FROM "member_roles" WHERE "member_roles"."namespace_id" IS NULL ORDER BY "member_roles"."name" ASChttps://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/24502/commands/78181
this query won't be running on gitlab.com as it is self-managed only feature.
How to set up and validate locally
- Create few instance-level custom roles in the rails console (we have follow-up issues for API & UI)
MemberRole.create(name: 'Incident Manager', base_access_level: 10, read_vulnerability: true, admin_vulnerability: true)
MemberRole.create(name: 'MR admin', base_access_level: 10, admin_merge_request: true)
# and one group-level custom role (possible also from group admin page)
MemberRole.create(name: 'Group admin', base_access_level: 10, admin_group_member: true, namespace: Group.first)- Run the grapqhl query (https://gdk.test:3443/-/graphql-explorer) - not on SaaS - it should not be working on Saas
{
memberRoles {
nodes {
id
name
readVulnerability
readCode
adminGroupMember
enabledPermissions
}
}
}Example response:
{
"data": {
"memberRoles": {
"nodes": [
{
"id": "gid://gitlab/MemberRole/1",
"name": "Custom",
"readVulnerability": false,
"readCode": false,
"adminGroupMember": false,
"enabledPermissions": [
"ADMIN_MERGE_REQUEST"
]
},
{
"id": "gid://gitlab/MemberRole/3",
"name": "Custom",
"readVulnerability": false,
"readCode": false,
"adminGroupMember": true,
"enabledPermissions": [
"ADMIN_GROUP_MEMBER",
"ADMIN_MERGE_REQUEST"
]
}
]
}
}
}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #417754 (closed)
Edited by Jarka Košanová