Add support for updating member_role permissions (!140581) · Merge requests · GitLab.org / GitLab

Alex Buijs requested to merge add-support-for-permissions-in-update-member_role-mutation into master Dec 22, 2023

What does this MR do and why?

Add support for updating permissions in the GraphQL memberRoleUpdate mutation.

This also changes the attributes_locked_after_member_associated validation on MemberRole to:

disallow updating base_access_level whether members are present or not
allow updating permissions whether members are present or not

In order to prevent confusion that could arise when attributes can be updated only under certain conditions (when members are present or not), we removed that condition in the validation.

Because changing the base_access_level could lead to an invalid permission inheritance structure, we remove the ability to update that.

Because changing permissions does not lead to an invalid permission inheritance structure, we allow updating those at any time.

Issue: #429889 (closed)

How to set up and validate locally

Create a namespace and apply the Ultimate license to the namespace.
Create a new custom role in the namespace from Group -> Settings -> Roles and Permissions

Go to http://localhost:3000/-/graphql-explorer and execute:

mutation {
  memberRoleUpdate(input: {
    id: "gid://gitlab/MemberRole/1"
    permissions: [
      ARCHIVE_PROJECT
    ]
  }) {
    memberRole {
      enabledPermissions
    }
  }
}

verify the result is something like:

{
  "data": {
    "memberRoleUpdate": {
      "memberRole": {
        "enabledPermissions": [
          "ARCHIVE_PROJECT"
        ]
      }
    }
  }
}

Edited Dec 28, 2023 by Alex Buijs

Add support for updating member_role permissions

What does this MR do and why?

How to set up and validate locally

Merge request reports