Remove permission check from complianceFrameworks field
What does this MR do and why?
This MR removes permission check from complianceFrameworks
graphql field
This efficiently allows user to view list of complianceFrameworks
available to group as long as user has access to the group
This is agreed at #441193 (comment 1988786166)
The only known scenarion now is when user is a member of subgroup, but not a member of parent group - in that case user will have an access to list of top-level compliance frameworks, which is intended
MR acceptance checklist
Screenshots or screen recordings
N/A
How to set up and validate locally
- Create private group (for example
test
) - Create private sub-group
- Add user as a member of private sub-group (but not a member of top-level group)
- Open
/-/graphql-explorer
- Run
{
group(fullPath: "test"){
complianceFrameworks {
edges {
node {
id
}
}
}
}
}
Observe that complianceFrameworks
is not null
but is an empty array
Related to #441193 (closed)
Edited by Illya Klymov