Skip to content

Add ability to filter standard roles by access level

Daniel Tian requested to merge 468398-improve-standard-role-type into master

What does this MR do and why?

We have a GraphQL query to get standard roles, which is used by the roles and permissions page. In a future frontend MR, we need more data and the ability to filter the standard roles. This MR does the following:

  1. Adds a top-level standardRole query to get a single standard role for a self-managed GitLab instance. We already have a standardRoles query.

  2. Adds a group.standardRole query to get a single standard role for a SaaS GitLab instance. We already have a group.standardRoles query.

  3. Adds a description field to standard roles and the description for each role. Previously, it was only available in frontend.

  4. Adds the ability to filter standard roles by its access level enum.

  5. Corrected some inaccurate field descriptions.

How to set up and validate locally

  1. In GraphQL Explorer, run this query for standardRoles and verify that it returns the expected data:
standardRoles query 
query {
  standardRoles {
    nodes {
      id
      name
      accessLevel
      description
      
    }
  }
}
Expected standardRoles response 
{
  "data": {
    "standardRoles": {
      "nodes": [
        {
          "id": "gid://gitlab/StandardRole/MINIMAL_ACCESS",
          "name": "Minimal Access",
          "accessLevel": 5,
          "description": "The Minimal Access role is for users who need visibility into a project or group but should not have the ability to make changes, such as external stakeholders."
        },
        {
          "id": "gid://gitlab/StandardRole/GUEST",
          "name": "Guest",
          "accessLevel": 10,
          "description": "The Guest role is for users who need visibility into a project or group but should not have the ability to make changes, such as external stakeholders."
        },
        {
          "id": "gid://gitlab/StandardRole/REPORTER",
          "name": "Reporter",
          "accessLevel": 20,
          "description": "The Reporter role is suitable for team members who need to stay informed about a project or group but do not actively contribute code."
        },
        {
          "id": "gid://gitlab/StandardRole/DEVELOPER",
          "name": "Developer",
          "accessLevel": 30,
          "description": "The Developer role strikes a balance between giving users the necessary access to contribute code while restricting sensitive administrative actions."
        },
        {
          "id": "gid://gitlab/StandardRole/MAINTAINER",
          "name": "Maintainer",
          "accessLevel": 40,
          "description": "The Maintainer role is primarily used for managing code reviews, approvals, and administrative settings for projects. This role can also manage project memberships."
        },
        {
          "id": "gid://gitlab/StandardRole/OWNER",
          "name": "Owner",
          "accessLevel": 50,
          "description": "The Owner role is normally assigned to the individual or team responsible for managing and maintaining the group or creating the project. This role has the highest level of administrative control, and can manage all aspects of the group or project, including managing other Owners."
        }
      ]
    }
  }
}
  1. Run this query for a single standardRole and verify that it returns the expected data:
standardRole query 
query {
  standardRole(accessLevel: REPORTER) {
    id
    name
    accessLevel
    description
  }
}
Expected standardRole response 
{
  "data": {
    "standardRole": {
      "id": "gid://gitlab/StandardRole/REPORTER",
      "name": "Reporter",
      "accessLevel": 20,
      "description": "The Reporter role is suitable for team members who need to stay informed about a project or group but do not actively contribute code."
    }
  }
}
  1. Run this query for a filtered standardRoles query and verify that it returns the expected data:
filtered standardRoles query 
query {
  standardRoles(accessLevel: [GUEST, DEVELOPER, OWNER]) {
    nodes {
      id
      name
      accessLevel
      description
    }
  }
}
Expected filtered standardRoles response 
{
  "data": {
    "standardRoles": {
      "nodes": [
        {
          "id": "gid://gitlab/StandardRole/GUEST",
          "name": "Guest",
          "accessLevel": 10,
          "description": "The Guest role is for users who need visibility into a project or group but should not have the ability to make changes, such as external stakeholders."
        },
        {
          "id": "gid://gitlab/StandardRole/DEVELOPER",
          "name": "Developer",
          "accessLevel": 30,
          "description": "The Developer role strikes a balance between giving users the necessary access to contribute code while restricting sensitive administrative actions."
        },
        {
          "id": "gid://gitlab/StandardRole/OWNER",
          "name": "Owner",
          "accessLevel": 50,
          "description": "The Owner role is normally assigned to the individual or team responsible for managing and maintaining the group or creating the project. This role has the highest level of administrative control, and can manage all aspects of the group or project, including managing other Owners."
        }
      ]
    }
  }
}
  1. Run your local GDK in SaaS mode by running the following shell commands:
export GITLAB_SIMULATE_SAAS=1
gdk restart

then follow this video to enable the Ultimate license for a top-level group and re-run the 3 queries, but under the group query:

2024-10-22_00-33-42

Related to #468398

Edited by Daniel Tian

Merge request reports