Add root users GraphQL search and associated edges
What does this MR do?
Adds the following things to the GitLab GraphQL API
-
users
as a root query. It can be used to retrieve a single user byusername
or every user on that instance when authenticated as an administrator. e.g.
{
users(username: "user12299") {
id
}
}
-
memberships
to theUserType
class, to traverse the graph to allmembers
belonging to a user. This is a polymorphic association and so can belong to a number of types. It allows for queries such as:
{
users(username: "user12299") {
nodes {
id
memberships {
nodes {
sourceType
}
}
}
}
}
-
A MemberType
to the GraphQL schema. This represents the polymorphic association between a User and the types that they can be a "member" of, such asProject
orGroup
. -
Several simple attributes on MemberType
. -
A Source
attribute onMemberType
which traverses to thesource
value. This should be a GraphQL Union type to enable more effective querying of the API. -
Ensure that authorization is working as expected, as this potentially exposes a lot of data about an instance's users! Consider a security review. -
An example GraphQL query to enable output as defined in the parent issue.
Proposed query
{
users(username: "user12299") {
nodes {
id
memberships {
nodes {
...membership
...source
...creator
}
}
}
}
}
fragment membership on Member {
createdAt
updatedAt
accessLevel
sourceType
expiresAt
}
fragment creator on Member {
createdBy {
id
}
}
fragment source on Member {
source {
... on Group {
id
}
... on Project {
id
}
}
}
-
Added documentation to the GraphQL API docs.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Closes #215658 (closed)