Skip to content

Fix userNotesCount aggregate

What does this MR do?

I've noticed that, when we combine Vulnerability.userNotesCount with vulnerabilityGrades in single query we receive no data, invalid data or data is not returned because of the error. This is because we were using incorrectly same key in query context for 2 different aggregates instead of using the one that is dedicated to given aggregate (https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/graphql/ee/gitlab_schema.rb#L11). This MR resolves that problem.

GraphQL Query Examples

{
  group1: group(fullPath: "example1") {
    vulnerabilityGrades {
      grade
      count
      projects {
        nodes {
          vulnerabilities {
            nodes {
              id
              userNotesCount
            }
          }
        }
      }
    }
  }
  group2: group(fullPath: "example2") {
    vulnerabilityGrades {
      grade
      count
      projects {
        nodes {
          confirmedVulnerabilities: vulnerabilities(state: CONFIRMED) {
            nodes {
              id
              userNotesCount
            }
          }
          dismissedVulnerabilities: vulnerabilities(state: DISMISSED) {
            nodes {
              id
              userNotesCount
            }
          }
        }
      }
    }
  }
}

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Alan (Maciej) Paruszewski

Merge request reports

Loading