Add User.location to GraphQL API
What does this MR do?
This adds a field to the GraphQL API which is present in the REST API. Specifically location
.
GraphQL queries
query {
currentUser {
name
location
}
}
Representative result:
{
"data": {
"currentUser": {
"name": "Alex Kalderimis",
"location": "Cambridge, UK"
}
}
}
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
This MR exposes an additional field that is already available through the REST API. It does not present any new risks, and the nature of GraphQL is that new fields do not affect existing queries.
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
This MR exposes Personally Identifying Information (PII), so requires a security review. This is currently
protected by the policy :read_user
(which is the same as for the users/:username
REST endpoint).
We could potentially further protect this behind :read_user_location
.
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Alex Kalderimis