Skip to content

GitLab Next

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
GitLab
GitLab
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 35,773
    • Issues 35,773
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 1,217
    • Merge Requests 1,217
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Operations
    • Operations
    • Metrics
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.org
  • GitLabGitLab
  • Issues
  • #255177

Closed
Open
Opened Sep 23, 2020 by jdgarcia@jdgarcia

Certain GraphQL queries do not work with a PAT with "read_api" scope.

Summary

When using a PAT with read_api scope, the currentUser query returns null and the projects(membership:true) query returns an empty list of nodes. Using the api scope makes those queries work, however, since they are queries and not mutations, I would expect read_api to work. It's possibly more queries than those are affected, those are just the ones I happened to be testing.

Steps to reproduce

  1. Make a GraphQL request using this query using a PAT with read_api scope:
query {
  currentUser{
    username
  }
  projects(membership:true) {
    nodes {
      name
      nameWithNamespace
    }
  }
}
  1. You will receive this as the result:
{
  "currentUser": null,
  "projects": {
    "nodes": []
  }
}
  1. Make the same request with a PAT with api scope.
  2. The result will contain the requested data.

Example Project

What is the current bug behavior?

Certain queries do not return data when using a read_api scope token.

What is the expected correct behavior?

Queries should work when using a read_api scope token.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of: sudo gitlab-rake gitlab:check SANITIZE=true)

(For installations from source run and paste the output of: sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)

(we will only investigate if the tests are passing)

Possible fixes

Edited Sep 23, 2020 by jdgarcia
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: gitlab-org/gitlab#255177