Certain GraphQL queries do not work with a PAT with "read_api" scope.
Summary
When using a PAT with read_api scope, the currentUser query returns null and the projects(membership:true) query returns an empty list of nodes. Using the api scope makes those queries work, however, since they are queries and not mutations, I would expect read_api to work. It's possibly more queries than those are affected, those are just the ones I happened to be testing.
Steps to reproduce
- Make a GraphQL request using this query using a PAT with
read_apiscope:
query {
currentUser{
username
}
projects(membership:true) {
nodes {
name
nameWithNamespace
}
}
}- You will receive this as the result:
{
"currentUser": null,
"projects": {
"nodes": []
}
}- Make the same request with a PAT with
apiscope. - The result will contain the requested data.
Example Project
What is the current bug behavior?
Certain queries do not return data when using a read_api scope token.
What is the expected correct behavior?
Queries should work when using a read_api scope token.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)