Deployment buttons are missing from environment page and grouped view when accessed as deployment-only users

Summary

Actionable buttons(re-deploy & rollback) are missing from Projects::EnvironmentsController:show(Deployments > Environments > Environment) page for protected environments when accessed as users with deployment-only access.

Buttons are missing from the grouped environments view as well(Deployments > Environments > group folder > 'Show all'). Example URL: https://gitlab.example.com/project/environments/-/environments/folders/review

As a work-around, deployment-only users can use any of the following pages:

• Job page.
• Environments index(Deployments > Environments) page.

Steps to reproduce

• Set up Deployment-only access to protected environments for a user to a protected environment.
• Run a deployment as any user.
• Try accessing the show page(Deployments > Environments > Environment) of the above environment as the above user. It will not show re-deploy button.
• Try accessing the same page as a maintainer user, it will show the available buttons(re-deploy or rollback).

To reproduce this for grouped view,

• Run two deployments with environment names test-folder/env1 and test-folder/env2.
• Now go to Deployments > Environments > test-folder > 'Show all'
• You'll find the re-deployment button missing if the view is accessed as deployment-only user. Button shows correctly for maintainer users.

I feel this is a ~bug , but I'll leave it to the product team to decide whether this request should be treated as a feature proposal.

What is the current bug behavior?

Describe what actually happens:

Deployment buttons are missing when accessing the environment page and grouped environments page as deployment-only users.

Describe what you should see instead:

Deployment buttons should show up when accessing the environment page and grouped environments page as deployment-only users.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Root cause

The rollback button partial requires create_deployment permission in order to be visible, which a reporter does not have.

Proposal

A couple of options are discussed in the comments:

• enable :create_deployment when a reporter has access to a protected environment - #341182 (comment 1119814828)
• Check the play_build permission instead - #341182 (comment 1120550020)