Backend: Expose some details about a job's manual action even when the user isn't authorized to run the action
Problem
In the pipeline graph, when a job has a manual action but the user doesn't have the appropriate permission(s) to run it, they should still see an icon for it so that they know that the action exists.
But currently, we expose no details about the manual action when the user doesn't have permission to run it, so because has_action
is false when the user can't run the action, the job
object passed from backend to frontend via GraphQL has no job.status.action
even though the job actually does have an action.
At first glance, #342783 (closed) looked like a frontend issue, but with only the currently available data, a workaround was made in !76959 (merged) to determine whether a given job has an unauthorized manual action and which icon to use for the action button.
It would also be nice if we could tell whether the job acts on a protected environment so that we can show a more specific message because they haven't been designated as "allowed to deploy" for that environment.
Proposed Solution
We should decouple has_action
from the permission check to run the action and expose some of the action details even when the user can't run the action so that the pipeline graph can more accurately reflect the existence of manual actions regardless of who's looking at it.