Public Epic dates are not visible in the side panel if user is not part of the group

Summary

If a public or internal group has created an epic and has set either fixed dates or has inherited dates from a milestone, these dates do not show in the sidebar.

Steps to reproduce

Create an epic in a public group and assign dates. View the epic as a user that is not part of the group.

Example Project

What is the current bug behavior?

Start and end dates do not display for in the sidebar for users that are not part of the group despite the epic being public and not confidential.

These dates are visible via the roadmap view and are listed as part of the notes in the epic when the dates get changed so I don't think they're exactly sensitive data (and if it was, the epic should be marked confidential?)

What is the expected correct behavior?

Start and end dates display in the sidebar.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check

(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)
(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)
(we will only investigate if the tests are passing)

Possible fixes

From what I can tell, the problem is that the sidebar is using *_fixed *_is_fixed values in order to display them next to the radio buttons.

| start_date                       | "2022-02-08" |
| start_date_is_fixed              | true         |
| start_date_fixed                 | "2022-02-08" |
| start_date_from_inherited_source | null         |
| start_date_from_milestones       | null         |
| end_date                         | "2022-02-18" |
| due_date                         | "2022-02-18" |
| due_date_is_fixed                | true         |
| due_date_fixed                   | "2022-02-18" |
| due_date_from_inherited_source   | null         |
| due_date_from_milestones         | null         |

However, in epic_type.rb:

    field :start_date, Types::TimeType, null: true,
          description: 'Start date of the epic.'
    field :start_date_is_fixed, GraphQL::Types::Boolean, null: true,
          description: 'Indicates if the start date has been manually set.',
          method: :start_date_is_fixed?, authorize: :admin_epic
    field :start_date_fixed, Types::TimeType, null: true,
          description: 'Fixed start date of the epic.',
          authorize: :admin_epic
    field :start_date_from_milestones, Types::TimeType, null: true,
          description: 'Inherited start date of the epic from milestones.',
          authorize: :admin_epic
    field :start_date_from_inherited_source, Types::TimeType, null: true,
          description: 'Inherited start date of the epic from child epics or milestones.',
          authorize: :admin_epic

    field :due_date, Types::TimeType, null: true,
          description: 'Due date of the epic.'
    field :due_date_is_fixed, GraphQL::Types::Boolean, null: true,
          description: 'Indicates if the due date has been manually set.',
          method: :due_date_is_fixed?, authorize: :admin_epic
    field :due_date_fixed, Types::TimeType, null: true,
          description: 'Fixed due date of the epic.',
          authorize: :admin_epic
    field :due_date_from_milestones, Types::TimeType, null: true,
          description: 'Inherited due date of the epic from milestones.',
          authorize: :admin_epic
    field :due_date_from_inherited_source, Types::TimeType, null: true,
          description: 'Inherited due date of the epic from child epics or milestones.',
          authorize: :admin_epic

and entities/epic.rb

        expose :start_date
        expose :start_date_is_fixed?, as: :start_date_is_fixed, if: can_admin_epic
        expose :start_date_fixed, :start_date_from_inherited_source, if: can_admin_epic
        expose :start_date_from_milestones, if: can_admin_epic # @deprecated in favor of start_date_from_inherited_source
        expose :end_date # @deprecated in favor of due_date
        expose :end_date, as: :due_date
        expose :due_date_is_fixed?, as: :due_date_is_fixed, if: can_admin_epic
        expose :due_date_fixed, :due_date_from_inherited_source, if: can_admin_epic
        expose :due_date_from_milestones, if: can_admin_epic # @deprecated in favor of due_date_from_inherited_source

These fields are marked as requiring :admin_epic and aren't returned by API queries for users that aren't reporter or higher.

Note that there's no need for these dates to be editable for these users, they just need to be displayed. The roadmap view for epics show the dates, so it seems weird that they aren't also displayed here. The vue already has a check for permissions to disable the input elements.