Follow-up from "Added GraphQL mutation to set time estimate on issuables" - Update set time estimate REST API
The following discussion from !107892 (merged) should be addressed:
-
@leetickett-gitlab started a discussion: (+7 comments) I'm not sure how I feel about reporters being able to set time estimates.
I think we current use the
admin_issue
andadmin_merge_request
permissions?e.g.
current_user.can?(:"admin_#{quick_action_target.to_ability_name}", project)
taken fromlib/gitlab/quick_actions/issue_and_merge_request_actions.rb
The REST APIs to set the time estimate on issues and merge requests are using the admin_issue
and admin_merge_request
permissions.
Once !107892 (merged) is merged, we should update those APIs to use the newly introduced set_time_estimate
permission