Allow admins to set pipeline variables regardless of project role

Problem

A migration introduced in GitLab 17.10 changed project settings from restrict_user_defined_variables: false to restrict_user_defined_variables: true, ci_pipeline_variables_minimum_override_role: :developer. This change prevented admin users from changing pipeline variables if they don't have at least the developer role in that project.

Current behavior

• Admin users cannot modify pipeline variables unless they have at least developer access to the project
• The frontend re-implements the permission check instead of relying on the backend's determination
• When project setting is ci_pipeline_variables_minimum_override_role: :no_one_allowed, admins don't get an exception as this setting effectively disables pipeline variables entirely

Expected behavior

Admin users should be able to set pipeline variables regardless of their project role, as long as the project setting is not ci_pipeline_variables_minimum_override_role: :no_one_allowed.

Proposed solution

Update the permission check to allow admin users to modify pipeline variables regardless of their project role. This needs to be fixed in 3 places:

• Pipeline schedule page
• Manual job page
• New pipeline page

We should make the frontend take permission information from the backend instead of calculating it independently.

Technical details

The frontend currently re-implements the permission check logic instead of using the backend's determination. We should modify the remaining two pages to use the backend's permission check, similar to how the pipeline schedule page was fixed.

References

• Additional context on the problem
• Hide prefill-variables in Manual job UI when va... (#520093 - closed)
• Hide prefill-variables in New Pipeline UI when ... (#520072 - closed)