Refactor GraphQL Permission Fields to Use a Single permissions Attribute

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem

Currently, our GraphQL permission types expose individual boolean fields for each permission using ability_field. This creates the following issues:

• Breaking Changes on Permission Renames

  • When we need to rename a permission in the backend, it becomes a breaking change for GraphQL API consumers because the field name is directly tied to the permission key.
  • Example: ability_field :destroy_container_registry_protection_tag_rule
    • If we rename destroy_container_registry_protection_tag_rule to delete_container_registry_protection_tag_rule it breaks for consumers using this field.

• Unnecessary Boolean Fields

  • Each permission returns a boolean but in reality it's pointless because if a permission field is present and queryable, the answer is implicitly "true" (the user has it). We never return false values for permissions the user doesn't have; instead, those fields would simply not be included.

Proposed solution

We should replace individual boolean fields with a single permissions attribute that returns a list of permission strings the user actually has.

The list will only contains permissions the user has and there's no need for boolean values since the presence in the array indicates true and absence indicates false.

Example of a query:

graphql{
  containerRepository {
    permissions {
      permissions
    }
  }
}