Skip to content

Implement AccessLevel User and Group types with limited fields

Joe Woodward requested to merge feat/limited-access-level-association-types into master

What does this MR do and why?

#362706 (closed) -> #372362 (closed)

This change is for EE only as the User and Group based access levels are only available to EE installations.

We previously exposed the core user and group types under project.branchRules[].branchProtection.{mergeAccessLevels,pushAccessLevels}, however, this leads to a difficult to optimize query for data that isn't relevant to the branch rules.

I have created 2 new types with a subset of fields from the core types. The user object is an Types::AccessLevel::UserType and the group object is a Types::AccessLevel::GroupType. Both fields can be null. The fields will never both be present. An access rule can be either a user, group, or role rule.

How to set up and validate locally

  1. Find a project.full_path of a project that has at least one protected branch 
       user_project = ProtectedBranch::PushAccessLevel.for_user.last.protected_branch.project
   group_project = ProtectedBranch::PushAccessLevel.for_group.last.protected_branch.project
   user_project.full_path
   group_project.full_path
  2. Test permissions by assigning yourself as a guest to the project 
      # user = User.find_by(email: "YOUR_EMAIL") # Use this if you do not use the default admin user in GDK
  user = User.find_by(email: "admin@example.com")
  user_project.add_guest(user)
  group_project.add_guest(user)
  3. Visit http://gdk.test:3000/-/graphql-explorer
  4. Execute the following query, replace the full path value (as guest you should not see any rules) 
     {
   project(fullPath: "FULL_PATH") {
     branchRules {
       nodes {
         branchProtection {
           pushAccessLevels {
             nodes {
               user {
                 name
                 avatarUrl
               }
               group {
                 name
                 avatarUrl
               }
             }
           }
         }
       }
     }
   }
 }
  5. Make yourself a maintainer 
      user_project.add_maintainer(user)
  group_project.add_maintainer(user)
  6. Execute the following query, replace the full path value (as maintainer you should see all the rules) 
     {
   project(fullPath: "FULL_PATH") {
     branchRules {
       nodes {
         branchProtection {
           pushAccessLevels {
             nodes {
               user {
                 name
                 avatarUrl
               }
               group {
                 name
                 avatarUrl
               }
             }
           }
         }
       }
     }
   }
 }

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sam Figueroa

Merge request reports