Remove epic date fields authorization
What does this MR do and why?
Related to #409703 (closed)
We currently authorize some epics date fields in GraphQL and REST endpoints (not in the internal endpoint) so a reporter role is required. This is not in line with current permissions for viewing the epic where guest access is sufficient.
This permission inconsistency also impacts the roadmap view where these dates are used.
This MR updates the following fields to remove :admin_epic
permission check (replaced with :read_epic
as the rest of the fields):
- start_date_from_milestones
- start_date_from_inherited_source
- start_date_fixed
- start_date_is_fixed
- due_date_ixed
- due_date_is_fixed
- due_date_from_milestones
- due_date_from_inherited_source
This change has been validated by PM and will need backporting (see #409703 (comment 1384849170)).
Screenshots or screen recordings
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Eugenia Grieff