Remove epic date fields authorization (!120261) · Merge requests · GitLab.org / GitLab

Eugenia Grieff requested to merge 409703-roadmaps-sometimes-disappearing-15-4 into master May 10, 2023

What does this MR do and why?

We currently authorize some epics date fields in GraphQL and REST endpoints (not in the internal endpoint) so a reporter role is required. This is not in line with current permissions for viewing the epic where guest access is sufficient.

This permission inconsistency also impacts the roadmap view where these dates are used.

This MR updates the following fields to remove :admin_epic permission check (replaced with :read_epic as the rest of the fields):

start_date_from_milestones
start_date_from_inherited_source
start_date_fixed
start_date_is_fixed
due_date_ixed
due_date_is_fixed
due_date_from_milestones
due_date_from_inherited_source

This change has been validated by PM and will need backporting (see #409703 (comment 1384849170)).

/cc @manuel.kraft @gweaver

Screenshots or screen recordings

Click to expand screenshots

Before	After

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 10, 2023 by Eugenia Grieff

Remove epic date fields authorization

What does this MR do and why?

Screenshots or screen recordings

MR acceptance checklist

Merge request reports