Fix authorization for linked work items query
Related to #420605 (closed)
What does this MR do and why?
We are returning authorized items when resolving liked work items but this executes N+1 queries and breaks offset pagination (due to the authorized collection being an array).
To fix this, these changes move the authorization from the resolver LinkedItemsResolver to Types::WorkItems::LinkedItemType.
No adding a changelog because the linked work items feature is still behind the feature flag linked_work_items.
Screenshots or screen recordings
Click to expand
| User with access to all linked items | User with access to public items only |
|---|---|
 |
 |
How to set up and validate locally
-
Enable feature flags
linked_work_items,okrs_mvcandwork_items_mvc_2. -
Visit a public project and create 4 objectives, mark the first one as related to the other 3 and turn confidentiality on for one of the related objectives:
Click to expand
-
Visit
http://127.0.0.1:3000/-/graphql-explorerand verify that the following query works with pagination and returns all related itemsClick to expand
query getLinkedItems { workItem(id: "gid://gitlab/WorkItem/<objective_1_id>") { widgets { ... on WorkItemWidgetLinkedItems { linkedItems { pageInfo { startCursor endCursor hasNextPage hasPreviousPage } edges { node { linkId linkType workItem { title } } } } } } } }
- Login with a different user that is not a member of the group and try the same query. Verify that the confidential item is not included in the result
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.