Update authorization for ContainerExpirationPolicyType
What this MR does?
Changed the authorization for the ContainerExpirationPolicyType
from :admin_container_image to :read_container_image.
This allows users with read access to container images to view the container expiration policy details.
Why?
A container registry can have a schedule to cleanup projects defined.
When a user navigates to the container registry for a project they can see when the next cleanup is scheduled: e.g. https://gitlab.com/gitlab-org/gitlab/container_registry
If a user clicks on a specific image repository, they will see Cleanup disabled rendered if they do not have MAINTAINER or above permissions. https://gitlab.com/gitlab-org/gitlab/container_registry/3728789
The expected behaviour here should be that all users should be able to see the next cleanup schedule run time irregardless of permissions when they are inside an image repository.
Changelog: fixed
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Setup & enable Container Registry https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/doc/howto/registry.md
- Add a project, and follow steps in http://gdk.test:3000/{group}/{project}/container_registry to publish an image
- Under
/{group}/{project}/-/settings/packages_and_registriesclick to setup 'Cleanup policies', and set config to run every day. - Visit Project > Deploy > Container Registry.
- Click on the image tag.
- Verify that cleanup schedule is displayed.
- Impersonate/Log in as user with Developer permission
- Visit Project > Deploy > Container Registry.
- Click on the image tag.
- Verify that cleanup schedule is displayed & not as
Cleanup disabled
Fixes #471341