Remove permission check from complianceFrameworks field (!158732) · Merge requests · GitLab.org / GitLab

Illya Klymov requested to merge xanf-remove-graphql-comp-framework into master Jul 09, 2024

What does this MR do and why?

This MR removes permission check from complianceFrameworks graphql field

This efficiently allows user to view list of complianceFrameworks available to group as long as user has access to the group This is agreed at #441193 (comment 1988786166)

The only known scenarion now is when user is a member of subgroup, but not a member of parent group - in that case user will have an access to list of top-level compliance frameworks, which is intended

MR acceptance checklist

Screenshots or screen recordings

N/A

How to set up and validate locally

Create private group (for example test)
Create private sub-group
Add user as a member of private sub-group (but not a member of top-level group)
Open /-/graphql-explorer
Run

{
  group(fullPath: "test"){
    complianceFrameworks {
      edges {
        node {
          id
        }
      }
    }
  }
}

Observe that complianceFrameworks is not null but is an empty array

Related to #441193

Edited Jul 09, 2024 by Illya Klymov

Remove permission check from complianceFrameworks field

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports