Fix Internal Server error from branchRuleCreate mutation

Vasilii Iakliushinrequested to merge
508212-fix-missing-authorize-error into master

What does this MR do and why?

Contributes to #508212 (closed)

Problem

The presence check for project is missing for branchRuleCreate mutation. Also, the permission to create a branch rule is not enforced on mutation level.

Solution

Use authorized_find! to verify the presence of provided project path and user permissions to create a branch rule.

References

GraphQL 500 Internal Server Error : branchRuleC... (#508212 - closed)

Screenshots or screen recordings

Before After
Screenshot_2025-05-26_at_13.12.21 Screenshot_2025-05-26_at_13.11.48

How to set up and validate locally

Steps to Reproduce

  1. Execute the GraphQL mutation branchRuleCreate as shown below:

    mutation branchRuleCreate($input: BranchRuleCreateInput!) {
  branchRuleCreate(input: $input) {
    branchRule {
      branchProtection {
        allowForcePush
      }
    }
    clientMutationId
    errors
  }
}

  2. Use the following variables:

    {
  "input": {
    "projectPath": "859",
    "name": "random_string_281"
  }
}

  3. Observe that the system doesn't return a 500 status code.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #508212 (closed)

Edited by Vasilii Iakliushin

Merge request reports