Expose adminWorkItemLifecycle GraphQL field

Agnes Slotarequested to merge
554433/aslota-expose-admin-work-item-lifecycle-field into master

What does this MR do and why?

Expose adminWorkItemLifecycle field in the group and project userPermissions GraphQL API.

This allows the frontend to check for the permission via GraphQL, instead of injecting the check through HAML templates.

As discussed here, this MR also updates the admin_work_item_lifecycle permission to ensure that only maintainers of a root group can administer work item lifecycles and their statuses. This is necessary because configurable work item lifecycles and statuses are defined at the root group level and cascade down to all subgroups and projects.

Notes

  • The adminWorkItemLifecycle field will be used by the frontend to determine whether the current user has maintainer access to the root group. If the check passes, the status widget will display a link to the settings page where configurable lifecycles and statuses can be managed. Here's the related issue and designs.

References

Screenshots or screen recordings
Group level - root maintainer Screenshot_2025-07-28_at_4.20.25_pm
Group level - guest Screenshot_2025-07-28_at_4.36.10_pm
Project level - root maintainer Screenshot_2025-07-28_at_4.20.50_pm
Project level - guest Screenshot_2025-07-28_at_4.24.11_pm
Project - personal Screenshot_2025-07-28_at_4.21.37_pm

How to set up and validate locally

  1. Run the following queries at both the group and project levels using users with maintainer and non-maintainer roles.
  2. The adminWorkItemLifecycle field should return true only when the user has maintainer access to the root group.
  3. Additionally, navigate to the root group issues settings page (/groups/flightjs/-/settings/issues) and verify that a root group maintainer can view and edit all configurable statuses.

Group-level

query workspacePermissions {
  workspace: group(fullPath: "flightjs") {
    userPermissions {
      adminWorkItemLifecycle
    }
  }
}

Project-level

query workspacePermissions {
  workspace: project(fullPath: "flightjs/Flight") {
    userPermissions {
      adminWorkItemLifecycle
    }
  }
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Agnes Slota

Merge request reports