Pass organization_id to SnippetsFinder in API and GraphQL

Chen Zhangrequested to merge
duo-edit-20251122-075222 into master

What does this MR do and why?

This MR updates API and GraphQL snippet resolvers to pass organization_id to SnippetsFinder, positioning it immediately after the current_user parameter. This prepares for organization_id to become a required parameter in the future.

The organization_id is obtained from Current.organization.id and passed consistently across all API and GraphQL endpoints that use SnippetsFinder.

This is MR 2 of 3 in a planned rollout:

MR 1: Web Controllers (4 files) - MERGED

Priority: HIGH - User-facing changes

Files:

  • app/controllers/dashboard/snippets_controller.rb
  • app/controllers/explore/snippets_controller.rb
  • app/controllers/projects/snippets_controller.rb
  • app/controllers/users_controller.rb

Status: !212826 (merged)

MR 2: API & GraphQL (3 files) - THIS MR

Priority: HIGH - External integrations

Files:

  • lib/api/snippets.rb
  • lib/api/project_snippets.rb
  • app/graphql/resolvers/concerns/resolves_snippets.rb

Why second? API changes affect external integrations and need careful testing.

MR 3: Internal Services (4 files)

Priority: MEDIUM - Backend functionality

Files:

  • app/finders/notes_finder.rb
  • app/services/projects/autocomplete_service.rb
  • app/services/snippets/count_service.rb
  • lib/gitlab/snippet_search_results.rb

Why last? Internal services with less direct user impact.

Specs updated in this MR:

  • spec/requests/api/graphql/snippets_spec.rb - added :with_current_organization

Note: The API specs (spec/requests/api/snippets_spec.rb and spec/requests/api/project_snippets_spec.rb) already have :with_current_organization metadata.

References

Related to #570399 Follow-up to !212826 (merged)

Screenshots or screen recordings

N/A - Backend changes only

How to set up and validate locally

  1. Ensure the Current.organization middleware is enabled (should be default)
  2. Run the updated specs to verify they pass: 
    bundle exec rspec spec/requests/api/snippets_spec.rb
bundle exec rspec spec/requests/api/project_snippets_spec.rb
bundle exec rspec spec/requests/api/graphql/snippets_spec.rb
  3. Test API endpoints manually: 
    # Personal snippets
curl --header "PRIVATE-TOKEN: <your_token>" "http://127.0.0.1:3000/api/v4/snippets"

# Project snippets
curl --header "PRIVATE-TOKEN: <your_token>" "http://127.0.0.1:3000/api/v4/projects/<project_id>/snippets"
  4. Test GraphQL query: 
    query {
  snippets {
    nodes {
      id
      title
    }
  }
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports