Add custom resolvers for CRM permission fields in NamespacePermissions

Vedant Jainrequested to merge
vj/update-crm-read-namespace-permission into master

What does this MR do and why?

Add custom resolvers for CRM permission fields in NamespacePermissions

The read_crm_contact and read_crm_organization permissions need to check against crm_group instead of the namespace itself, matching the behavior in work_items_helper.rb.

The work_items_helper.rb checks CRM permissions against resource_parent.crm_group:

can_read_crm_contact: can?(current_user, :read_crm_contact, resource_parent.crm_group).to_s,
can_read_crm_organization: can?(current_user, :read_crm_organization, resource_parent.crm_group).to_s,

The crm_group method returns the group where CRM is enabled, which may be different from the current namespace (e.g., for a project, it could be the project's group; for a group, it could be itself or an ancestor).

Using the standard abilities macro would check permissions against the namespace directly, which would be incorrect behavior. For projects, it is giving false although it should give true

References

Relates to #578973 (closed)

query result - before result - after 
fragment namespaceURLs on Namespace {
  userPermissions{
    readCrmContact
    readCrmOrganization
  }
}


query getNamespaceUserPermissions {
  public_group_namespace: namespace(fullPath: "twitter") {
    ...namespaceURLs
  }
	public_project_namespace: namespace(fullPath: "twitter/Typeahead.Js") {
	...namespaceURLs
	}
	user_namespace: namespace(fullPath: "root") {
	...namespaceURLs
	}
}

{
  "data": {
    "public_group_namespace": {
      "userPermissions": {
        "readCrmContact": true,
        "readCrmOrganization": true
      }
    },
    "public_project_namespace": {
      "userPermissions": {
        "readCrmContact": false,
        "readCrmOrganization": false
      }
    },
    "user_namespace": {
      "userPermissions": {
        "readCrmContact": false,
        "readCrmOrganization": false
      }
    }
  },
  "correlationId": "01KBMMQM34GN0XS9QR19QQH52S"
}
 
{
  "data": {
    "public_group_namespace": {
      "userPermissions": {
        "readCrmContact": true,
        "readCrmOrganization": true
      }
    },
    "public_project_namespace": {
      "userPermissions": {
        "readCrmContact": true,
        "readCrmOrganization": true
      }
    },
    "user_namespace": {
      "userPermissions": {
        "readCrmContact": false,
        "readCrmOrganization": false
      }
    }
  },
  "correlationId": "01KBMMM41HDTXCR2XWEDP32M5C"
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vedant Jain

Merge request reports