Use new auth filter in milestones

Terri Churequested to merge
duo-edit-20251204-135650 into master

What does this MR do and why?

This MR introduces using the new query builder authorization filter to milestone search behind a FF.

Changes

  • Created feature flag search_advanced_milestones_new_auth_filter to enable new authorization filter for milestone searches
  • Updated MilestoneQueryBuilder to conditionally use by_search_level_and_membership (new filter) when feature flag is enabled, or by_project_authorization (old filter) when disabled
  • Added comprehensive specs to test both feature flag enabled and disabled scenarios, ensuring proper filter selection and backward compatibility
  • Implemented gradual rollout mechanism for improved query performance while maintaining safe rollback capability

References

Related #491213

How to set up and validate locally

  1. Enable elasticsearch in GDK
  2. Perform searches at global, group, and project level for * (note how many milestones you get)
  3. Enable the FF search_advanced_milestones_new_auth_filter
  4. Perform the same searches, make sure the numbers match
  5. Repeat with a non-admin user
  6. Repeat with an anonymous user

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Terri Chu

Merge request reports