Draft: feat: allow Maintainer role to toggle CI/CD catalog

Duo Developerrequested to merge
duo/feature/583757-maintainer-cicd-catalog-setting into master

Relates to issue #583757

Changes

This MR allows maintainers (in addition to owners) to manage CI/CD catalog resources on projects.

Policy Update:

  • Moved the :add_catalog_resource permission from owner_access rule to maintainer_access rule in app/policies/project_policy.rb
  • This enables both maintainers and owners to add/manage catalog resources

Test Updates:

  • Updated spec/policies/project_policy_spec.rb to allow maintainers (changed maintainer | false to maintainer | true)
  • Added maintainer authorization tests to spec/helpers/ci/catalog/resources_helper_spec.rb
  • Added maintainer authorization tests to spec/services/ci/catalog/resources/create_service_spec.rb
  • Added maintainer authorization tests to spec/services/ci/catalog/resources/destroy_service_spec.rb
  • Added maintainer authorization tests to spec/requests/api/graphql/mutations/ci/catalog/resources/create_spec.rb
  • Added maintainer authorization tests to spec/requests/api/graphql/mutations/ci/catalog/resources/destroy_spec.rb

The implementation maintains backward compatibility - owners retain full access while maintainers gain the ability to manage CI/CD catalog resources. The GraphQL mutations and service classes already use the correct :add_catalog_resource ability check, so no changes were needed to those files.

Edited by Timo Furrer

Merge request reports