Remove prevent rule for read_work_item_type in type_policy
Issue: [BE] Ensure privileges, policies and abilities ... (#581944)
What does this MR do and why?
Fixes the custom type policy to allow reading custom work item types even when the configurable_work_item_types license is not available.
Previously, prevent :read_work_item_type was applied when the license was unavailable, which caused a GraphQL error when listing work items with custom types after a downgrade, the workItemType field is null: false but returned nil because the type couldn't be read.
This replaces the :read_work_item_type prevention with :admin_work_item_lifecycle, so that:
- Custom types remain readable after a license downgrade (existing items continue to work)
- Lifecycle administration is still gated on the license
- Cross-namespace access is unchanged (handled by the policy's delegate to namespace | organization)
create_work_item_type/update_work_item_typeare already prevented in the group and organization policies, so no duplication is needed here
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Daniyal Arshad