Update authorization for project and group secrets count

Mireya Andresrequested to merge
secrets/count-graphql-access into master

What does this MR do and why?

We will this endpoint to fetch the secrets count to display in the project/group delete modal. This modal is shown regardless of the status of the feature flags or licensed feature flags. We want to to make sure the endpoint returns null instead of an access error if the license feature is disabled.

We should only be showing an error if there is an actually issue (not access-related) with fetching the secrets count.

References

See !231566 (comment 3276392185) for further discussion.

Implements #583210.

Required for !231566.

Screenshots or screen recordings

FF or licensed feature disabled FF enabled
Screenshot_2026-04-23_at_16.42.34 Screenshot_2026-04-23_at_16.46.15

How to set up and validate locally

Pipelines should pass.

Remove the native_secrets_management licensed feature flag from ee/app/models/gitlab_subscriptions/features.rb, or disable the secrets_manager and group_secrets_manager feature flags, and verify that the above GraphQL endpoints return null secrets count and no errors.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Mireya Andres

Merge request reports