Check authorization to view billableMembersCount via GraphQL (!82479) · Merge requests · GitLab.org / GitLab

Vijay Hawoldar requested to merge vij-auth-check-billable-count into master Mar 09, 2022

What does this MR do and why?

In #322815 (comment 864427923) it was raised that only certain user roles should have access to billableMembersCount which is being exposed via GraphQL

This MR adds the authorization check and updates the specs accordingly

How to set up and validate locally

Navigate to http://localhost:3000/-/graphql-explorer

Query a group with the following:

query {
  group(fullPath: "path/to/group/here"){
    billableMembersCount
  }
}

Try the same query when logged in as the owner/developer/guest/etc

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Check authorization to view billableMembersCount via GraphQL

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports