<!--- Please read this! Before opening a new issue, make sure to search for keywords in the issues filtered by the "regression" or "type::bug" label: - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=regression - https://gitlab.com/gitlab-org/gitlab/issues?label_name%5B%5D=type::bug and verify the issue you're about to submit isn't a duplicate. ---> ### Summary A customer in this internal ticket has noticed a difference in behaviour between GraphQL and Rest API. GraphQL [ApprovalProjectRule](https://docs.gitlab.com/ee/api/graphql/reference/#approvalprojectrule) resource doesn't list approval rules for developer users while [Get project-level rules](https://docs.gitlab.com/ee/api/merge_request_approvals.html#get-project-level-rules) REST API does list the rules for the same user. The same Personal access token is used to run REST API queries and GraphQL. The scope of the token is `api`, `read_api`. The user role is Developer. ##### GraphQL query to get [ApprovalProjectRule](https://docs.gitlab.com/ee/api/graphql/reference/#approvalprojectrule) ```shell curl --header "PRIVATE-TOKEN: $GRAPHQL_TOKEN" "https://main.gitlab.egrechishkina.com/api/v4/projects/338/approval_rules" ``` <details> <summary>GraphQL query result</summary> <pre> { "data": { "queryComplexity": { "limit": 250, "score": 53 }, "project": { "id": "gid://gitlab/Project/338", "branchRules": { "nodes": [] }, "scanResultPolicies": { "nodes": [] } } } } </pre> </details> ##### [Get project-level rules](https://docs.gitlab.com/ee/api/merge_request_approvals.html#get-project-level-rules) REST API ```shell curl --header "PRIVATE-TOKEN: $GRAPHQL_TOKEN" "https://main.gitlab.egrechishkina.com/api/v4/projects/338/approval_rules" ``` <details> <summary>REST API output</summary> <pre> [ { "id": 6, "name": "test_approval", "rule_type": "regular", "eligible_approvers": [ { "id": 36, "username": "annperkins", "name": "Ann Perkins", "state": "active", "locked": false, "avatar_url": "https://secure.gravatar.com/avatar/507b4eef8ed8ee37642b5d04504ab030?s=80&d=identicon", "web_url": "https://main.gitlab.egrechishkina.com/annperkins" } ], "approvals_required": 1, "users": [ { "id": 36, "username": "annperkins", "name": "Ann Perkins", "state": "active", "locked": false, "avatar_url": "https://secure.gravatar.com/avatar/507b4eef8ed8ee37642b5d04504ab030?s=80&d=identicon", "web_url": "https://main.gitlab.egrechishkina.com/annperkins" } ], "groups": [], "contains_hidden_groups": false, "protected_branches": [ { "id": 278, "name": "main", "push_access_levels": [ { "id": 278, "access_level": 40, "access_level_description": "Maintainers", "deploy_key_id": null, "user_id": null, "group_id": null } ], "merge_access_levels": [ { "id": 279, "access_level": 40, "access_level_description": "Maintainers", "user_id": null, "group_id": null } ], "allow_force_push": false, "unprotect_access_levels": [], "code_owner_approval_required": false, "inherited": false } ], "applies_to_all_protected_branches": false } ] </pre> </details> ### Steps to reproduce 1. Create a project that has approval rules 2. Add a user with Developer role to it 3. Create a Personal access token for that user, make sure it has `api` and `read_api` scope 4. Run the queries listed in the Summary section above. ### Example Project <!-- If possible, please create an example project here on GitLab.com that exhibits the problematic behavior, and link to it here in the bug report. If you are using an older version of GitLab, this will also determine whether the bug is fixed in a more recent version. --> ### What is the current *bug* behavior? There is a difference in what is allowed with GraphQL and RestAPI in regards to viewing project approval rules. ### What is the expected *correct* behavior? There should be no difference. The expected behaviour for customers is to get the same results. ### Relevant logs and/or screenshots <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise. --> ### Output of checks <!-- If you are reporting a bug on GitLab.com, uncomment below --> This bug happens on GitLab.com #### Results of GitLab environment info <!-- Input any relevant GitLab environment information if needed. --> <details> <summary>Expand for output related to GitLab environment info</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`) </pre> </details> #### Results of GitLab application Check <!-- Input any relevant GitLab application check information if needed. --> <details> <summary>Expand for output related to the GitLab application check</summary> <pre> (For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) (we will only investigate if the tests are passing) </pre> </details> ### Possible fixes <!-- If you can, link to the line of code that might be responsible for the problem. -->