Merge branch 'pb-expose-job-permissions-graphql' into 'master'

Expose user permissions on JobType

See merge request gitlab-org/gitlab!60427

app/graphql/types/ci/job_type.rb

@@ -8,6 +8,8 @@ module Types
 
       connection_type_class(Types::CountableConnectionType)
 
+      expose_permissions Types::PermissionTypes::Ci::Job
+
       field :id, ::Types::GlobalIDType[::CommitStatus].as('JobID'), null: true,
             description: 'ID of the job.'
       field :pipeline, Types::Ci::PipelineType, null: true,

app/graphql/types/permission_types/ci/job.rb

+# frozen_string_literal: true
+
+module Types
+  module PermissionTypes
+    module Ci
+      class Job < BasePermissionType
+        graphql_name 'JobPermissions'
+
+        abilities :read_job_artifacts, :read_build
+        ability_field :update_build, calls_gitaly: true
+      end
+    end
+  end
+end

changelogs/unreleased/pb-expose-job-permissions-graphql.yml

+---
+title: Expose user permissions on JobType
+merge_request: 60427
+author:
+type: added

doc/api/graphql/reference/index.md

@@ -7242,6 +7242,7 @@ Represents the total number of issues and their weights for a particular day.
 | <a id="cijobstatus"></a>`status` | [`CiJobStatus`](#cijobstatus) | Status of the job. |
 | <a id="cijobtags"></a>`tags` | [`[String!]`](#string) | Tags for the current job. |
 | <a id="cijobtriggered"></a>`triggered` | [`Boolean`](#boolean) | Whether the job was triggered. |
+| <a id="cijobuserpermissions"></a>`userPermissions` | [`JobPermissions!`](#jobpermissions) | Permissions for the current user on the resource. |
 
 ### `CiJobArtifact`
 
@@ -9455,6 +9456,16 @@ four standard [pagination arguments](#connection-pagination-arguments):
 | <a id="jirauserjiradisplayname"></a>`jiraDisplayName` | [`String!`](#string) | Display name of the Jira user. |
 | <a id="jirauserjiraemail"></a>`jiraEmail` | [`String`](#string) | Email of the Jira user, returned only for users with public emails. |
 
+### `JobPermissions`
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="jobpermissionsreadbuild"></a>`readBuild` | [`Boolean!`](#boolean) | Indicates the user can perform `read_build` on this resource. |
+| <a id="jobpermissionsreadjobartifacts"></a>`readJobArtifacts` | [`Boolean!`](#boolean) | Indicates the user can perform `read_job_artifacts` on this resource. |
+| <a id="jobpermissionsupdatebuild"></a>`updateBuild` | [`Boolean!`](#boolean) | Indicates the user can perform `update_build` on this resource. |
+
 ### `Label`
 
 #### Fields

spec/graphql/types/ci/job_type_spec.rb

@@ -5,6 +5,7 @@ require 'spec_helper'
 RSpec.describe Types::Ci::JobType do
   specify { expect(described_class.graphql_name).to eq('CiJob') }
   specify { expect(described_class).to require_graphql_authorizations(:read_commit_status) }
+  specify { expect(described_class).to expose_permissions_using(Types::PermissionTypes::Ci::Job) }
 
   it 'exposes the expected fields' do
     expected_fields = %i[
@@ -38,6 +39,7 @@ RSpec.describe Types::Ci::JobType do
       status
       tags
       triggered
+      userPermissions
     ]
 
     expect(described_class).to have_graphql_fields(*expected_fields)

spec/graphql/types/permission_types/ci/job_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Types::PermissionTypes::Ci::Job do
+  it 'has expected permission fields' do
+    expected_permissions = [
+      :read_job_artifacts, :read_build, :update_build
+    ]
+
+    expect(described_class).to have_graphql_fields(expected_permissions).only
+  end
+end