Expose user permissions on JobType

8c9c6042 · Payton Burdette · Max Woolf · 39e47fd5 · 8c9c6042 · 8c9c6042
Commit 8c9c6042 authored May 04, 2021 by Payton Burdette Committed by Max Woolf May 04, 2021
6 changed files
--- a/app/graphql/types/ci/job_type.rb
+++ b/app/graphql/types/ci/job_type.rb
@@ -8,6 +8,8 @@ module Types

      connection_type_class(Types::CountableConnectionType)

+      expose_permissions Types::PermissionTypes::Ci::Job
+
      field :id, ::Types::GlobalIDType[::CommitStatus].as('JobID'), null: true,
            description: 'ID of the job.'
      field :pipeline, Types::Ci::PipelineType, null: true,

--- a/app/graphql/types/permission_types/ci/job.rb
+++ b/app/graphql/types/permission_types/ci/job.rb
+# frozen_string_literal: true
+
+module Types
+  module PermissionTypes
+    module Ci
+      class Job < BasePermissionType
+        graphql_name 'JobPermissions'
+
+        abilities :read_job_artifacts, :read_build
+        ability_field :update_build, calls_gitaly: true
+      end
+    end
+  end
+end
--- a/changelogs/unreleased/pb-expose-job-permissions-graphql.yml
+++ b/changelogs/unreleased/pb-expose-job-permissions-graphql.yml
+---
+title: Expose user permissions on JobType
+merge_request: 60427
+author:
+type: added
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -7242,6 +7242,7 @@ Represents the total number of issues and their weights for a particular day.
 | <a id="cijobstatus"></a>`status` | [`CiJobStatus`](#cijobstatus) | Status of the job. |
 | <a id="cijobtags"></a>`tags` | [`[String!]`](#string) | Tags for the current job. |
 | <a id="cijobtriggered"></a>`triggered` | [`Boolean`](#boolean) | Whether the job was triggered. |
+| <a id="cijobuserpermissions"></a>`userPermissions` | [`JobPermissions!`](#jobpermissions) | Permissions for the current user on the resource. |

 ### `CiJobArtifact`

@@ -9455,6 +9456,16 @@ four standard [pagination arguments](#connection-pagination-arguments):
 | <a id="jirauserjiradisplayname"></a>`jiraDisplayName` | [`String!`](#string) | Display name of the Jira user. |
 | <a id="jirauserjiraemail"></a>`jiraEmail` | [`String`](#string) | Email of the Jira user, returned only for users with public emails. |

+### `JobPermissions`
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="jobpermissionsreadbuild"></a>`readBuild` | [`Boolean!`](#boolean) | Indicates the user can perform `read_build` on this resource. |
+| <a id="jobpermissionsreadjobartifacts"></a>`readJobArtifacts` | [`Boolean!`](#boolean) | Indicates the user can perform `read_job_artifacts` on this resource. |
+| <a id="jobpermissionsupdatebuild"></a>`updateBuild` | [`Boolean!`](#boolean) | Indicates the user can perform `update_build` on this resource. |
+
 ### `Label`

 #### Fields

--- a/spec/graphql/types/ci/job_type_spec.rb
+++ b/spec/graphql/types/ci/job_type_spec.rb
@@ -5,6 +5,7 @@ require 'spec_helper'
 RSpec.describe Types::Ci::JobType do
  specify { expect(described_class.graphql_name).to eq('CiJob') }
  specify { expect(described_class).to require_graphql_authorizations(:read_commit_status) }
+  specify { expect(described_class).to expose_permissions_using(Types::PermissionTypes::Ci::Job) }

  it 'exposes the expected fields' do
    expected_fields = %i[
@@ -38,6 +39,7 @@ RSpec.describe Types::Ci::JobType do
      status
      tags
      triggered
+      userPermissions
    ]

    expect(described_class).to have_graphql_fields(*expected_fields)

--- a/spec/graphql/types/permission_types/ci/job_spec.rb
+++ b/spec/graphql/types/permission_types/ci/job_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Types::PermissionTypes::Ci::Job do
+  it 'has expected permission fields' do
+    expected_permissions = [
+      :read_job_artifacts, :read_build, :update_build
+    ]
+
+    expect(described_class).to have_graphql_fields(expected_permissions).only
+  end
+end