diff --git a/doc/api/graphql/reference/_index.md b/doc/api/graphql/reference/_index.md
index b5abfe51beef04f6552669638ae490274dd589bf..25d32eb740235025d5d8d46270e44d6cbe8381e9 100644
--- a/doc/api/graphql/reference/_index.md
+++ b/doc/api/graphql/reference/_index.md
@@ -20281,9 +20281,7 @@ Represents an admin member role.
| Name | Type | Description |
| ---- | ---- | ----------- |
-| <a id="adminmemberrolebaseaccesslevel"></a>`baseAccessLevel` {{< icon name="warning-solid" >}} | [`AccessLevel!`](#accesslevel) | **Introduced** in GitLab 16.5. **Status**: Experiment. Base access level for the custom role. |
| <a id="adminmemberrolecreatedat"></a>`createdAt` | [`Time!`](#time) | Timestamp of when the member role was created. |
-| <a id="adminmemberroledependentsecuritypolicies"></a>`dependentSecurityPolicies` | [`[ApprovalPolicy!]`](#approvalpolicy) | Array of security policies dependent on the custom role. |
| <a id="adminmemberroledescription"></a>`description` | [`String`](#string) | Role description. |
| <a id="adminmemberroledetailspath"></a>`detailsPath` {{< icon name="warning-solid" >}} | [`String`](#string) | **Introduced** in GitLab 17.4. **Status**: Experiment. URL path to the role details webpage. |
| <a id="adminmemberroleeditpath"></a>`editPath` {{< icon name="warning-solid" >}} | [`String!`](#string) | **Introduced** in GitLab 16.11. **Status**: Experiment. Web UI path to edit the custom role. |
diff --git a/ee/app/graphql/types/member_roles/member_role_type.rb b/ee/app/graphql/types/member_roles/member_role_type.rb
index b3f93fdb675ef71ad99eaabb3df5e52f666564b8..2682a40fad85e39053d32fd1a4255315eeb47d9e 100644
--- a/ee/app/graphql/types/member_roles/member_role_type.rb
+++ b/ee/app/graphql/types/member_roles/member_role_type.rb
@@ -6,14 +6,10 @@ module MemberRoles
# But it is too complex to be included on a simple MemberRole type
#
# rubocop: disable Graphql/AuthorizeTypes -- authorization too complex
- class MemberRoleType < BaseObject
+ class MemberRoleType < Types::Members::AdminMemberRoleType
graphql_name 'MemberRole'
description 'Represents a member role'
- include MemberRolesHelper
-
- implements Types::Members::RoleInterface
-
field :base_access_level,
Types::AccessLevelType,
null: false,
@@ -26,43 +22,12 @@ class MemberRoleType < BaseObject
experiment: { milestone: '16.5' },
description: 'Array of all permissions enabled for the custom role.'
- field :edit_path,
- GraphQL::Types::String,
- null: false,
- experiment: { milestone: '16.11' },
- description: 'Web UI path to edit the custom role.'
-
- field :created_at,
- Types::TimeType,
- null: false,
- description: 'Timestamp of when the member role was created.'
-
field :dependent_security_policies,
[::Types::SecurityOrchestration::ApprovalPolicyType],
null: true,
description: 'Array of security policies dependent on the custom role.',
resolver: ::Resolvers::Members::ApprovalPolicyResolver
- def members_count
- return object.members_count if object.respond_to?(:members_count)
-
- object.members.count
- end
-
- def users_count
- object.users_count if object.respond_to?(:users_count)
-
- object.users.count
- end
-
- def edit_path
- member_role_edit_path(object)
- end
-
- def details_path
- member_role_details_path(object)
- end
-
def enabled_permissions
object.enabled_permissions(current_user).keys
end
diff --git a/ee/app/graphql/types/members/admin_member_role_type.rb b/ee/app/graphql/types/members/admin_member_role_type.rb
index 608049c7ca2f4e2bd24188c635120fd33d560843..bb0f7077293220956801924609437277768f61c2 100644
--- a/ee/app/graphql/types/members/admin_member_role_type.rb
+++ b/ee/app/graphql/types/members/admin_member_role_type.rb
@@ -2,17 +2,55 @@
module Types
module Members
- class AdminMemberRoleType < Types::MemberRoles::MemberRoleType
+ class AdminMemberRoleType < BaseObject
graphql_name 'AdminMemberRole'
description 'Represents an admin member role'
+ include MemberRolesHelper
- authorize :admin_member_role
+ implements Types::Members::RoleInterface
+
+ authorize :read_member_role
field :enabled_permissions,
::Types::Members::CustomizableAdminPermissionType.connection_type,
null: false,
experiment: { milestone: '17.7' },
- description: 'Array of all permissions enabled for the custom role.', method: :enabled_admin_permissions
+ description: 'Array of all permissions enabled for the custom role.'
+
+ field :edit_path,
+ GraphQL::Types::String,
+ null: false,
+ experiment: { milestone: '16.11' },
+ description: 'Web UI path to edit the custom role.'
+
+ field :created_at,
+ Types::TimeType,
+ null: false,
+ description: 'Timestamp of when the member role was created.'
+
+ def members_count
+ return object.members_count if object.respond_to?(:members_count)
+
+ object.members.count
+ end
+
+ def users_count
+ object.users_count if object.respond_to?(:users_count)
+
+ object.users.count
+ end
+
+ def edit_path
+ member_role_edit_path(object)
+ end
+
+ def details_path
+ member_role_details_path(object)
+ end
+
+ def enabled_permissions
+ object.enabled_admin_permissions.keys
+ end
end
end
end
diff --git a/ee/spec/graphql/types/members/admin_member_role_type_spec.rb b/ee/spec/graphql/types/members/admin_member_role_type_spec.rb
index 144a1a5acdc6067ea1670b0d4e36d6f53ff098fa..3ee0d1247c398015c7bc0a348ec41ffb0b948753 100644
--- a/ee/spec/graphql/types/members/admin_member_role_type_spec.rb
+++ b/ee/spec/graphql/types/members/admin_member_role_type_spec.rb
@@ -4,10 +4,7 @@
RSpec.describe GitlabSchema.types['AdminMemberRole'], feature_category: :system_access do
let(:fields) do
- %w[
- baseAccessLevel description id name enabledPermissions membersCount
- dependentSecurityPolicies usersCount editPath detailsPath createdAt
- ]
+ %w[description id name enabledPermissions membersCount usersCount editPath detailsPath createdAt]
end
specify { expect(described_class.graphql_name).to eq('AdminMemberRole') }