Merge branch 'feat/graphql-permissions-path-locks' into 'master'

Expose path lock abilities in graphql endpoint

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/184242



Merged-by: Jerry Seto <jseto@gitlab.com>
Approved-by: Hunter Stewart <hustewart@gitlab.com>
Approved-by: Jerry Seto <jseto@gitlab.com>
Co-authored-by: Joe Woodward <j@joewoodward.me>

doc/api/graphql/reference/_index.md

@@ -33160,6 +33160,15 @@ Represents a file or directory in the project repository that has been locked.
 | <a id="pathlockid"></a>`id` | [`PathLockID!`](#pathlockid) | ID of the path lock. |
 | <a id="pathlockpath"></a>`path` | [`String`](#string) | Locked path. |
 | <a id="pathlockuser"></a>`user` | [`UserCore`](#usercore) | User that has locked this path. |
+| <a id="pathlockuserpermissions"></a>`userPermissions` | [`PathLockPermissions!`](#pathlockpermissions) | Permissions for the current user on the resource. |
+
+### `PathLockPermissions`
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="pathlockpermissionsdestroypathlock"></a>`destroyPathLock` | [`Boolean!`](#boolean) | If `true`, the user can perform `destroy_path_lock` on this resource. |
 ### `PendingGroupMember`
@@ -36215,6 +36224,7 @@ Returns [`UserMergeRequestInteraction`](#usermergerequestinteraction).
 | <a id="projectpermissionscreatemergerequestfrom"></a>`createMergeRequestFrom` | [`Boolean!`](#boolean) | If `true`, the user can perform `create_merge_request_from` on this resource. |
 | <a id="projectpermissionscreatemergerequestin"></a>`createMergeRequestIn` | [`Boolean!`](#boolean) | If `true`, the user can perform `create_merge_request_in` on this resource. |
 | <a id="projectpermissionscreatepages"></a>`createPages` | [`Boolean!`](#boolean) | If `true`, the user can perform `create_pages` on this resource. |
+| <a id="projectpermissionscreatepathlock"></a>`createPathLock` | [`Boolean!`](#boolean) | If `true`, the user can perform `create_path_lock` on this resource. |
 | <a id="projectpermissionscreatepipeline"></a>`createPipeline` | [`Boolean!`](#boolean) | If `true`, the user can perform `create_pipeline` on this resource. |
 | <a id="projectpermissionscreatepipelineschedule"></a>`createPipelineSchedule` | [`Boolean!`](#boolean) | If `true`, the user can perform `create_pipeline_schedule` on this resource. |
 | <a id="projectpermissionscreatesnippet"></a>`createSnippet` | [`Boolean!`](#boolean) | If `true`, the user can perform `create_snippet` on this resource. |
@@ -36235,6 +36245,7 @@ Returns [`UserMergeRequestInteraction`](#usermergerequestinteraction).
 | <a id="projectpermissionsreadenvironment"></a>`readEnvironment` | [`Boolean!`](#boolean) | If `true`, the user can perform `read_environment` on this resource. |
 | <a id="projectpermissionsreadmergerequest"></a>`readMergeRequest` | [`Boolean!`](#boolean) | If `true`, the user can perform `read_merge_request` on this resource. |
 | <a id="projectpermissionsreadpagescontent"></a>`readPagesContent` | [`Boolean!`](#boolean) | If `true`, the user can perform `read_pages_content` on this resource. |
+| <a id="projectpermissionsreadpathlocks"></a>`readPathLocks` | [`Boolean!`](#boolean) | If `true`, the user can perform `read_path_locks` on this resource. |
 | <a id="projectpermissionsreadproject"></a>`readProject` | [`Boolean!`](#boolean) | If `true`, the user can perform `read_project` on this resource. |
 | <a id="projectpermissionsreadprojectmember"></a>`readProjectMember` | [`Boolean!`](#boolean) | If `true`, the user can perform `read_project_member` on this resource. |
 | <a id="projectpermissionsreadwiki"></a>`readWiki` | [`Boolean!`](#boolean) | If `true`, the user can perform `read_wiki` on this resource. |

ee/app/graphql/ee/types/permission_types/project.rb

@@ -7,6 +7,8 @@ module Project
         extend ActiveSupport::Concern
 
         prepended do
+          ability_field :read_path_locks
+          ability_field :create_path_lock
           ability_field :admin_path_locks
           ability_field :generate_description
         end

ee/app/graphql/types/path_lock_type.rb

@@ -4,6 +4,8 @@ class PathLockType < BaseObject # rubocop:disable Graphql/AuthorizeTypes
     graphql_name 'PathLock'
     description 'Represents a file or directory in the project repository that has been locked.'
 
+    expose_permissions Types::PermissionTypes::Projects::PathLock
+
     field :id, ::Types::GlobalIDType[PathLock], null: false,
       description: 'ID of the path lock.'
 

ee/app/graphql/types/permission_types/projects/path_lock.rb

+# frozen_string_literal: true
+
+module Types
+  module PermissionTypes
+    module Projects
+      class PathLock < BasePermissionType
+        graphql_name 'PathLockPermissions'
+
+        ability_field :destroy_path_lock
+      end
+    end
+  end
+end

ee/spec/graphql/types/path_lock_type_spec.rb

@@ -2,10 +2,10 @@
 
 require 'spec_helper'
 
-RSpec.describe GitlabSchema.types['PathLock'] do
+RSpec.describe GitlabSchema.types['PathLock'], feature_category: :source_code_management do
   it { expect(described_class.graphql_name).to eq('PathLock') }
 
   it 'has the expected fields' do
-    expect(described_class).to have_graphql_fields(:id, :path, :user)
+    expect(described_class).to have_graphql_fields(:id, :path, :user, :user_permissions)
   end
 end

ee/spec/graphql/types/permission_types/project_spec.rb

@@ -4,7 +4,7 @@
 
 RSpec.describe Types::PermissionTypes::Project do
   specify do
-    expected_permissions = [:admin_path_locks, :generate_description]
+    expected_permissions = %i[create_path_lock read_path_locks admin_path_locks generate_description]
 
     expected_permissions.each do |permission|
       expect(described_class).to have_graphql_field(permission)

ee/spec/graphql/types/permission_types/projects/path_lock_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Types::PermissionTypes::Projects::PathLock, feature_category: :source_code_management do
+  specify do
+    expected_permissions = %i[destroy_path_lock]
+
+    expected_permissions.each do |permission|
+      expect(described_class).to have_graphql_field(permission)
+    end
+  end
+end