The property had been renamed to `_deprecated_feature_flag` earlier.

This change removes it altogether and all code that was supporting it.

https://gitlab.com/gitlab-org/gitlab/-/issues/369202

This first iteration of
https://gitlab.com/gitlab-org/gitlab/-/issues/369202 documents the
`feature_flag` property as being deprecated and that it should not be
used.

It renames the argument so that it's clear it's not to be used for new
items.

It also updates the developer docs to include advice for using flags
with schema items besides fields, and where the flag is used to toggle
behavior.

and use query_double when possible

This adds the `Milestone.releases`, the inverse
of `Release.milestones`.

Changelog: added

that can live on the main code branch

In spec/graphql and spec/controllers

in prep for interpreter

Subscriptions can sometimes return GraphQL::Execution::Execute::SKIP
when there is no update

This reverts merge request !56746

Add missing definition files for some feature flags

Also fixes https://gitlab.com/gitlab-org/gitlab/-/issues/222432
Fixes a bunch of TODO'ed rubocop violations encountered during
work on https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40088

This cleans up all TODO'ed rubocop violations encountered during
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40088
except for the namespaced class ones, which would be very invasive.

This changes our GraphQL code to use the built-in `#authorize` methods
to handle permissions.

We originally implemented this functionality with a field-extension,
but this is no longer necessary. This commit replaces that unnecessary
field extension with implementations of `BaseObject#authorize` that
use our policy framework.

Significant changes included here:

- field authorization now works as per the library specification: it
  authorizes against the current object, not the resolved value.
  To apply permissions to the resolved value, use the type permissions.
- we allow resolvers to do the same (opt-in).
- we extend authorization to enums (currently no enums use
  authorization).

Note on enums:
We don't actually have any authorization on enums, but we need to detect
that efficiently. By supporting `ObjectAuthorization`, we can skip
redaction now, and support it later (if we add enum members that require
special authorization to see).

Removals:

- The ManualAuthorization temporary class
- The synchronized_object method on BaseResolver
- Field.authorize DSL method

Changes:

The error raised when there is no auth becomes an internal server
error (ConfigurationError) since it cannot be caused by the client,
and represents a programming mistake.

The board issue move mutation has unnecessary logic removed, and the
test for this is adjusted to verify the correctness of this change.

Co-authored-by: Alex Kalderimis <akalderimis@gitlab.com>
Co-authored-by: Charlie Ablett <cablett@gitlab.com>

This moves the methods that create simple resolvers into their own
helper so they can be imported separately, reducing the size of
graphql_helpers.

Most of these are trivial (adding `#to_a` for example, or changing
to use client side argument names). The labels_resolver_spec changes
are more invasive since this spec tested a number of impossible states
(passing arguments not declared by the resolver) - these particular
changes were approved by @acroitor as part of
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40088.

The authorization_spec changes are made in such as way as to minimise
the impact of changes from
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40088
from which this work was extracted.

and add new `simple_resolver` helper to
GraphqlHelpers

This does:

- add all leftover `development` feature flags
- ensures that licensed `feature flags` are actually checked
  against `type: :licensed`
- makes `development` to be `optional: false`, aka `required`

- comply to style guide.

The plan for RSpec 4.0 is to disable monkey patching:
https://rspec.info/blog/2013/07/the-plan-for-rspec-3/#zero-monkey-patching-mode

This commit stops using RSpec monkey patching in some specs:
https://relishapp.com/rspec/rspec-core/docs/configuration/zero-monkey-patching-mode

- Fix how we call include_graphql_fields
from described_class.new to described_class
- Fix require_graphql_authorizations matcher
- Update have_graphql_type and have_graphql_resolver
- Fix how we call require_graphql_authorizations
from described_class.new to described_class
- Fix how we call have_graphql_fields
from described_class.new to described_class
- Fix how we call have_graphql_field
from described_class.new to described_class
- Add `field_with_params` graphql helper
- Fix how `field_type` determines type
- Use `resolve_field` instead of `resolve`
so that `extras` metadata is properly processed
- Fix returned error message check

Removes usage of `set` in specs

- use table syntax for specs

by changing the cursor into json and
handling a NULL condition correctly.

- `edge_nodes` needs to get called on the object
- added `include GlobalID::Identification` in a couple places
- renamed `object` to `item` in spec due to conflict

- `edge_nodes` needs to get called on the object
- added `include GlobalID::Identification` in a couple places
- renamed `object` to `item` in spec due to conflict

This exposes all fields named `id` as GlobalIDs so they can be used
across our entire GraphQL implementation.

When the objects loaded are `ApplicationRecord`s. We'll use our
existing batchloading to find them. Otherwise, we'll fall back to the
default implementation of `GlobalID`: Calling the `.find` method on
the class.

With this we only check abilities on the rendered edges of a GraphQL
connection instead of all the nodes in it.

Enables authorizations to be defined on GraphQL Types.

    module Types
      class ProjectType < BaseObject
        authorize :read_project
      end
    end

If a field has authorizations defined on it, and the return type of the
field also has authorizations defined on it. then all of the combined
permissions in the authorizations will be checked and must pass.

Connection fields are checked by "digging" to find the type class of the
"node" field in the expected location of edges->node.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417

Previously GraphQL field authorization happened like this:

    class ProjectType
      field :my_field, MyFieldType do
        authorize :permission
      end
    end

This change allowed us to authorize like this instead:

    class ProjectType
      field :my_field, MyFieldType, authorize: :permission
    end

A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:

    field.metadata[:authorize]

The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.

https://gitlab.com/gitlab-org/gitlab-ce/issues/57828