Merge branch '337438-add-userpermissions-to-runner' into 'master'

Add user permissions for runners in GraphQL API

See merge request gitlab-org/gitlab!70809

app/graphql/types/ci/runner_type.rb

@@ -7,6 +7,8 @@ module Types
       authorize :read_runner
       present_using ::Ci::RunnerPresenter
 
+      expose_permissions Types::PermissionTypes::Ci::Runner
+
       JOB_COUNT_LIMIT = 1000
 
       alias_method :runner, :object

app/graphql/types/permission_types/ci/runner.rb

+# frozen_string_literal: true
+
+module Types
+  module PermissionTypes
+    module Ci
+      class Runner < BasePermissionType
+        graphql_name 'RunnerPermissions'
+
+        abilities :read_runner, :update_runner, :delete_runner
+      end
+    end
+  end
+end

doc/api/graphql/reference/index.md

@@ -8407,6 +8407,7 @@ Represents the total number of issues and their weights for a particular day.
 | <a id="cirunnershortsha"></a>`shortSha` | [`String`](#string) | First eight characters of the runner's token used to authenticate new job requests. Used as the runner's unique ID. |
 | <a id="cirunnerstatus"></a>`status` | [`CiRunnerStatus!`](#cirunnerstatus) | Status of the runner. |
 | <a id="cirunnertaglist"></a>`tagList` | [`[String!]`](#string) | Tags associated with the runner. |
+| <a id="cirunneruserpermissions"></a>`userPermissions` | [`RunnerPermissions!`](#runnerpermissions) | Permissions for the current user on the resource. |
 | <a id="cirunnerversion"></a>`version` | [`String`](#string) | Version of the runner. |
 
 ### `CiStage`
@@ -13676,6 +13677,16 @@ Counts of requirements by their state.
 | <a id="runnerarchitecturedownloadlocation"></a>`downloadLocation` | [`String!`](#string) | Download location for the runner for the platform architecture. |
 | <a id="runnerarchitecturename"></a>`name` | [`String!`](#string) | Name of the runner platform architecture. |
 
+### `RunnerPermissions`
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="runnerpermissionsdeleterunner"></a>`deleteRunner` | [`Boolean!`](#boolean) | Indicates the user can perform `delete_runner` on this resource. |
+| <a id="runnerpermissionsreadrunner"></a>`readRunner` | [`Boolean!`](#boolean) | Indicates the user can perform `read_runner` on this resource. |
+| <a id="runnerpermissionsupdaterunner"></a>`updateRunner` | [`Boolean!`](#boolean) | Indicates the user can perform `update_runner` on this resource. |
+
 ### `RunnerPlatform`
 
 #### Fields

spec/graphql/types/ci/runner_type_spec.rb

@@ -11,7 +11,7 @@ RSpec.describe GitlabSchema.types['CiRunner'] do
     expected_fields = %w[
       id description contacted_at maximum_timeout access_level active status
       version short_sha revision locked run_untagged ip_address runner_type tag_list
-      project_count job_count
+      project_count job_count user_permissions
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)

spec/graphql/types/permission_types/ci/runner_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Types::PermissionTypes::Ci::Runner do
+  it do
+    expected_permissions = [
+      :read_runner, :update_runner, :delete_runner
+    ]
+
+    expected_permissions.each do |permission|
+      expect(described_class).to have_graphql_field(permission)
+    end
+  end
+end

spec/requests/api/graphql/ci/runner_spec.rb

@@ -61,7 +61,12 @@ RSpec.describe 'Query.runner(id)' do
         'ipAddress' => runner.ip_address,
         'runnerType' => runner.instance_type? ? 'INSTANCE_TYPE' : 'PROJECT_TYPE',
         'jobCount' => 0,
-        'projectCount' => nil
+        'projectCount' => nil,
+        'userPermissions' => {
+          'readRunner' => true,
+          'updateRunner' => true,
+          'deleteRunner' => true
+        }
       )
       expect(runner_data['tagList']).to match_array runner.tag_list
     end