Skip to content

feat(BA-4785): add connections to RoleGQL with pagination support#9518

Merged
HyeockJinKim merged 7 commits intomainfrom
feature/rbac-role-permissions-field
Mar 6, 2026
Merged

feat(BA-4785): add connections to RoleGQL with pagination support#9518
HyeockJinKim merged 7 commits intomainfrom
feature/rbac-role-permissions-field

Conversation

@fregataa
Copy link
Copy Markdown
Member

@fregataa fregataa commented Feb 27, 2026
edited by github-actions Bot
Loading

Summary

  • Add permissions and users connection fields to RoleGQL for querying associated data
  • Implements full Relay-style pagination support for both fields
  • Automatically scopes queries to the parent role

Changes

  • Add permissions field to RoleGQL — returns PermissionConnection scoped by role_id
  • Add users field to RoleGQL — returns UserV2Connection via SearchUsersByRoleAction
  • Use strawberry.lazy() for cross-module type references to avoid circular imports
  • Support all standard pagination parameters (cursor-based, offset-based, filtering, ordering)

GraphQL Query Examples

Permissions field

query {
  role(id: "role-uuid") {
    id
    name
    permissions(
      first: 10
      filter: { scopeType: DOMAIN, entityType: USER }
      orderBy: { field: ENTITY_TYPE, direction: ASC }
    ) {
      edges {
        node {
          id
          scopeType
          entityType
          operation
        }
      }
      pageInfo {
        hasNextPage
        endCursor
      }
      count
    }
  }
}

Users field

query {
  role(id: "role-uuid") {
    id
    name
    users(
      first: 10
      filter: { username: { contains: "alice" }, status: { in: [ACTIVE] } }
      orderBy: [{ field: USERNAME, direction: ASC }]
    ) {
      edges {
        node {
          id
          username
          email
          status
          domainName
        }
      }
      pageInfo {
        hasNextPage
        endCursor
      }
      count
    }
  }
}

Combined query

query {
  role(id: "role-uuid") {
    id
    name
    description
    source
    status
    permissions(first: 5) {
      edges {
        node { id scopeType entityType operation }
      }
      count
    }
    users(first: 5, orderBy: [{ field: CREATED_AT, direction: DESC }]) {
      edges {
        node { id username email }
      }
      count
    }
  }
}

JIRA Issues

  • BA-4785: Add permissions and users fields with pagination to RoleGQL

Related

Part of BA-4775 (RBAC GraphQL Type Enhancement)

Test Plan

  • Quality checks pass (fmt, fix, lint)
  • GraphQL integration tests

🤖 Generated with Claude Code

📚 Documentation preview 📚: https://sorna--9518.org.readthedocs.build/en/9518/

📚 Documentation preview 📚: https://sorna-ko--9518.org.readthedocs.build/ko/9518/

Copilot AI review requested due to automatic review settings February 27, 2026 14:36
@github-actions github-actions Bot added size:M 30~100 LoC comp:manager Related to Manager component labels Feb 27, 2026
@fregataa fregataa marked this pull request as draft February 27, 2026 14:38
@github-actions github-actions Bot added the area:docs Documentations label Feb 27, 2026
Copilot AI reviewed Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a permissions connection field to the RBAC RoleGQL GraphQL type to allow querying permissions associated with a role, including pagination, filtering, and ordering.

Changes:

  • Adds a permissions field resolver to RoleGQL that returns a PermissionConnection.
  • Scopes permission queries to the current role by injecting a role_id filter and merging with user-provided filters.
  • Introduces TYPE_CHECKING imports and strawberry.lazy() annotations to avoid circular imports.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/ai/backend/manager/api/gql/rbac/types/role.py Outdated
Comment thread src/ai/backend/manager/api/gql/rbac/types/role.py
fregataa added a commit that referenced this pull request Feb 27, 2026
@fregataa
chore: add changelog for PR #9518
ba46002
@fregataa fregataa requested a review from Copilot February 27, 2026 16:04
Copilot AI reviewed Feb 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@fregataa fregataa added this to the 26.3 milestone Feb 27, 2026
@fregataa fregataa requested a review from a team February 27, 2026 16:37
@fregataa fregataa marked this pull request as ready for review February 27, 2026 16:37
@fregataa fregataa changed the title feat(BA-4785): add permissions field to RoleGQL with pagination support feat(BA-4785): add connections to RoleGQL with pagination support Feb 27, 2026
jopemachine
jopemachine reviewed Mar 3, 2026
View reviewed changes
Comment thread src/ai/backend/manager/api/gql/rbac/types/role.py Outdated
seedspirit
seedspirit reviewed Mar 3, 2026
View reviewed changes
Comment thread src/ai/backend/manager/api/gql/rbac/types/role.py Outdated
@fregataa fregataa marked this pull request as draft March 5, 2026 03:52
@fregataa fregataa force-pushed the feature/rbac-role-permissions-field branch from fc6926d to 461bfb9 Compare March 5, 2026 09:18
@github-actions github-actions Bot added size:XL 500~ LoC and removed size:M 30~100 LoC labels Mar 5, 2026
@fregataa fregataa changed the base branch from main to feature/BA-4873-refactor-search-users-exists-subquery March 5, 2026 09:19
@fregataa fregataa force-pushed the feature/BA-4873-refactor-search-users-exists-subquery branch 2 times, most recently from d77b290 to c367a10 Compare March 5, 2026 10:03
Base automatically changed from feature/BA-4873-refactor-search-users-exists-subquery to main March 5, 2026 12:44
@fregataa fregataa force-pushed the feature/rbac-role-permissions-field branch from 461bfb9 to b358964 Compare March 5, 2026 13:07
@github-actions github-actions Bot added size:L 100~500 LoC and removed size:XL 500~ LoC labels Mar 5, 2026
@fregataa fregataa requested a review from ironAiken2 March 5, 2026 13:08
@fregataa fregataa marked this pull request as ready for review March 5, 2026 13:23
fregataa added a commit that referenced this pull request Mar 5, 2026
@fregataa @claude
changelog: add news fragment for PR #9518
a9c00cf 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jopemachine
jopemachine reviewed Mar 6, 2026
View reviewed changes
Comment thread src/ai/backend/manager/api/gql/rbac/types/role.py Outdated
jopemachine
jopemachine reviewed Mar 6, 2026
View reviewed changes
Comment thread src/ai/backend/manager/api/gql/rbac/types/role.py Outdated
deleted_at=data.deleted_at,
)

@strawberry.field(description="Permissions associated with this role.") # type: ignore[misc]
Copy link
Copy Markdown
Member

@jopemachine jopemachine Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that "Added in ..." should be included.

fregataa and others added 7 commits March 6, 2026 14:27
@fregataa @claude
feat(BA-4785): add permissions field to RoleGQL with pagination support
9593136 
Add permissions connection field to RoleGQL for querying associated permissions.

## Changes
- Add permissions field to RoleGQL with full Relay pagination support
- Use fetch_permissions fetcher for efficient querying
- Automatically filter permissions by role_id
- Support optional user-provided filters (scope_type, entity_type)
- Add TYPE_CHECKING imports for PermissionConnection, PermissionFilter, PermissionOrderBy

## Implementation Details
- Field returns PermissionConnection with edges and pageInfo
- Uses strawberry.lazy() for cross-entity type references to avoid circular imports
- Merges role_id filter with user-provided filters
- Supports all standard pagination parameters (before, after, first, last, limit, offset)

## JIRA
- BA-4785: Add permissions field with basic resolver to RoleGQL

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@fregataa @lablup-octodog
chore: update api schema dump
a7e4044 
Co-authored-by: octodog <mu001@lablup.com>
@fregataa @claude
feat(BA-4785): add users connection field to RoleGQL with UserV2Conne…
278564a 
…ction

Add RoleGQL.users() field using UserFilterGQL/UserOrderByGQL/UserV2Connection,
following the same pattern as ProjectV2GQL.users(). Includes fetch_role_users
fetcher function that delegates to search_users_by_role action chain.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@fregataa @lablup-octodog
chore: update api schema dump
a59c0bf 
Co-authored-by: octodog <mu001@lablup.com>
@fregataa @claude
changelog: add news fragment for PR #9518
946ea33 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@fregataa @claude
refactor(BA-4785): change RoleGQL.users to return assignment metadata
4a9eeaa 
Change Role.users field from UserV2Connection to RoleAssignmentConnection
to expose assignment metadata (granted_by, granted_at) alongside user data.

- Add username, email, granted_by filters to RoleAssignmentFilter
- Add username, email sort fields to RoleAssignmentOrderBy
- Remove fetch_role_users fetcher (replaced by fetch_role_assignments)
- Update GraphQL schema documentation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@fregataa @claude
fix(BA-4785): improve RoleGQL field definitions
af18d49 
- Change permissions.orderBy from single to list for multiple sort criteria
- Add "Added in 26.3.0." version info to permissions and users fields

Addresses PR review comments.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@fregataa fregataa force-pushed the feature/rbac-role-permissions-field branch from a9c00cf to af18d49 Compare March 6, 2026 05:29
@HyeockJinKim HyeockJinKim merged commit 2340ecf into main Mar 6, 2026
26 checks passed
@HyeockJinKim HyeockJinKim deleted the feature/rbac-role-permissions-field branch March 6, 2026 05:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jopemachine jopemachine jopemachine left review comments

Copilot code review Copilot Copilot left review comments

@HyeockJinKim HyeockJinKim HyeockJinKim approved these changes

@ironAiken2 ironAiken2 Awaiting requested review from ironAiken2

@seedspirit seedspirit Awaiting requested review from seedspirit

Assignees

@fregataa fregataa

Labels

area:docs Documentations comp:manager Related to Manager component size:L 100~500 LoC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@fregataa @jopemachine @HyeockJinKim @seedspirit