chore(FR-2828): adopt new filter input types for RBAC permission/entity queries#7276
Merged
graphite-app[bot] merged 1 commit intoMay 7, 2026
Conversation
Contributor
Author
How to use the Graphite Merge QueueAdd either label to this PR to merge it via the merge queue:
You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has required the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. This stack of pull requests is managed by Graphite. Learn more about stacking. |
Contributor
Coverage Report for react-coverage (./react)
File Coverage
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the RBAC-related GraphQL filters in the WebUI to match newly introduced “filter input” types in the schema (e.g., RBACElementTypeFilter, OperationTypeFilter, UUIDFilter), replacing previous scalar enum/UUID filter usage.
Changes:
- Migrated RBAC permission/entity filters from scalar values to
{ equals: ... }style operator objects in Relay queries/refetches. - Updated
BAIGraphQLPropertyFilterconfigurations by removingvalueMode: 'scalar'so enum filters emit operator objects compatible with the new schema inputs. - Extended/adjusted GraphQL schema inputs for RBAC filtering (entity/permission/nested permission).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| react/src/hooks/useCurrentUserProjectRoles.ts | Updates myRoles permission filter to use entityType: { equals: ... }. |
| react/src/components/RoleScopeTab.tsx | Removes scalar filter emission for enum filter to align with EntityFilter.entityType now being a filter input. |
| react/src/components/RolePermissionTab.tsx | Updates roleId filter to UUIDFilter shape and removes scalar enum filter emission for scope/entity types. |
| react/src/components/RoleDetailDrawer.tsx | Updates initial permissionFilter.roleId to UUIDFilter shape. |
| data/schema.graphql | Changes RBAC filter fields from scalars to filter-input types and adds new enum filter input definitions. |
Merge activity
|
…ty queries (#7276) Resolves #7275(FR-2828) ## Summary The backend wrapped scalar fields on RBAC filter input types into operator objects: - `PermissionFilter.roleId`: `UUID` → `UUIDFilter` - `PermissionFilter.scopeType` / `entityType`: `RBACElementType` → `RBACElementTypeFilter` - `PermissionFilter.scopeId`: new `StringFilter` field - `PermissionNestedFilter.scopeId`: `String` → `StringFilter` - `PermissionNestedFilter.scopeType` / `entityType`: `RBACElementType` → `RBACElementTypeFilter` - `PermissionNestedFilter.operation`: `OperationType` → `OperationTypeFilter` - `EntityFilter.entityType`: `RBACElementType` → `RBACElementTypeFilter` This PR updates the frontend call sites to emit the new wrapped shape so existing queries no longer fail with `GRAPHQL_VALIDATION_FAILED`. ## Changes - `RoleDetailDrawer`: `permissionFilter.roleId` now `{ equals: localRoleId }`. - `RolePermissionTab`: `roleId` now `{ equals: roleId }`; dropped `valueMode: 'scalar'` on the `scopeType` / `entityType` `BAIGraphQLPropertyFilter` properties so the default operator mode emits `{ equals: VALUE }`, matching `RBACElementTypeFilter`. - `RoleScopeTab`: dropped `valueMode: 'scalar'` on the `entityType` filter property for the same reason. - `useCurrentUserProjectRoles`: nested `entityType` under `{ equals: PROJECT_ADMIN_PAGE }` in the `myRoles` permission filter. - `data/schema.graphql`: pulled the new filter input types (`UUIDFilter`-style wrappers, `OperationTypeFilter`, `RBACElementTypeFilter`, `StringFilter` on permission/entity filters). ## Verification `bash scripts/verify.sh`: - Relay: PASS - Lint: PASS - Format: PASS - TypeScript: only pre-existing failures (`packages/backend.ai-client/src/client.ts`, `DeleteForeverVFolderModalV2.tsx`, `VFolderDeployModal.tsx`) remain — no new errors introduced by this change. ## Test plan - [ ] Open Role detail drawer for any role: scope / permission / assignment tabs load without `GRAPHQL_VALIDATION_FAILED`. - [ ] In RolePermissionTab, apply scopeType / entityType filters and confirm rows are correctly filtered. - [ ] In RoleScopeTab, apply scopeType filter and confirm rows are correctly filtered. - [ ] Log in as a project admin (non-superadmin) and confirm `useCurrentUserProjectRoles` resolves project admin scopes (admin-only menus appear).
graphite-app
Bot
force-pushed
the
05-07-chore_fr-2828_adopt_new_filter_input_types_for_rbac_permission_entity_queries
branch
from
5459292 to
731574c
Compare
graphite-app
Bot
deleted the
05-07-chore_fr-2828_adopt_new_filter_input_types_for_rbac_permission_entity_queries
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #7275(FR-2828)
Summary
The backend wrapped scalar fields on RBAC filter input types into operator objects:
PermissionFilter.roleId:UUID→UUIDFilterPermissionFilter.scopeType/entityType:RBACElementType→RBACElementTypeFilterPermissionFilter.scopeId: newStringFilterfieldPermissionNestedFilter.scopeId:String→StringFilterPermissionNestedFilter.scopeType/entityType:RBACElementType→RBACElementTypeFilterPermissionNestedFilter.operation:OperationType→OperationTypeFilterEntityFilter.entityType:RBACElementType→RBACElementTypeFilterThis PR updates the frontend call sites to emit the new wrapped shape so existing queries no longer fail with
GRAPHQL_VALIDATION_FAILED.Changes
RoleDetailDrawer:permissionFilter.roleIdnow{ equals: localRoleId }.RolePermissionTab:roleIdnow{ equals: roleId }; droppedvalueMode: 'scalar'on thescopeType/entityTypeBAIGraphQLPropertyFilterproperties so the default operator mode emits{ equals: VALUE }, matchingRBACElementTypeFilter.RoleScopeTab: droppedvalueMode: 'scalar'on theentityTypefilter property for the same reason.useCurrentUserProjectRoles: nestedentityTypeunder{ equals: PROJECT_ADMIN_PAGE }in themyRolespermission filter.data/schema.graphql: pulled the new filter input types (UUIDFilter-style wrappers,OperationTypeFilter,RBACElementTypeFilter,StringFilteron permission/entity filters).Verification
bash scripts/verify.sh:packages/backend.ai-client/src/client.ts,DeleteForeverVFolderModalV2.tsx,VFolderDeployModal.tsx) remain — no new errors introduced by this change.Test plan
GRAPHQL_VALIDATION_FAILED.useCurrentUserProjectRolesresolves project admin scopes (admin-only menus appear).