Add latest changes from gitlab-org/gitlab@master

.gitlab/ci/test-on-omnibus-nightly/main.gitlab-ci.yml

@@ -62,6 +62,7 @@ integration-elasticsearch-compatibility-version-7:
   variables:
     ELASTIC_VERSION: "7.17.0"
     QA_SCENARIO: "Test::Integration::Elasticsearch"
+    ELASTIC_URL: "http://elastic68:9200"
 
 integration-elasticsearch-compatibility-version-8:
   extends:
@@ -70,6 +71,7 @@ integration-elasticsearch-compatibility-version-8:
   variables:
     ELASTIC_VERSION: "8.11.4"
     QA_SCENARIO: "Test::Integration::Elasticsearch"
+    ELASTIC_URL: "http://elastic68:9200"
 
 # ------------------------------------------
 # Opensearch compatibility jobs
@@ -80,6 +82,7 @@ integration-opensearch-compatibility-version-1:
   variables:
     OPENSEARCH_VERSION: "1.3.3"
     QA_SCENARIO: "Test::Integration::Opensearch"
+    ELASTIC_URL: "http://elastic68:9200"
 
 integration-opensearch-compatibility-version-2:
   extends:
@@ -87,6 +90,7 @@ integration-opensearch-compatibility-version-2:
   variables:
     OPENSEARCH_VERSION: "2.0.1"
     QA_SCENARIO: "Test::Integration::Opensearch"
+    ELASTIC_URL: "http://elastic68:9200"
 
 # ------------------------------------------
 # Relative url

.rubocop_todo/lint/unused_method_argument.yml

@@ -246,7 +246,6 @@ Lint/UnusedMethodArgument:
     - 'ee/lib/elastic/latest/repository_instance_proxy.rb'
     - 'ee/lib/elastic/latest/snippet_class_proxy.rb'
     - 'ee/lib/elastic/latest/snippet_instance_proxy.rb'
-    - 'ee/lib/elastic/latest/user_instance_proxy.rb'
     - 'ee/lib/gitlab/audit/events/preloader.rb'
     - 'ee/lib/gitlab/elastic/elasticsearch_enabled_cache.rb'
     - 'ee/lib/gitlab/elastic/snippet_search_results.rb'

app/assets/javascripts/ci/pipeline_details/graph/components/stage_column_component.vue

@@ -129,7 +129,7 @@ export default {
       return this.highlightedJobs.length > 1 && !this.highlightedJobs.includes(jobName);
     },
     isParallel(group) {
-      return group.size > 1 && group.jobs.length > 1;
+      return group.jobs[0].name !== group.name;
     },
     singleJobExists(group) {
       const firstJobDefined = Boolean(group.jobs?.[0]);
@@ -207,8 +207,16 @@ export default {
         @mouseenter="$emit('jobHover', group.name)"
         @mouseleave="$emit('jobHover', '')"
       >
+        <div v-if="isParallel(group)" :class="{ 'gl-opacity-3': isFadedOut(group.name) }">
+          <job-group-dropdown
+            :group="group"
+            :stage-name="showStageName ? group.stageName : ''"
+            :pipeline-id="pipelineId"
+            :css-class-job-name="$options.jobClasses"
+          />
+        </div>
         <job-item
-          v-if="singleJobExists(group)"
+          v-else-if="singleJobExists(group)"
           :job="group.jobs[0]"
           :job-hovered="jobHovered"
           :skip-retry-modal="skipRetryModal"
@@ -221,14 +229,6 @@ export default {
           @pipelineActionRequestComplete="$emit('refreshPipelineGraph')"
           @setSkipRetryModal="$emit('setSkipRetryModal')"
         />
-        <div v-else-if="isParallel(group)" :class="{ 'gl-opacity-3': isFadedOut(group.name) }">
-          <job-group-dropdown
-            :group="group"
-            :stage-name="showStageName ? group.stageName : ''"
-            :pipeline-id="pipelineId"
-            :css-class-job-name="$options.jobClasses"
-          />
-        </div>
       </div>
     </template>
   </root-graph-layout>

app/assets/javascripts/ci/pipeline_details/utils/index.js

@@ -46,11 +46,9 @@ export const createNodeDict = (nodes, { needsKey = NEEDS_PROPERTY } = {}) => {
       needs: node.jobs.map((job) => job[needsKey] || []).flat(),
     };
 
-    if (node.size > 1) {
-      node.jobs.forEach((job) => {
-        acc[job.name] = newNode;
-      });
-    }
+    node.jobs.forEach((job) => {
+      acc[job.name] = newNode;
+    });
 
     acc[node.name] = newNode;
     return acc;

app/assets/javascripts/work_items/components/create_work_item_modal.vue

@@ -188,7 +188,7 @@ export default {
     /*
      End of the methods for the confirmation modal when enabled
     */
-    handleCreated(workItem) {
+    handleCreated({ workItem }) {
       this.$toast.show(this.workItemCreatedText, {
         autoHideDelay: 10000,
         action: {

app/assets/javascripts/work_items/components/work_item_links/work_item_children_wrapper.vue

@@ -391,6 +391,7 @@ export default {
                     __typename: 'WorkItemWidgetHierarchy',
                     type: 'HIERARCHY',
                     hasChildren: false,
+                    hasParent: true,
                     depthLimitReachedByType: [],
                     rolledUpCountsByType: [],
                     parent: { id: toParentId },
@@ -410,6 +411,7 @@ export default {
                     __typename: 'WorkItemWidgetHierarchy',
                     type: 'HIERARCHY',
                     hasChildren: true,
+                    hasParent: true,
                     depthLimitReachedByType: [],
                     rolledUpCountsByType: [],
                     parent: null,

app/assets/javascripts/work_items/components/work_item_links/work_item_tree.vue

@@ -290,11 +290,9 @@ export default {
       return this.displayableChildrenCount === 0;
     },
     showClosedItemsButton() {
-      return (
-        !this.showClosed &&
-        !this.hasNextPage &&
-        this.children?.length > this.displayableChildrenCount
-      );
+      if (this.hasNextPage) return false;
+
+      return !this.showClosed && this.children?.length > this.displayableChildrenCount;
     },
     closedChildrenCount() {
       return Math.max(0, this.children.length - this.displayableChildrenCount);

app/assets/javascripts/work_items/graphql/work_item_hierarchy.fragment.graphql

@@ -24,6 +24,7 @@ fragment WorkItemHierarchy on WorkItem {
     ... on WorkItemWidgetHierarchy {
       type
       hasChildren
+      hasParent
       depthLimitReachedByType {
         workItemType {
           id

app/controllers/groups_controller.rb

@@ -62,7 +62,7 @@ class GroupsController < Groups::ApplicationController
 
   feature_category :groups_and_projects, [
     :index, :new, :create, :show, :edit, :update,
-    :destroy, :details, :transfer, :activity, :projects
+    :destroy, :details, :transfer, :activity
   ]
   feature_category :team_planning, [:issues, :issues_calendar, :preview_markdown]
   feature_category :code_review_workflow, [:merge_requests, :unfoldered_environment_names]
@@ -73,7 +73,7 @@ class GroupsController < Groups::ApplicationController
 
   urgency :low, [:issues, :issues_calendar, :preview_markdown]
   # TODO: Set #show to higher urgency after resolving https://gitlab.com/gitlab-org/gitlab/-/issues/334795
-  urgency :low, [:merge_requests, :show, :create, :new, :update, :projects, :destroy, :edit, :activity]
+  urgency :low, [:merge_requests, :show, :create, :new, :update, :destroy, :edit, :activity]
 
   def index
     redirect_to(current_user ? dashboard_groups_path : explore_groups_path)

app/helpers/admin/user_actions_helper.rb

@@ -81,3 +81,5 @@ module Admin
     end
   end
 end
+
+::Admin::UserActionsHelper.prepend_mod

app/validators/json_schemas/member_role_permissions.json

@@ -73,6 +73,9 @@
     "read_admin_subscription": {
       "type": "boolean"
     },
+    "read_admin_users": {
+      "type": "boolean"
+    },
     "read_code": {
       "type": "boolean"
     },

app/views/admin/users/_access.html.haml

@@ -5,7 +5,7 @@
         = s_('AdminUsers|Access')
 
   .form-group.gl-form-group{ role: 'group' }
-    = f.label :projects_limit, class: 'gl-block col-form-label'
+    = f.label :projects_limit, s_('AdminUsers|Projects limit'), class: 'gl-block col-form-label'
     = f.number_field :projects_limit, min: 0, max: Gitlab::Database::MAX_INT_VALUE, class: 'form-control gl-form-input gl-form-input-sm'
 
   .form-group.gl-form-group{ role: 'group' }

app/views/admin/users/_head.html.haml

@@ -16,30 +16,33 @@
       = render Pajamas::BadgeComponent.new(s_('AdminUsers|Deactivated'), variant: :neutral)
     - if @user.access_locked?
       = render Pajamas::BadgeComponent.new(s_('AdminUsers|Locked'), variant: :warning)
-    = render_if_exists 'admin/users/auditor_user_badge'
-    = render_if_exists 'admin/users/gma_user_badge'
+    - if can?(current_user, :admin_all_resources)
+      = render_if_exists 'admin/users/auditor_user_badge'
+      = render_if_exists 'admin/users/gma_user_badge'
 
-  .gl-my-3.gl-flex.gl-flex-wrap.-gl-my-2.-gl-mx-2
-    - if @user != current_user
-      - if impersonation_enabled?
-        .gl-p-2
-          %span.btn-group{ class: !@can_impersonate ? 'has-tooltip' : nil, title: @impersonation_error_text }
-            = render Pajamas::ButtonComponent.new(disabled: !@can_impersonate, method: :post, href: impersonate_admin_user_path(@user), button_options: { data: { testid: 'impersonate-user-link' } }) do
-              = _('Impersonate')
-      - if can_force_email_confirmation?(@user)
-        .gl-p-2
-          = render Pajamas::ButtonComponent.new(variant: :default, button_options: { class: 'js-confirm-modal-button', data: confirm_user_data(@user) }) do
-            = _('Confirm user')
-    .gl-p-2
-      = render Pajamas::ButtonComponent.new(variant: :confirm, href: new_admin_user_identity_path(@user)) do
-        = _('New identity')
-    .gl-p-2
-      #js-admin-user-actions{ data: admin_user_actions_data_attributes(@user) }
+  - if can?(current_user, :admin_all_resources)
+    .gl-my-3.gl-flex.gl-flex-wrap.-gl-my-2.-gl-mx-2
+      - if @user != current_user
+        - if impersonation_enabled?
+          .gl-p-2
+            %span.btn-group{ class: !@can_impersonate ? 'has-tooltip' : nil, title: @impersonation_error_text }
+              = render Pajamas::ButtonComponent.new(disabled: !@can_impersonate, method: :post, href: impersonate_admin_user_path(@user), button_options: { data: { testid: 'impersonate-user-link' } }) do
+                = _('Impersonate')
+        - if can_force_email_confirmation?(@user)
+          .gl-p-2
+            = render Pajamas::ButtonComponent.new(variant: :default, button_options: { class: 'js-confirm-modal-button', data: confirm_user_data(@user) }) do
+              = _('Confirm user')
+      .gl-p-2
+        = render Pajamas::ButtonComponent.new(variant: :confirm, href: new_admin_user_identity_path(@user)) do
+          = _('New identity')
+      .gl-p-2
+        #js-admin-user-actions{ data: admin_user_actions_data_attributes(@user) }
 = gl_tabs_nav do
   = gl_tab_link_to _("Account"), admin_user_path(@user)
-  = gl_tab_link_to _("Groups and projects"), projects_admin_user_path(@user)
-  = gl_tab_link_to _("SSH keys"), keys_admin_user_path(@user)
-  = gl_tab_link_to _("Identities"), admin_user_identities_path(@user)
-  - if impersonation_tokens_enabled?
-    = gl_tab_link_to _("Impersonation Tokens"), admin_user_impersonation_tokens_path(@user), data: { testid: 'impersonation-tokens-tab' }
+  - if can?(current_user, :admin_all_resources)
+    = gl_tab_link_to _("Groups and projects"), projects_admin_user_path(@user)
+    = gl_tab_link_to _("SSH keys"), keys_admin_user_path(@user)
+    = gl_tab_link_to _("Identities"), admin_user_identities_path(@user)
+    - if impersonation_tokens_enabled?
+      = gl_tab_link_to _("Impersonation Tokens"), admin_user_impersonation_tokens_path(@user), data: { testid: 'impersonation-tokens-tab' }
 .gl-mb-3

app/views/admin/users/_tabs.html.haml

@@ -3,5 +3,6 @@
 
 = gl_tabs_nav({ class: 'gl-grow gl-border-0', data: { testid: 'admin-users-tabs' } }) do
   = gl_tab_link_to s_('AdminUsers|Users'), admin_users_path
-  = render_if_exists 'admin/users/role_promotion_requests_tab'
-  = gl_tab_link_to s_('AdminUsers|Cohorts'), admin_cohorts_path
+  - if can?(current_user, :admin_all_resources)
+    = render_if_exists 'admin/users/role_promotion_requests_tab'
+    = gl_tab_link_to s_('AdminUsers|Cohorts'), admin_cohorts_path

app/views/admin/users/index.html.haml

@@ -2,10 +2,11 @@
 
 = render ::Layouts::PageHeadingComponent.new(_('Users'), options: { data: { event_tracking_load: 'true', event_tracking: 'view_admin_users_pageload' } }) do |c|
   - c.with_actions do
-    = render_if_exists 'admin/users/admin_email_users'
-    = render_if_exists 'admin/users/admin_export_user_permissions'
-    = render Pajamas::ButtonComponent.new(variant: :confirm, href: new_admin_user_path) do
-      = s_('AdminUsers|New user')
+    - if can?(current_user, :admin_all_resources)
+      = render_if_exists 'admin/users/admin_email_users'
+      = render_if_exists 'admin/users/admin_export_user_permissions'
+      = render Pajamas::ButtonComponent.new(variant: :confirm, href: new_admin_user_path) do
+        = s_('AdminUsers|New user')
 
 = render 'tabs'
 

app/views/admin/users/show.html.haml

@@ -58,7 +58,8 @@
               %span.gl-text-subtle= _('Secondary email:')
               .gl-col-span-2
                 %strong= render partial: 'shared/email_with_badge', locals: { email: email.email, verified: email.confirmed? }
-                = link_button_to nil, remove_email_admin_user_path(@user, email), data: { confirm: _("Are you sure you want to remove %{email}?") % { email: email.email }, 'confirm-btn-variant': 'danger' }, method: :delete, class: 'gl-float-right has-tooltip', title: _('Remove secondary email'), id: "remove_email_#{email.id}", category: :tertiary, size: :small, icon: 'remove'
+                - if can?(current_user, :admin_all_resources)
+                  = link_button_to nil, remove_email_admin_user_path(@user, email), data: { confirm: _("Are you sure you want to remove %{email}?") % { email: email.email }, 'confirm-btn-variant': 'danger' }, method: :delete, class: 'gl-float-right has-tooltip', title: _('Remove secondary email'), id: "remove_email_#{email.id}", category: :tertiary, size: :small, icon: 'remove'
           %li{ class: list_item_classes }
             %span.gl-text-subtle ID:
             .gl-col-span-2

config/gitlab_loose_foreign_keys.yml

@@ -621,6 +621,14 @@ vulnerabilities:
   - table: projects
     column: project_id
     on_delete: async_delete
+vulnerability_archived_records:
+  - table: projects
+    column: project_id
+    on_delete: async_delete
+vulnerability_archives:
+  - table: projects
+    column: project_id
+    on_delete: async_delete
 vulnerability_export_parts:
   - table: organizations
     column: organization_id

config/routes/group.rb

@@ -13,7 +13,7 @@ constraints(::Constraints::GroupUrlConstrainer.new) do
       get :issues, as: :issues_group_calendar, action: :issues_calendar, constraints: ->(req) { req.format == :ics } # rubocop:disable Cop/PutGroupRoutesUnderScope
       get :issues, as: :issues_group # rubocop:disable Cop/PutGroupRoutesUnderScope
       get :merge_requests, as: :merge_requests_group # rubocop:disable Cop/PutGroupRoutesUnderScope
-      get :projects, as: :projects_group # rubocop:disable Cop/PutGroupRoutesUnderScope
+      get :projects, as: :projects_group, to: redirect('%{id}') # rubocop:disable Cop/PutGroupRoutesUnderScope
       get :details, as: :details_group # rubocop:disable Cop/PutGroupRoutesUnderScope
       get :activity, as: :activity_group # rubocop:disable Cop/PutGroupRoutesUnderScope
       put :transfer, as: :transfer_group # rubocop:disable Cop/PutGroupRoutesUnderScope

db/docs/vulnerability_archived_records.yml

@@ -0,0 +1,12 @@
+---
+table_name: vulnerability_archived_records
+classes:
+- Vulnerabilities::ArchivedRecord
+feature_categories:
+- vulnerability_management
+description: Stores the data of archived vulnerability records.
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179569
+milestone: '17.9'
+gitlab_schema: gitlab_sec
+sharding_key:
+  project_id: projects

db/docs/vulnerability_archives.yml

@@ -0,0 +1,12 @@
+---
+table_name: vulnerability_archives
+classes:
+- Vulnerabilities::Archive
+feature_categories:
+- vulnerability_management
+description: Stores the archive information of vulnerabilities for projects.
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/179569
+milestone: '17.9'
+gitlab_schema: gitlab_sec
+sharding_key:
+  project_id: projects

db/migrate/20250129102358_create_vulnerability_archives.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class CreateVulnerabilityArchives < Gitlab::Database::Migration[2.2]
+  milestone '17.9'
+
+  def change
+    create_table :vulnerability_archives do |t| # rubocop:disable Migration/EnsureFactoryForTable -- false positive
+      t.timestamps_with_timezone null: false
+
+      t.bigint :project_id, null: false
+      t.integer :archived_records_count, null: false, default: 0
+      t.date :date, null: false
+
+      t.index %i[project_id date], unique: true
+
+      t.check_constraint 'archived_records_count >= 0'
+    end
+  end
+end

db/migrate/20250129125636_create_vulnerability_archived_records.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class CreateVulnerabilityArchivedRecords < Gitlab::Database::Migration[2.2]
+  milestone '17.9'
+
+  VULNERABILITY_ID_INDEX_NAME = 'index_vulnerability_archived_records_on_vulnerability_id'
+
+  def change
+    create_table :vulnerability_archived_records do |t| # rubocop:disable Migration/EnsureFactoryForTable -- false positive
+      t.timestamps_with_timezone null: false
+
+      t.bigint :project_id, null: false, index: true
+      t.references :archive, null: false, foreign_key: { on_delete: :cascade, to_table: 'vulnerability_archives' }
+      t.bigint :vulnerability_identifier, null: false, index: { name: VULNERABILITY_ID_INDEX_NAME, unique: true }
+      t.jsonb :data, null: false, default: {}
+    end
+  end
+end

db/schema_migrations/20250129102358

@@ -0,0 +1 @@
+0d64f398983dbf2880ff98f041a9020d962cfcc3abe4da3f6d0757840e055d84

db/schema_migrations/20250129125636

@@ -0,0 +1 @@
+1a9d3a2837c0d01ac81f675287ce578814bb5072008721e3a290b3b913d7374a

db/structure.sql

@@ -22604,6 +22604,44 @@ CREATE SEQUENCE vulnerabilities_id_seq
 
 ALTER SEQUENCE vulnerabilities_id_seq OWNED BY vulnerabilities.id;
 
+CREATE TABLE vulnerability_archived_records (
+    id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    project_id bigint NOT NULL,
+    archive_id bigint NOT NULL,
+    vulnerability_identifier bigint NOT NULL,
+    data jsonb DEFAULT '{}'::jsonb NOT NULL
+);
+
+CREATE SEQUENCE vulnerability_archived_records_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE vulnerability_archived_records_id_seq OWNED BY vulnerability_archived_records.id;
+
+CREATE TABLE vulnerability_archives (
+    id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    project_id bigint NOT NULL,
+    archived_records_count integer DEFAULT 0 NOT NULL,
+    date date NOT NULL,
+    CONSTRAINT chk_rails_6b9e2d707f CHECK ((archived_records_count >= 0))
+);
+
+CREATE SEQUENCE vulnerability_archives_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE vulnerability_archives_id_seq OWNED BY vulnerability_archives.id;
+
 CREATE TABLE vulnerability_export_parts (
     id bigint NOT NULL,
     vulnerability_export_id bigint NOT NULL,
@@ -25577,6 +25615,10 @@ ALTER TABLE ONLY vs_code_settings ALTER COLUMN id SET DEFAULT nextval('vs_code_s
 
 ALTER TABLE ONLY vulnerabilities ALTER COLUMN id SET DEFAULT nextval('vulnerabilities_id_seq'::regclass);
 
+ALTER TABLE ONLY vulnerability_archived_records ALTER COLUMN id SET DEFAULT nextval('vulnerability_archived_records_id_seq'::regclass);
+
+ALTER TABLE ONLY vulnerability_archives ALTER COLUMN id SET DEFAULT nextval('vulnerability_archives_id_seq'::regclass);
+
 ALTER TABLE ONLY vulnerability_export_parts ALTER COLUMN id SET DEFAULT nextval('vulnerability_export_parts_id_seq'::regclass);
 
 ALTER TABLE ONLY vulnerability_exports ALTER COLUMN id SET DEFAULT nextval('vulnerability_exports_id_seq'::regclass);
@@ -28582,6 +28624,12 @@ ALTER TABLE ONLY vs_code_settings
 ALTER TABLE ONLY vulnerabilities
     ADD CONSTRAINT vulnerabilities_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY vulnerability_archived_records
+    ADD CONSTRAINT vulnerability_archived_records_pkey PRIMARY KEY (id);
+
+ALTER TABLE ONLY vulnerability_archives
+    ADD CONSTRAINT vulnerability_archives_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY vulnerability_export_parts
     ADD CONSTRAINT vulnerability_export_parts_pkey PRIMARY KEY (id);
 
@@ -34739,6 +34787,14 @@ CREATE INDEX index_vulnerabilities_project_id_and_id_on_default_branch ON vulner
 
 CREATE INDEX index_vulnerabilities_project_id_state_severity_default_branch ON vulnerabilities USING btree (project_id, state, severity, present_on_default_branch);
 
+CREATE INDEX index_vulnerability_archived_records_on_archive_id ON vulnerability_archived_records USING btree (archive_id);
+
+CREATE INDEX index_vulnerability_archived_records_on_project_id ON vulnerability_archived_records USING btree (project_id);
+
+CREATE UNIQUE INDEX index_vulnerability_archived_records_on_vulnerability_id ON vulnerability_archived_records USING btree (vulnerability_identifier);
+
+CREATE UNIQUE INDEX index_vulnerability_archives_on_project_id_and_date ON vulnerability_archives USING btree (project_id, date);
+
 CREATE INDEX index_vulnerability_export_parts_on_organization_id ON vulnerability_export_parts USING btree (organization_id);
 
 CREATE INDEX index_vulnerability_export_parts_on_vulnerability_export_id ON vulnerability_export_parts USING btree (vulnerability_export_id);
@@ -40414,6 +40470,9 @@ ALTER TABLE ONLY incident_management_oncall_participants
 ALTER TABLE ONLY work_item_parent_links
     ADD CONSTRAINT fk_rails_601d5bec3a FOREIGN KEY (work_item_id) REFERENCES issues(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY vulnerability_archived_records
+    ADD CONSTRAINT fk_rails_601e008d4b FOREIGN KEY (archive_id) REFERENCES vulnerability_archives(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY system_access_microsoft_graph_access_tokens
     ADD CONSTRAINT fk_rails_604908851f FOREIGN KEY (system_access_microsoft_application_id) REFERENCES system_access_microsoft_applications(id) ON DELETE CASCADE;
 

doc/api/graphql/reference/_index.md

@@ -41199,6 +41199,7 @@ Member role admin permission.
 | <a id="memberroleadminpermissionread_admin_dashboard"></a>`READ_ADMIN_DASHBOARD` | Read-only access to admin dashboard. |
 | <a id="memberroleadminpermissionread_admin_monitoring"></a>`READ_ADMIN_MONITORING` | Allows read access to system monitoring including system info, background migrations, health checks, audit logs, and gitaly in the Admin Area. |
 | <a id="memberroleadminpermissionread_admin_subscription"></a>`READ_ADMIN_SUBSCRIPTION` | Read subscription details in the Admin area. |
+| <a id="memberroleadminpermissionread_admin_users"></a>`READ_ADMIN_USERS` | Allows read access to the user list and user details in the Admin area. |
 
 ### `MemberRolePermission`
 
@@ -41229,6 +41230,7 @@ Member role permission.
 | <a id="memberrolepermissionread_admin_dashboard"></a>`READ_ADMIN_DASHBOARD` | Read-only access to admin dashboard. |
 | <a id="memberrolepermissionread_admin_monitoring"></a>`READ_ADMIN_MONITORING` | Allows read access to system monitoring including system info, background migrations, health checks, audit logs, and gitaly in the Admin Area. |
 | <a id="memberrolepermissionread_admin_subscription"></a>`READ_ADMIN_SUBSCRIPTION` | Read subscription details in the Admin area. |
+| <a id="memberrolepermissionread_admin_users"></a>`READ_ADMIN_USERS` | Allows read access to the user list and user details in the Admin area. |
 | <a id="memberrolepermissionread_code"></a>`READ_CODE` | Allows read-only access to the source code in the user interface. Does not allow users to edit or download repository archives, clone or pull repositories, view source code in an IDE, or view merge requests for private projects. You can download individual files because read-only access inherently grants the ability to make a local copy of the file. |
 | <a id="memberrolepermissionread_compliance_dashboard"></a>`READ_COMPLIANCE_DASHBOARD` | Read compliance capabilities including adherence, violations, and frameworks for groups and projects. |
 | <a id="memberrolepermissionread_crm_contact"></a>`READ_CRM_CONTACT` | Read CRM contact. |