Add repository diskPath parameter to GraphQL API

If user has admin porject permissions it will see the disk path

app/graphql/types/repository_type.rb

@@ -19,5 +19,9 @@ module Types
     field :branch_names, [GraphQL::STRING_TYPE], null: true, calls_gitaly: true,
           complexity: 170, description: 'Names of branches available in this repository that match the search pattern.',
           resolver: Resolvers::RepositoryBranchNamesResolver
+    field :disk_path, GraphQL::STRING_TYPE,
+          description: 'Shows a disk path of the repository.',
+          null: true,
+          authorize: :read_storage_disk_path
   end
 end

app/policies/project_policy.rb

@@ -171,6 +171,7 @@ class ProjectPolicy < BasePolicy
   rule { guest | admin }.enable :read_project_for_iids
 
   rule { admin }.enable :update_max_artifacts_size
+  rule { admin }.enable :read_storage_disk_path
   rule { can?(:read_all_resources) }.enable :read_confidential_issues
 
   rule { guest }.enable :guest_access

changelogs/unreleased/29861-hashed-storage-add-disk-path-to-rest-api.yml

+---
+title: Add repository diskPath parameter to GraphQL API
+merge_request: 61725
+author:
+type: added

doc/api/graphql/reference/index.md

@@ -11826,6 +11826,7 @@ Represents the source code attached to a release in a particular format.
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
+| <a id="repositorydiskpath"></a>`diskPath` | [`String`](#string) | Shows a disk path of the repository. |
 | <a id="repositoryempty"></a>`empty` | [`Boolean!`](#boolean) | Indicates repository has no visible content. |
 | <a id="repositoryexists"></a>`exists` | [`Boolean!`](#boolean) | Indicates a corresponding Git repository exists on disk. |
 | <a id="repositoryrootref"></a>`rootRef` | [`String`](#string) | Default branch of the repository. |

spec/graphql/types/repository_type_spec.rb

@@ -16,4 +16,6 @@ RSpec.describe GitlabSchema.types['Repository'] do
   specify { expect(described_class).to have_graphql_field(:blobs) }
 
   specify { expect(described_class).to have_graphql_field(:branch_names, calls_gitaly?: true, complexity: 170) }
+
+  specify { expect(described_class).to have_graphql_field(:disk_path) }
 end

spec/policies/project_policy_spec.rb

@@ -393,6 +393,34 @@ RSpec.describe ProjectPolicy do
     end
   end
 
+  describe 'read_storage_disk_path' do
+    context 'when no user' do
+      let(:current_user) { anonymous }
+
+      it { expect_disallowed(:read_storage_disk_path) }
+    end
+
+    context 'admin' do
+      let(:current_user) { admin }
+
+      context 'when admin mode is enabled', :enable_admin_mode do
+        it { expect_allowed(:read_storage_disk_path) }
+      end
+
+      context 'when admin mode is disabled' do
+        it { expect_disallowed(:read_storage_disk_path) }
+      end
+    end
+
+    %w(guest reporter developer maintainer owner).each do |role|
+      context role do
+        let(:current_user) { send(role) }
+
+        it { expect_disallowed(:read_storage_disk_path) }
+      end
+    end
+  end
+
   context 'alert bot' do
     let(:current_user) { User.alert_bot }
 

spec/requests/api/graphql/project/repository_spec.rb

@@ -36,6 +36,30 @@ RSpec.describe 'getting a repository in a project' do
     end
   end
 
+  context 'as a non-admin' do
+    let(:current_user) { create(:user) }
+
+    before do
+      project.add_role(current_user, :developer)
+    end
+
+    it 'does not return diskPath' do
+      post_graphql(query, current_user: current_user)
+
+      expect(graphql_data['project']['repository']).not_to be_nil
+      expect(graphql_data['project']['repository']['diskPath']).to be_nil
+    end
+  end
+
+  context 'as an admin' do
+    it 'returns diskPath' do
+      post_graphql(query, current_user: create(:admin))
+
+      expect(graphql_data['project']['repository']).not_to be_nil
+      expect(graphql_data['project']['repository']['diskPath']).to eq project.disk_path
+    end
+  end
+
   context 'when the repository is only accessible to members' do
     let(:project) do
       create(:project, :public, :repository, repository_access_level: ProjectFeature::PRIVATE)