infrahub-server 1.4.0b1__py3-none-any.whl → 1.4.1__py3-none-any.whl

infrahub/core/query/node.py

@@ -161,7 +161,22 @@ class NodeCreateAllQuery(NodeQuery):
         relationships: list[RelationshipCreateData] = []
         for rel_name in self.node._relationships:
             rel_manager: RelationshipManager = getattr(self.node, rel_name)
+            if rel_manager.schema.cardinality == "many":
+                # Fetch all relationship peers through a single database call for performances.
+                peers = await rel_manager.get_peers(db=db, branch_agnostic=self.branch_agnostic)
+
             for rel in rel_manager._relationships:
+                if rel_manager.schema.cardinality == "many":
+                    try:
+                        rel.set_peer(value=peers[rel.get_peer_id()])
+                    except KeyError:
+                        pass
+                    except ValueError:
+                        # Relationship has not been initialized yet, it means the peer does not exist in db yet
+                        # typically because it will be allocated from a ressource pool. In that case, the peer
+                        # will be fetched using `rel.resolve` later.
+                        pass
+
                 rel_create_data = await rel.get_create_data(db=db, at=at)
                 if rel_create_data.peer_branch_level > deepest_branch_level or (
                     deepest_branch_name == GLOBAL_BRANCH_NAME and rel_create_data.peer_branch == registry.default_branch

infrahub/core/relationship/model.py

@@ -166,11 +166,11 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
             return registry.get_global_branch()
         return self.branch
 
-    async def _process_data(self, data: dict | RelationshipPeerData | str) -> None:
+    def _process_data(self, data: dict | RelationshipPeerData | str) -> None:
         self.data = data
 
         if isinstance(data, RelationshipPeerData):
-            await self.set_peer(value=str(data.peer_id))
+            self.set_peer(value=str(data.peer_id))
 
             if not self.id and data.rel_node_id:
                 self.id = data.rel_node_id
@@ -187,7 +187,7 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
         elif isinstance(data, dict):
             for key, value in data.items():
                 if key in ["peer", "id"]:
-                    await self.set_peer(value=data.get(key, None))
+                    self.set_peer(value=data.get(key, None))
                 elif key == "hfid" and self.peer_id is None:
                     self.peer_hfid = value
                 elif key.startswith(PREFIX_PROPERTY) and key.replace(PREFIX_PROPERTY, "") in self._flag_properties:
@@ -198,7 +198,7 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
                     self.from_pool = value
 
         else:
-            await self.set_peer(value=data)
+            self.set_peer(value=data)
 
     async def new(
         self,
@@ -206,11 +206,11 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
         data: dict | RelationshipPeerData | Any = None,
         **kwargs: Any,  # noqa: ARG002
     ) -> Relationship:
-        await self._process_data(data=data)
+        self._process_data(data=data)
 
         return self
 
-    async def load(
+    def load(
         self,
         db: InfrahubDatabase,  # noqa: ARG002
         id: UUID | None = None,
@@ -223,7 +223,7 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
         self.id = id or self.id
         self.db_id = db_id or self.db_id
 
-        await self._process_data(data=data)
+        self._process_data(data=data)
 
         if updated_at and hash(self) != hash_before:
             self.updated_at = Timestamp(updated_at)
@@ -252,7 +252,7 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
         self._node_id = self._node.id
         return node
 
-    async def set_peer(self, value: str | Node) -> None:
+    def set_peer(self, value: str | Node) -> None:
         if isinstance(value, str):
             self.peer_id = value
         else:
@@ -433,7 +433,7 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
                 db=db, id=self.peer_id, branch=self.branch, kind=self.schema.peer, fields={"display_label": None}
             )
             if peer:
-                await self.set_peer(value=peer)
+                self.set_peer(value=peer)
 
         if not self.peer_id and self.peer_hfid:
             peer_schema = db.schema.get(name=self.schema.peer, branch=self.branch)
@@ -450,7 +450,7 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
                 fields={"display_label": None},
                 raise_on_error=True,
             )
-            await self.set_peer(value=peer)
+            self.set_peer(value=peer)
 
         if not self.peer_id and self.from_pool and "id" in self.from_pool:
             pool_id = str(self.from_pool.get("id"))
@@ -473,7 +473,7 @@ class Relationship(FlagPropertyMixin, NodePropertyMixin):
                     data_from_pool["identifier"] = f"hfid={hfid_str} rel={self.name}"
 
             assigned_peer: Node = await pool.get_resource(db=db, branch=self.branch, at=at, **data_from_pool)  # type: ignore[attr-defined]
-            await self.set_peer(value=assigned_peer)
+            self.set_peer(value=assigned_peer)
             self.set_source(value=pool.id)
 
     async def save(self, db: InfrahubDatabase, at: Timestamp | None = None) -> Self:
@@ -962,7 +962,7 @@ class RelationshipManager:
 
         for peer_id in details.peer_ids_present_database_only:
             self._relationships.append(
-                await Relationship(
+                Relationship(
                     schema=self.schema,
                     branch=self.branch,
                     at=at or self.at,
@@ -1050,7 +1050,7 @@ class RelationshipManager:
             if isinstance(item, dict) and item.get("id", None) in previous_relationships:
                 rel = previous_relationships[item["id"]]
                 hash_before = hash(rel)
-                await rel.load(data=item, db=db)
+                rel.load(data=item, db=db)
                 if hash(rel) != hash_before:
                     changed = True
                 self._relationships.append(rel)

infrahub/core/schema/definitions/internal.py

@@ -487,7 +487,7 @@ attribute_schema = SchemaNode(
             kind="Text",
             description="Defines the type of the attribute.",
             enum=ATTRIBUTE_KIND_LABELS,
-            extra={"update": UpdateSupport.VALIDATE_CONSTRAINT},
+            extra={"update": UpdateSupport.MIGRATION_REQUIRED},
         ),
         SchemaAttribute(
             name="enum",

infrahub/core/schema/generated/attribute_schema.py

@@ -31,7 +31,7 @@ class GeneratedAttributeSchema(HashableModel):
         json_schema_extra={"update": "migration_required"},
     )
     kind: str = Field(
-        ..., description="Defines the type of the attribute.", json_schema_extra={"update": "validate_constraint"}
+        ..., description="Defines the type of the attribute.", json_schema_extra={"update": "migration_required"}
     )
     enum: list | None = Field(
         default=None,

infrahub/core/schema/node_schema.py

@@ -63,11 +63,6 @@ class NodeSchema(GeneratedNodeSchema):
                         f"{self.kind}.{attribute.name} inherited from {interface.namespace}{interface.name} must be the same kind "
                         f'["{interface_attr.kind}", "{attribute.kind}"]'
                     )
-                if attribute.optional != interface_attr.optional:
-                    raise ValueError(
-                        f"{self.kind}.{attribute.name} inherited from {interface.namespace}{interface.name} must have the same value for property "
-                        f'"optional" ["{interface_attr.optional}", "{attribute.optional}"]'
-                    )
 
         for relationship in self.relationships:
             if relationship.name in interface.relationship_names and not relationship.inherited:

infrahub/core/schema/schema_branch.py

@@ -226,8 +226,8 @@ class SchemaBranch:
     def update(self, schema: SchemaBranch) -> None:
         """Update another SchemaBranch into this one."""
 
-        local_kinds = list(self.nodes.keys()) + list(self.generics.keys())
-        other_kinds = list(schema.nodes.keys()) + list(schema.generics.keys())
+        local_kinds = self.all_names
+        other_kinds = schema.all_names
 
         in_both, _, other_only = compare_lists(list1=local_kinds, list2=other_kinds)
 

infrahub/core/validators/attribute/choices.py

@@ -1,9 +1,10 @@
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any
+from typing import TYPE_CHECKING, Any, cast
 
 from infrahub.core.constants import NULL_VALUE, PathType
 from infrahub.core.path import DataPath, GroupedDataPaths
+from infrahub.core.schema.generic_schema import GenericSchema
 
 from ..interface import ConstraintCheckerInterface
 from ..shared import AttributeSchemaValidatorQuery
@@ -18,6 +19,14 @@ if TYPE_CHECKING:
 class AttributeChoicesUpdateValidatorQuery(AttributeSchemaValidatorQuery):
     name: str = "attribute_constraints_choices_validator"
 
+    def __init__(
+        self,
+        excluded_kinds: list[str] | None = None,
+        **kwargs: Any,
+    ) -> None:
+        self.excluded_kinds: list[str] = excluded_kinds or []
+        super().__init__(**kwargs)
+
     async def query_init(self, db: InfrahubDatabase, **kwargs: dict[str, Any]) -> None:  # noqa: ARG002
         if self.attribute_schema.choices is None:
             return
@@ -28,9 +37,11 @@ class AttributeChoicesUpdateValidatorQuery(AttributeSchemaValidatorQuery):
         self.params["attr_name"] = self.attribute_schema.name
         self.params["allowed_values"] = [choice.name for choice in self.attribute_schema.choices]
         self.params["null_value"] = NULL_VALUE
+        self.params["excluded_kinds"] = self.excluded_kinds
 
         query = """
-        MATCH p = (n:%(node_kind)s)
+        MATCH (n:%(node_kind)s)
+        WHERE size($excluded_kinds) = 0 OR NOT n.kind IN $excluded_kinds
         CALL (n) {
             MATCH path = (root:Root)<-[rr:IS_PART_OF]-(n)-[ra:HAS_ATTRIBUTE]-(:Attribute { name: $attr_name } )-[rv:HAS_VALUE]-(av:AttributeValue)
             WHERE all(
@@ -92,10 +103,24 @@ class AttributeChoicesChecker(ConstraintCheckerInterface):
         if attribute_schema.choices is None:
             return grouped_data_paths_list
 
+        # skip inheriting schemas that override the attribute being checked
+        excluded_kinds: list[str] = []
+        if request.node_schema.is_generic_schema:
+            request.node_schema = cast(GenericSchema, request.node_schema)
+            for inheriting_kind in request.node_schema.used_by:
+                inheriting_schema = request.schema_branch.get_node(name=inheriting_kind, duplicate=False)
+                inheriting_schema_attribute = inheriting_schema.get_attribute(name=request.schema_path.field_name)
+                if not inheriting_schema_attribute.inherited:
+                    excluded_kinds.append(inheriting_kind)
+
         for query_class in self.query_classes:
             # TODO add exception handling
             query = await query_class.init(
-                db=self.db, branch=self.branch, node_schema=request.node_schema, schema_path=request.schema_path
+                db=self.db,
+                branch=self.branch,
+                node_schema=request.node_schema,
+                schema_path=request.schema_path,
+                excluded_kinds=excluded_kinds,
             )
             await query.execute(db=self.db)
             grouped_data_paths_list.append(await query.get_paths())

infrahub/core/validators/attribute/kind.py

@@ -65,8 +65,12 @@ class AttributeKindUpdateValidatorQuery(AttributeSchemaValidatorQuery):
             if value in (None, NULL_VALUE):
                 continue
             try:
+                attr_value = result.get("attribute_value")
                 infrahub_attribute_class.validate_format(
-                    value=result.get("attribute_value"), name=self.attribute_schema.name, schema=self.attribute_schema
+                    value=attr_value, name=self.attribute_schema.name, schema=self.attribute_schema
+                )
+                infrahub_attribute_class.validate_content(
+                    value=attr_value, name=self.attribute_schema.name, schema=self.attribute_schema
                 )
             except ValidationError:
                 grouped_data_paths.add_data_path(

infrahub/core/validators/determiner.py

@@ -98,7 +98,10 @@ class ConstraintValidatorDeterminer:
                 continue
 
             prop_field_update = prop_field_info.json_schema_extra.get("update")
-            if prop_field_update != UpdateSupport.VALIDATE_CONSTRAINT.value:
+            if prop_field_update not in (
+                UpdateSupport.VALIDATE_CONSTRAINT.value,
+                UpdateSupport.MIGRATION_REQUIRED.value,
+            ):
                 continue
 
             if getattr(schema, prop_name) is None:
@@ -112,6 +115,13 @@ class ConstraintValidatorDeterminer:
             )
             constraint_name = f"node.{prop_name}.update"
 
+            do_constraint_validation = prop_field_update == UpdateSupport.VALIDATE_CONSTRAINT.value or (
+                prop_field_update == UpdateSupport.MIGRATION_REQUIRED.value
+                and CONSTRAINT_VALIDATOR_MAP.get(constraint_name)
+            )
+            if not do_constraint_validation:
+                continue
+
             constraints.append(SchemaUpdateConstraintInfo(constraint_name=constraint_name, path=schema_path))
         return constraints
 
@@ -154,7 +164,10 @@ class ConstraintValidatorDeterminer:
                 continue
 
             prop_field_update = prop_field_info.json_schema_extra.get("update")
-            if prop_field_update != UpdateSupport.VALIDATE_CONSTRAINT.value:
+            if prop_field_update not in (
+                UpdateSupport.VALIDATE_CONSTRAINT.value,
+                UpdateSupport.MIGRATION_REQUIRED.value,
+            ):
                 continue
 
             if prop_value is None:
@@ -168,6 +181,13 @@ class ConstraintValidatorDeterminer:
                 path_type = SchemaPathType.RELATIONSHIP
                 constraint_name = f"relationship.{prop_name}.update"
 
+            do_constraint_validation = prop_field_update == UpdateSupport.VALIDATE_CONSTRAINT.value or (
+                prop_field_update == UpdateSupport.MIGRATION_REQUIRED.value
+                and CONSTRAINT_VALIDATOR_MAP.get(constraint_name)
+            )
+            if not do_constraint_validation:
+                continue
+
             schema_path = SchemaPath(
                 schema_kind=schema.kind,
                 path_type=path_type,

infrahub/events/__init__.py

@@ -5,6 +5,7 @@ from .models import EventMeta, InfrahubEvent
 from .node_action import NodeCreatedEvent, NodeDeletedEvent, NodeUpdatedEvent
 from .proposed_change_action import (
     ProposedChangeApprovalRevokedEvent,
+    ProposedChangeApprovalsRevokedEvent,
     ProposedChangeApprovedEvent,
     ProposedChangeMergedEvent,
     ProposedChangeRejectedEvent,
@@ -32,6 +33,7 @@ __all__ = [
     "NodeDeletedEvent",
     "NodeUpdatedEvent",
     "ProposedChangeApprovalRevokedEvent",
+    "ProposedChangeApprovalsRevokedEvent",
     "ProposedChangeApprovedEvent",
     "ProposedChangeMergedEvent",
     "ProposedChangeRejectedEvent",

infrahub/events/proposed_change_action.py

@@ -150,6 +150,28 @@ class ProposedChangeRejectionRevokedEvent(ProposedChangeReviewRevokedEvent):
     event_name: ClassVar[str] = f"{EVENT_NAMESPACE}.proposed_change.rejection_revoked"
 
 
+class ProposedChangeApprovalsRevokedEvent(ProposedChangeEvent):
+    reviewer_accounts: dict[str, str] = Field(
+        default_factory=dict, description="ID to name map of accounts whose approval was revoked"
+    )
+
+    event_name: ClassVar[str] = f"{EVENT_NAMESPACE}.proposed_change.approvals_revoked"
+
+    def get_related(self) -> list[dict[str, str]]:
+        related = super().get_related()
+        for account_id, account_name in self.reviewer_accounts.items():
+            related.append(
+                {
+                    "prefect.resource.id": account_id,
+                    "prefect.resource.role": "infrahub.related.node",
+                    "infrahub.node.kind": InfrahubKind.GENERICACCOUNT,
+                    "infrahub.node.id": account_id,
+                    "infrahub.reviewer.account.name": account_name,
+                }
+            )
+        return related
+
+
 class ProposedChangeThreadEvent(ProposedChangeEvent):
     thread_id: str = Field(..., description="The ID of the thread that was created or updated")
     thread_kind: str = Field(..., description="The name of the thread that was created or updated")

infrahub/graphql/app.py

@@ -231,6 +231,7 @@ class InfrahubGraphQLApp:
                 operation_name=operation_name,
                 branch=branch,
             )
+        impacted_models = analyzed_query.query_report.impacted_models
 
         await self._evaluate_permissions(
             db=db,
@@ -282,7 +283,7 @@ class InfrahubGraphQLApp:
         GRAPHQL_QUERY_HEIGHT_METRICS.labels(**labels).observe(await analyzed_query.calculate_height())
         # GRAPHQL_QUERY_VARS_METRICS.labels(**labels).observe(len(analyzed_query.variables))
         GRAPHQL_TOP_LEVEL_QUERIES_METRICS.labels(**labels).observe(analyzed_query.nbr_queries)
-        GRAPHQL_QUERY_OBJECTS_METRICS.labels(**labels).observe(len(analyzed_query.query_report.impacted_models))
+        GRAPHQL_QUERY_OBJECTS_METRICS.labels(**labels).observe(len(impacted_models))
 
         _, errors = analyzed_query.is_valid
         if errors:

infrahub/graphql/context.py

@@ -5,7 +5,7 @@ from typing import TYPE_CHECKING
 from infrahub.core.constants import GlobalPermissions, InfrahubKind
 from infrahub.core.manager import NodeManager
 from infrahub.exceptions import NodeNotFoundError, ValidationError
-from infrahub.permissions.globals import define_global_permission_from_branch
+from infrahub.permissions import define_global_permission_from_branch
 
 if TYPE_CHECKING:
     from .initialization import GraphqlContext

infrahub/graphql/mutations/proposed_change.py

@@ -137,6 +137,9 @@ class InfrahubProposedChangeMutation(InfrahubMutationMixin, Mutation):
             updated_state = ProposedChangeState(state_update)
             state.validate_state_transition(updated_state)
 
+        # Check if the draft state will change (defaults to current draft state)
+        will_be_draft = data.get("is_draft", {}).get("value", obj.is_draft.value)
+
         # Check before starting a transaction, stopping in the middle of the transaction seems to break with memgraph
         if updated_state == ProposedChangeState.MERGED and graphql_context.account_session:
             try:
@@ -150,6 +153,8 @@ class InfrahubProposedChangeMutation(InfrahubMutationMixin, Mutation):
                 raise ValidationError(str(exc)) from exc
 
         if updated_state == ProposedChangeState.MERGED:
+            if will_be_draft:
+                raise ValidationError("A draft proposed change is not allowed to be merged")
             data["state"]["value"] = ProposedChangeState.MERGING.value
 
         proposed_change, result = await super().mutate_update(

infrahub/graphql/mutations/relationship.py

@@ -233,7 +233,7 @@ class RelationshipRemove(Mutation):
                     # we should use RelationshipDataDeleteQuery to delete the relationship
                     # it would be more query efficient
                     rel = Relationship(schema=rel_schema, branch=graphql_context.branch, node=source)
-                    await rel.load(db=db, data=existing_peers[node_data.get("id")])
+                    rel.load(db=db, data=existing_peers[node_data.get("id")])
                     if group_event_type != GroupUpdateType.NONE:
                         peers.append(EventNode(id=rel.get_peer_id(), kind=nodes[rel.get_peer_id()].get_kind()))
                     node_changelog.delete_relationship(relationship=rel)

infrahub/graphql/mutations/schema.py

@@ -6,7 +6,7 @@ from graphene import Boolean, Field, InputObjectType, Mutation, String
 
 from infrahub import lock
 from infrahub.core import registry
-from infrahub.core.constants import RESTRICTED_NAMESPACES
+from infrahub.core.constants import RESTRICTED_NAMESPACES, GlobalPermissions
 from infrahub.core.manager import NodeManager
 from infrahub.core.schema import DropdownChoice, GenericSchema, NodeSchema
 from infrahub.database import InfrahubDatabase, retry_db_transaction
@@ -16,6 +16,7 @@ from infrahub.exceptions import ValidationError
 from infrahub.graphql.context import apply_external_context
 from infrahub.graphql.types.context import ContextInput
 from infrahub.log import get_log_data, get_logger
+from infrahub.permissions import define_global_permission_from_branch
 from infrahub.worker import WORKER_IDENTITY
 
 from ..types import DropdownFields
@@ -32,6 +33,14 @@ if TYPE_CHECKING:
 log = get_logger()
 
 
+def _validate_schema_permission(graphql_context: GraphqlContext) -> None:
+    graphql_context.active_permissions.raise_for_permission(
+        permission=define_global_permission_from_branch(
+            permission=GlobalPermissions.MANAGE_SCHEMA, branch_name=graphql_context.branch.name
+        )
+    )
+
+
 class SchemaEnumInput(InputObjectType):
     kind = String(required=True)
     attribute = String(required=True)
@@ -69,6 +78,7 @@ class SchemaDropdownAdd(Mutation):
     ) -> Self:
         graphql_context: GraphqlContext = info.context
 
+        _validate_schema_permission(graphql_context=graphql_context)
         await apply_external_context(graphql_context=graphql_context, context_input=context)
 
         kind = graphql_context.db.schema.get(name=str(data.kind), branch=graphql_context.branch.name)
@@ -130,6 +140,7 @@ class SchemaDropdownRemove(Mutation):
     ) -> dict[str, bool]:
         graphql_context: GraphqlContext = info.context
 
+        _validate_schema_permission(graphql_context=graphql_context)
         kind = graphql_context.db.schema.get(name=str(data.kind), branch=graphql_context.branch.name)
         await apply_external_context(graphql_context=graphql_context, context_input=context)
 
@@ -185,6 +196,7 @@ class SchemaEnumAdd(Mutation):
     ) -> dict[str, bool]:
         graphql_context: GraphqlContext = info.context
 
+        _validate_schema_permission(graphql_context=graphql_context)
         kind = graphql_context.db.schema.get(name=str(data.kind), branch=graphql_context.branch.name)
         await apply_external_context(graphql_context=graphql_context, context_input=context)
 
@@ -230,6 +242,7 @@ class SchemaEnumRemove(Mutation):
     ) -> dict[str, bool]:
         graphql_context: GraphqlContext = info.context
 
+        _validate_schema_permission(graphql_context=graphql_context)
         kind = graphql_context.db.schema.get(name=str(data.kind), branch=graphql_context.branch.name)
         await apply_external_context(graphql_context=graphql_context, context_input=context)
 

infrahub/graphql/queries/diff/tree.py

@@ -1,12 +1,13 @@
 from __future__ import annotations
 
+from dataclasses import dataclass
 from typing import TYPE_CHECKING, Any
 
 from graphene import Argument, Boolean, DateTime, Field, InputObjectType, Int, List, NonNull, ObjectType, String
 from graphene import Enum as GrapheneEnum
 
 from infrahub.core import registry
-from infrahub.core.constants import DiffAction, RelationshipCardinality
+from infrahub.core.constants import DiffAction, RelationshipCardinality, RelationshipDirection
 from infrahub.core.constants.database import DatabaseEdgeType
 from infrahub.core.diff.model.path import NameTrackingId
 from infrahub.core.diff.query.filters import EnrichedDiffQueryFilters
@@ -38,6 +39,12 @@ GrapheneDiffActionEnum = GrapheneEnum.from_enum(DiffAction)
 GrapheneCardinalityEnum = GrapheneEnum.from_enum(RelationshipCardinality)
 
 
+@dataclass
+class ParentNodeInfo:
+    node: EnrichedDiffNode
+    relationship_name: str
+
+
 class ConflictDetails(ObjectType):
     uuid = String(required=True)
     base_branch_action = Field(GrapheneDiffActionEnum, required=True)
@@ -145,9 +152,16 @@ class DiffTreeSummary(DiffSummaryCounts):
 
 
 class DiffTreeResolver:
+    def __init__(self) -> None:
+        self.source_branch_name: str | None = None
+
+    def initialize(self, enriched_diff_root: EnrichedDiffRoot) -> None:
+        self.source_branch_name = enriched_diff_root.diff_branch_name
+
     async def to_diff_tree(
         self, enriched_diff_root: EnrichedDiffRoot, graphql_context: GraphqlContext | None = None
     ) -> DiffTree:
+        self.initialize(enriched_diff_root=enriched_diff_root)
         all_nodes = list(enriched_diff_root.nodes)
         tree_nodes = [self.to_diff_node(enriched_node=e_node, graphql_context=graphql_context) for e_node in all_nodes]
         name = None
@@ -166,6 +180,43 @@ class DiffTreeResolver:
             num_conflicts=enriched_diff_root.num_conflicts,
         )
 
+    def _get_parent_info(
+        self, diff_node: EnrichedDiffNode, graphql_context: GraphqlContext | None = None
+    ) -> ParentNodeInfo | None:
+        for r in diff_node.relationships:
+            for n in r.nodes:
+                relationship_name: str = "undefined"
+
+                if not graphql_context or not self.source_branch_name:
+                    return ParentNodeInfo(node=n, relationship_name=relationship_name)
+
+                node_schema = graphql_context.db.schema.get(
+                    name=diff_node.kind, branch=self.source_branch_name, duplicate=False
+                )
+                rel_schema = node_schema.get_relationship(name=r.name)
+
+                parent_schema = graphql_context.db.schema.get(
+                    name=n.kind, branch=self.source_branch_name, duplicate=False
+                )
+                rels_parent = parent_schema.get_relationships_by_identifier(id=rel_schema.get_identifier())
+
+                if rels_parent and len(rels_parent) == 1:
+                    relationship_name = rels_parent[0].name
+                elif rels_parent and len(rels_parent) > 1:
+                    for rel_parent in rels_parent:
+                        if (
+                            rel_schema.direction == RelationshipDirection.INBOUND
+                            and rel_parent.direction == RelationshipDirection.OUTBOUND
+                        ) or (
+                            rel_schema.direction == RelationshipDirection.OUTBOUND
+                            and rel_parent.direction == RelationshipDirection.INBOUND
+                        ):
+                            relationship_name = rel_parent.name
+                            break
+
+                return ParentNodeInfo(node=n, relationship_name=relationship_name)
+        return None
+
     def to_diff_node(self, enriched_node: EnrichedDiffNode, graphql_context: GraphqlContext | None = None) -> DiffNode:
         diff_attributes = [
             self.to_diff_attribute(enriched_attribute=e_attr, graphql_context=graphql_context)
@@ -181,7 +232,7 @@ class DiffTreeResolver:
             conflict = self.to_diff_conflict(enriched_conflict=enriched_node.conflict, graphql_context=graphql_context)
 
         parent = None
-        if parent_info := enriched_node.get_parent_info(graphql_context=graphql_context):
+        if parent_info := self._get_parent_info(diff_node=enriched_node, graphql_context=graphql_context):
             parent = DiffNodeParent(
                 uuid=parent_info.node.uuid,
                 kind=parent_info.node.kind,

infrahub/graphql/schema.py

@@ -26,21 +26,10 @@ from .mutations.proposed_change import (
     ProposedChangeRequestRunCheck,
     ProposedChangeReview,
 )
-from .mutations.relationship import (
-    RelationshipAdd,
-    RelationshipRemove,
-)
-from .mutations.repository import (
-    ProcessRepository,
-    ValidateRepositoryConnectivity,
-)
+from .mutations.relationship import RelationshipAdd, RelationshipRemove
+from .mutations.repository import ProcessRepository, ValidateRepositoryConnectivity
 from .mutations.resource_manager import IPAddressPoolGetResource, IPPrefixPoolGetResource
-from .mutations.schema import (
-    SchemaDropdownAdd,
-    SchemaDropdownRemove,
-    SchemaEnumAdd,
-    SchemaEnumRemove,
-)
+from .mutations.schema import SchemaDropdownAdd, SchemaDropdownRemove, SchemaEnumAdd, SchemaEnumRemove
 from .queries import (
     AccountPermissions,
     AccountToken,

infrahub/graphql/types/event.py

@@ -136,6 +136,13 @@ class ProposedChangeReviewRevokedEvent(ObjectType):
     payload = Field(GenericScalar, required=True)
 
 
+class ProposedChangeApprovalsRevokedEvent(ObjectType):
+    class Meta:
+        interfaces = (EventNodeInterface,)
+
+    payload = Field(GenericScalar, required=True)
+
+
 class ProposedChangeReviewRequestedEvent(ObjectType):
     class Meta:
         interfaces = (EventNodeInterface,)
@@ -220,6 +227,7 @@ EVENT_TYPES: dict[str, type[ObjectType]] = {
     events.ProposedChangeRejectedEvent.event_name: ProposedChangeReviewEvent,
     events.ProposedChangeRejectionRevokedEvent.event_name: ProposedChangeReviewRevokedEvent,
     events.ProposedChangeReviewRequestedEvent.event_name: ProposedChangeReviewRequestedEvent,
+    events.ProposedChangeApprovalsRevokedEvent.event_name: ProposedChangeApprovalsRevokedEvent,
     events.ProposedChangeMergedEvent.event_name: ProposedChangeMergedEvent,
     events.ProposedChangeThreadCreatedEvent.event_name: ProposedChangeThreadEvent,
     events.ProposedChangeThreadUpdatedEvent.event_name: ProposedChangeThreadEvent,

infrahub/permissions/__init__.py

@@ -1,4 +1,5 @@
 from infrahub.permissions.backend import PermissionBackend
+from infrahub.permissions.globals import define_global_permission_from_branch, get_or_create_global_permission
 from infrahub.permissions.local_backend import LocalPermissionBackend
 from infrahub.permissions.manager import PermissionManager
 from infrahub.permissions.report import report_schema_permissions
@@ -9,6 +10,8 @@ __all__ = [
     "LocalPermissionBackend",
     "PermissionBackend",
     "PermissionManager",
+    "define_global_permission_from_branch",
     "get_global_permission_for_kind",
+    "get_or_create_global_permission",
     "report_schema_permissions",
 ]

infrahub/permissions/constants.py

@@ -25,8 +25,21 @@ GLOBAL_PERMISSION_DENIAL_MESSAGE = {
     GlobalPermissions.EDIT_DEFAULT_BRANCH.value: "You are not allowed to change data in the default branch",
     GlobalPermissions.MERGE_BRANCH.value: "You are not allowed to merge a branch",
     GlobalPermissions.MERGE_PROPOSED_CHANGE.value: "You are not allowed to merge proposed changes",
+    GlobalPermissions.REVIEW_PROPOSED_CHANGE.value: "You are not allowed to review proposed changes",
     GlobalPermissions.MANAGE_SCHEMA.value: "You are not allowed to manage the schema",
     GlobalPermissions.MANAGE_ACCOUNTS.value: "You are not allowed to manage user accounts, groups or roles",
     GlobalPermissions.MANAGE_PERMISSIONS.value: "You are not allowed to manage permissions",
     GlobalPermissions.MANAGE_REPOSITORIES.value: "You are not allowed to manage repositories",
 }
+
+GLOBAL_PERMISSION_DESCRIPTION = {
+    GlobalPermissions.EDIT_DEFAULT_BRANCH: "Allow a user to change data in the default branch",
+    GlobalPermissions.MERGE_BRANCH: "Allow a user to merge branches",
+    GlobalPermissions.MERGE_PROPOSED_CHANGE: "Allow a user to merge proposed changes",
+    GlobalPermissions.REVIEW_PROPOSED_CHANGE: "Allow a user to approve or reject proposed changes",
+    GlobalPermissions.MANAGE_SCHEMA: "Allow a user to manage the schema",
+    GlobalPermissions.MANAGE_ACCOUNTS: "Allow a user to manage accounts, account roles and account groups",
+    GlobalPermissions.MANAGE_PERMISSIONS: "Allow a user to manage permissions",
+    GlobalPermissions.MANAGE_REPOSITORIES: "Allow a user to manage repositories",
+    GlobalPermissions.SUPER_ADMIN: "Allow a user to do anything",
+}