1 files changed, 13 insertions, 10 deletions

diff --git a/app/graphql/resolvers/milestones_resolver.rb b/app/graphql/resolvers/milestones_resolver.rb
index dc6d781f584..25ff783b408 100644
--- a/app/graphql/resolvers/milestones_resolver.rb
+++ b/app/graphql/resolvers/milestones_resolver.rb
@@ -4,6 +4,11 @@ module Resolvers
   class MilestonesResolver < BaseResolver
     include Gitlab::Graphql::Authorize::AuthorizeResource
     include TimeFrameArguments
+    include LooksAhead
+
+    # authorize before resolution
+    authorize :read_milestone
+    authorizes_object!
 
     argument :ids, [GraphQL::Types::ID],
              required: false,
@@ -34,12 +39,10 @@ module Resolvers
 
     NON_STABLE_CURSOR_SORTS = %i[expired_last_due_date_asc expired_last_due_date_desc].freeze
 
-    def resolve(**args)
+    def resolve_with_lookahead(**args)
       validate_timeframe_params!(args)
 
-      authorize!
-
-      milestones = MilestonesFinder.new(milestones_finder_params(args)).execute
+      milestones = apply_lookahead(MilestonesFinder.new(milestones_finder_params(args)).execute)
 
       if non_stable_cursor_sort?(args[:sort])
         offset_pagination(milestones)
@@ -50,6 +53,12 @@ module Resolvers
 
     private
 
+    def preloads
+      {
+        releases: :releases
+      }
+    end
+
     def milestones_finder_params(args)
       {
         ids: parse_gids(args[:ids]),
@@ -69,12 +78,6 @@ module Resolvers
       raise NotImplementedError
     end
 
-    # MilestonesFinder does not check for current_user permissions,
-    # so for now we need to keep it here.
-    def authorize!
-      Ability.allowed?(context[:current_user], :read_milestone, parent) || raise_resource_not_available_error!
-    end
-
     def parse_gids(gids)
       gids&.map { |gid| GitlabSchema.parse_gid(gid, expected_type: Milestone).model_id }
     end