kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/lib/gitlab/graphql/authorize/instrumentation.rb

26 lines
707 B
Ruby
Raw Normal View History

Enable even more frozen string in lib/gitlab Enables frozen string for the following: * lib/gitlab/fogbugz_import/**/*.rb * lib/gitlab/gfm/**/*.rb * lib/gitlab/git/**/*.rb * lib/gitlab/gitaly_client/**/*.rb * lib/gitlab/gitlab_import/**/*.rb * lib/gitlab/google_code_import/**/*.rb * lib/gitlab/gpg/**/*.rb * lib/gitlab/grape_logging/**/*.rb * lib/gitlab/graphql/**/*.rb * lib/gitlab/graphs/**/*.rb * lib/gitlab/hashed_storage/**/*.rb * lib/gitlab/health_checks/**/*.rb Partially address gitlab-org/gitlab-ce#47424.
2018-11-09 13:39:43 -05:00
# frozen_string_literal: true
Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601
2018-05-23 03:55:14 -04:00
module Gitlab
module Graphql
module Authorize
class Instrumentation
# Replace the resolver for the field with one that will only return the
# resolved object if the permissions check is successful.
def instrument(_type, field)
GraphQL Type authorization Enables authorizations to be defined on GraphQL Types. module Types class ProjectType < BaseObject authorize :read_project end end If a field has authorizations defined on it, and the return type of the field also has authorizations defined on it. then all of the combined permissions in the authorizations will be checked and must pass. Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
2019-03-03 21:30:32 -05:00
service = AuthorizeFieldService.new(field)
Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601
2018-05-23 03:55:14 -04:00
Add latest changes from gitlab-org/gitlab@master
2019-11-15 07:06:12 -05:00
if service.authorizations? && !resolver_skips_authorizations?(field)
GraphQL Type authorization Enables authorizations to be defined on GraphQL Types. module Types class ProjectType < BaseObject authorize :read_project end end If a field has authorizations defined on it, and the return type of the field also has authorizations defined on it. then all of the combined permissions in the authorizations will be checked and must pass. Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
2019-03-03 21:30:32 -05:00
field.redefine { resolve(service.authorized_resolve) }
else
field
Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601
2018-05-23 03:55:14 -04:00
end
end
Add latest changes from gitlab-org/gitlab@master
2019-11-15 07:06:12 -05:00
def resolver_skips_authorizations?(field)
field.metadata[:resolver].try(:skip_authorizations?)
end
Initial setup GraphQL using graphql-ruby 1.8 - All definitions have been replaced by classes: http://graphql-ruby.org/schema/class_based_api.html - Authorization & Presentation have been refactored to work in the class based system - Loaders have been replaced by resolvers - Times are now coersed as ISO 8601
2018-05-23 03:55:14 -04:00
end
end
end
end
Copy permalink