gitlab-org--gitlab-foss/lib/gitlab/graphql/authorize/object_authorization.rb

# frozen_string_literal: true

module Gitlab
  module Graphql
    module Authorize
      class ObjectAuthorization
        attr_reader :abilities, :permitted_scopes

        def initialize(abilities, scopes = %i[api read_api])
          @abilities = Array.wrap(abilities).flatten
          @permitted_scopes = Array.wrap(scopes)
        end

        def none?
          abilities.empty?
        end

        def any?
          abilities.present?
        end

        def ok?(object, current_user, scope_validator: nil)
          scopes_ok?(scope_validator) && abilities_ok?(object, current_user)
        end

        private

        def abilities_ok?(object, current_user)
          return true if none?

          subject = object.try(:declarative_policy_subject) || object
          abilities.all? do |ability|
            Ability.allowed?(current_user, ability, subject)
          end
        end

        def scopes_ok?(validator)
          return true unless validator.present?

          validator.valid_for?(permitted_scopes)
        end
      end
    end
  end
end
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00			`# frozen_string_literal: true`

			`module Gitlab`
			`module Graphql`
			`module Authorize`
			`class ObjectAuthorization`
Add latest changes from gitlab-org/gitlab@master 2021-04-28 11:09:35 -04:00			`attr_reader :abilities, :permitted_scopes`
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-04-28 11:09:35 -04:00			`def initialize(abilities, scopes = %i[api read_api])`
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00			`@abilities = Array.wrap(abilities).flatten`
Add latest changes from gitlab-org/gitlab@master 2021-04-28 11:09:35 -04:00			`@permitted_scopes = Array.wrap(scopes)`
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00			`end`

			`def none?`
			`abilities.empty?`
			`end`

			`def any?`
			`abilities.present?`
			`end`

Add latest changes from gitlab-org/gitlab@master 2021-04-28 11:09:35 -04:00			`def ok?(object, current_user, scope_validator: nil)`
			`scopes_ok?(scope_validator) && abilities_ok?(object, current_user)`
			`end`

			`private`

			`def abilities_ok?(object, current_user)`
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00			`return true if none?`

Add latest changes from gitlab-org/gitlab@master 2021-04-06 20:09:26 -04:00			`subject = object.try(:declarative_policy_subject) \|\| object`
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00			`abilities.all? do \|ability\|`
Add latest changes from gitlab-org/gitlab@master 2021-04-06 20:09:26 -04:00			`Ability.allowed?(current_user, ability, subject)`
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2021-04-28 11:09:35 -04:00
			`def scopes_ok?(validator)`
			`return true unless validator.present?`

			`validator.valid_for?(permitted_scopes)`
			`end`
Add latest changes from gitlab-org/gitlab@master 2021-03-18 02:11:52 -04:00			`end`
			`end`
			`end`
			`end`