2019-07-01 00:34:34 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module Mutations
|
|
|
|
module Notes
|
|
|
|
module Create
|
|
|
|
# This is a Base class for the Note creation Mutations and is not
|
|
|
|
# mounted as a GraphQL mutation itself.
|
|
|
|
class Base < Mutations::Notes::Base
|
|
|
|
authorize :create_note
|
|
|
|
|
|
|
|
argument :noteable_id,
|
2020-10-07 23:08:39 -04:00
|
|
|
::Types::GlobalIDType[::Noteable],
|
2019-07-01 00:34:34 -04:00
|
|
|
required: true,
|
2021-01-07 07:10:24 -05:00
|
|
|
description: 'The global ID of the resource to add a note to.'
|
2019-07-01 00:34:34 -04:00
|
|
|
|
|
|
|
argument :body,
|
2021-07-22 17:09:40 -04:00
|
|
|
GraphQL::Types::String,
|
2019-07-01 00:34:34 -04:00
|
|
|
required: true,
|
|
|
|
description: copy_field_description(Types::Notes::NoteType, :body)
|
|
|
|
|
2020-07-15 05:09:34 -04:00
|
|
|
argument :confidential,
|
2021-07-22 17:09:40 -04:00
|
|
|
GraphQL::Types::Boolean,
|
2020-07-15 05:09:34 -04:00
|
|
|
required: false,
|
|
|
|
description: 'The confidentiality flag of a note. Default is false.'
|
|
|
|
|
2019-07-01 00:34:34 -04:00
|
|
|
def resolve(args)
|
|
|
|
noteable = authorized_find!(id: args[:noteable_id])
|
2021-02-09 16:09:19 -05:00
|
|
|
verify_rate_limit!(current_user)
|
2019-07-01 00:34:34 -04:00
|
|
|
|
|
|
|
note = ::Notes::CreateService.new(
|
|
|
|
noteable.project,
|
|
|
|
current_user,
|
|
|
|
create_note_params(noteable, args)
|
|
|
|
).execute
|
|
|
|
|
|
|
|
{
|
|
|
|
note: (note if note.persisted?),
|
|
|
|
errors: errors_on_object(note)
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2019-09-04 13:42:48 -04:00
|
|
|
private
|
|
|
|
|
2020-10-07 23:08:39 -04:00
|
|
|
def find_object(id:)
|
|
|
|
# TODO: remove explicit coercion once compatibility layer has been removed
|
|
|
|
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883
|
|
|
|
id = ::Types::GlobalIDType[::Noteable].coerce_isolated_input(id)
|
|
|
|
GitlabSchema.find_by_gid(id)
|
|
|
|
end
|
|
|
|
|
2019-07-01 00:34:34 -04:00
|
|
|
def create_note_params(noteable, args)
|
|
|
|
{
|
|
|
|
noteable: noteable,
|
2020-07-15 05:09:34 -04:00
|
|
|
note: args[:body],
|
|
|
|
confidential: args[:confidential]
|
2019-07-01 00:34:34 -04:00
|
|
|
}
|
|
|
|
end
|
2021-02-09 16:09:19 -05:00
|
|
|
|
|
|
|
def verify_rate_limit!(current_user)
|
2021-02-11 07:08:52 -05:00
|
|
|
return unless rate_limit_throttled?
|
2021-02-09 16:09:19 -05:00
|
|
|
|
|
|
|
raise Gitlab::Graphql::Errors::ResourceNotAvailable,
|
|
|
|
'This endpoint has been requested too many times. Try again later.'
|
|
|
|
end
|
2021-02-11 07:08:52 -05:00
|
|
|
|
|
|
|
def rate_limit_throttled?
|
|
|
|
rate_limiter = ::Gitlab::ApplicationRateLimiter
|
|
|
|
allowlist = Gitlab::CurrentSettings.current_application_settings.notes_create_limit_allowlist
|
|
|
|
|
|
|
|
rate_limiter.throttled?(:notes_create, scope: [current_user], users_allowlist: allowlist)
|
|
|
|
end
|
2019-07-01 00:34:34 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|