Allow authorize on array of objects for GraphQL
And add tests
This commit is contained in:
parent
7be1f0842f
commit
564b86a314
|
@ -70,7 +70,7 @@ module Types
|
|||
Types::MergeRequestType.connection_type,
|
||||
null: true,
|
||||
resolver: Resolvers::MergeRequestsResolver do
|
||||
# authorize :read_merge_request
|
||||
authorize :read_merge_request
|
||||
end
|
||||
|
||||
field :merge_request,
|
||||
|
|
|
@ -35,10 +35,25 @@ module Gitlab
|
|||
private
|
||||
|
||||
def build_checker(current_user, abilities)
|
||||
proc do |obj|
|
||||
lambda do |value|
|
||||
# Load the elements if they weren't loaded by BatchLoader yet
|
||||
obj = obj.sync if obj.respond_to?(:sync)
|
||||
obj if abilities.all? { |ability| Ability.allowed?(current_user, ability, obj) }
|
||||
value = value.sync if value.respond_to?(:sync)
|
||||
|
||||
check = lambda do |object|
|
||||
abilities.all? do |ability|
|
||||
Ability.allowed?(current_user, ability, object)
|
||||
end
|
||||
end
|
||||
|
||||
checked =
|
||||
case value
|
||||
when Array
|
||||
value.all?(&check)
|
||||
else
|
||||
check.call(value)
|
||||
end
|
||||
|
||||
value if checked
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -15,7 +15,8 @@ describe GitlabSchema.types['Project'] do
|
|||
end
|
||||
|
||||
it 'authorizes the merge requests' do
|
||||
skip
|
||||
expect(described_class.fields['mergeRequests'])
|
||||
.to require_graphql_authorizations(:read_merge_request)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe Gitlab::Graphql::Authorize::Instrumentation do
|
||||
describe '#build_checker' do
|
||||
let(:current_user) { double(:current_user) }
|
||||
let(:abilities) { [double(:first_ability), double(:last_ability)] }
|
||||
|
||||
let(:checker) do
|
||||
described_class.new.__send__(:build_checker, current_user, abilities)
|
||||
end
|
||||
|
||||
it 'returns a checker which checks for a single object' do
|
||||
object = double(:object)
|
||||
|
||||
abilities.each do |ability|
|
||||
spy_ability_check_for(ability, object)
|
||||
end
|
||||
|
||||
expect(checker.call(object)).to eq(object)
|
||||
end
|
||||
|
||||
it 'returns a checker which checks for all objects' do
|
||||
objects = [double(:first), double(:last)]
|
||||
|
||||
abilities.each do |ability|
|
||||
objects.each do |object|
|
||||
spy_ability_check_for(ability, object)
|
||||
end
|
||||
end
|
||||
|
||||
expect(checker.call(objects)).to eq(objects)
|
||||
end
|
||||
|
||||
def spy_ability_check_for(ability, object)
|
||||
expect(Ability)
|
||||
.to receive(:allowed?)
|
||||
.with(current_user, ability, object)
|
||||
.and_return(true)
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue