Add authorize to LabelType and NamespaceType
This also disables the cop with a reasoning in types where appropriate
This commit is contained in:
parent
ac2d08212b
commit
703d0246ff
19 changed files with 42 additions and 12 deletions
|
@ -1,6 +1,8 @@
|
|||
# frozen_string_literal: true
|
||||
module Types
|
||||
module Ci
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is presented through `PipelineType` that has its own authorization
|
||||
class DetailedStatusType < BaseObject
|
||||
graphql_name 'DetailedStatus'
|
||||
|
||||
|
@ -13,5 +15,6 @@ module Types
|
|||
field :text, GraphQL::STRING_TYPE, null: false
|
||||
field :tooltip, GraphQL::STRING_TYPE, null: false, method: :status_tooltip
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Types
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is a BaseEnum through IssuableEnum, so it does not need authorization
|
||||
class IssueStateEnum < IssuableStateEnum
|
||||
graphql_name 'IssueState'
|
||||
description 'State of a GitLab issue'
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
|
|
|
@ -4,6 +4,8 @@ module Types
|
|||
class LabelType < BaseObject
|
||||
graphql_name 'Label'
|
||||
|
||||
authorize :read_label
|
||||
|
||||
field :description, GraphQL::STRING_TYPE, null: true
|
||||
markdown_field :description_html, null: true
|
||||
field :title, GraphQL::STRING_TYPE, null: false
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Types
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is a BaseEnum through IssuableEnum, so it does not need authorization
|
||||
class MergeRequestStateEnum < IssuableStateEnum
|
||||
graphql_name 'MergeRequestState'
|
||||
description 'State of a GitLab merge request'
|
||||
|
||||
value 'merged'
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
|
|
|
@ -4,6 +4,8 @@ module Types
|
|||
class MetadataType < ::Types::BaseObject
|
||||
graphql_name 'Metadata'
|
||||
|
||||
authorize :read_instance_metadata
|
||||
|
||||
field :version, GraphQL::STRING_TYPE, null: false
|
||||
field :revision, GraphQL::STRING_TYPE, null: false
|
||||
end
|
||||
|
|
|
@ -4,6 +4,8 @@ module Types
|
|||
class NamespaceType < BaseObject
|
||||
graphql_name 'Namespace'
|
||||
|
||||
authorize :read_namespace
|
||||
|
||||
field :id, GraphQL::ID_TYPE, null: false
|
||||
|
||||
field :name, GraphQL::STRING_TYPE, null: false
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
module Types
|
||||
module Notes
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is presented through `NoteType` that has its own authorization
|
||||
class DiffPositionType < BaseObject
|
||||
graphql_name 'DiffPosition'
|
||||
|
||||
|
@ -42,5 +44,6 @@ module Types
|
|||
description: "The total height of the image",
|
||||
resolve: -> (position, _args, _ctx) { position.height if position.on_image? }
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
end
|
||||
|
|
|
@ -67,7 +67,7 @@ module Types
|
|||
field :only_allow_merge_if_all_discussions_are_resolved, GraphQL::BOOLEAN_TYPE, null: true
|
||||
field :printing_merge_request_link_enabled, GraphQL::BOOLEAN_TYPE, null: true
|
||||
|
||||
field :namespace, Types::NamespaceType, null: false
|
||||
field :namespace, Types::NamespaceType, null: true
|
||||
field :group, Types::GroupType, null: true
|
||||
|
||||
field :statistics, Types::ProjectStatisticsType,
|
||||
|
|
|
@ -22,10 +22,7 @@ module Types
|
|||
field :metadata, Types::MetadataType,
|
||||
null: true,
|
||||
resolver: Resolvers::MetadataResolver,
|
||||
description: 'Metadata about GitLab' do |*args|
|
||||
|
||||
authorize :read_instance_metadata
|
||||
end
|
||||
description: 'Metadata about GitLab'
|
||||
|
||||
field :echo, GraphQL::STRING_TYPE, null: false, function: Functions::Echo.new
|
||||
end
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Types
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is used in `IssueType` and `MergeRequestType` both of which have their
|
||||
# own authorization
|
||||
class TaskCompletionStatus < BaseObject
|
||||
graphql_name 'TaskCompletionStatus'
|
||||
description 'Completion status of tasks'
|
||||
|
@ -8,4 +11,5 @@ module Types
|
|||
field :count, GraphQL::INT_TYPE, null: false
|
||||
field :completed_count, GraphQL::INT_TYPE, null: false
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
# frozen_string_literal: true
|
||||
module Types
|
||||
module Tree
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is presented through `Repository` that has its own authorization
|
||||
class BlobType < BaseObject
|
||||
implements Types::Tree::EntryType
|
||||
|
||||
|
@ -12,6 +14,7 @@ module Types
|
|||
field :lfs_oid, GraphQL::STRING_TYPE, null: true, resolve: -> (blob, args, ctx) do
|
||||
Gitlab::Graphql::Loaders::BatchLfsOidLoader.new(blob.repository, blob.id).find
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
# frozen_string_literal: true
|
||||
module Types
|
||||
module Tree
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is presented through `Repository` that has its own authorization
|
||||
class SubmoduleType < BaseObject
|
||||
implements Types::Tree::EntryType
|
||||
|
||||
graphql_name 'Submodule'
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
# frozen_string_literal: true
|
||||
module Types
|
||||
module Tree
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is presented through `Repository` that has its own authorization
|
||||
class TreeEntryType < BaseObject
|
||||
implements Types::Tree::EntryType
|
||||
|
||||
|
@ -11,5 +13,6 @@ module Types
|
|||
|
||||
field :web_url, GraphQL::STRING_TYPE, null: true
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
# frozen_string_literal: true
|
||||
module Types
|
||||
module Tree
|
||||
# rubocop: disable Graphql/AuthorizeTypes
|
||||
# This is presented through `Repository` that has its own authorization
|
||||
class TreeType < BaseObject
|
||||
graphql_name 'Tree'
|
||||
|
||||
|
@ -13,6 +15,7 @@ module Types
|
|||
field :blobs, Types::Tree::BlobType.connection_type, null: false, resolve: -> (obj, args, ctx) do
|
||||
Gitlab::Graphql::Representation::TreeEntry.decorate(obj.blobs, obj.repository)
|
||||
end
|
||||
# rubocop: enable Graphql/AuthorizeTypes
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -7,4 +7,6 @@ describe GitlabSchema.types['Label'] do
|
|||
|
||||
is_expected.to have_graphql_fields(*expected_fields)
|
||||
end
|
||||
|
||||
it { is_expected.to require_graphql_authorizations(:read_label) }
|
||||
end
|
||||
|
|
|
@ -2,4 +2,5 @@ require 'spec_helper'
|
|||
|
||||
describe GitlabSchema.types['Metadata'] do
|
||||
it { expect(described_class.graphql_name).to eq('Metadata') }
|
||||
it { is_expected.to require_graphql_authorizations(:read_instance_metadata) }
|
||||
end
|
||||
|
|
|
@ -13,4 +13,6 @@ describe GitlabSchema.types['Namespace'] do
|
|||
|
||||
is_expected.to have_graphql_fields(*expected_fields)
|
||||
end
|
||||
|
||||
it { is_expected.to require_graphql_authorizations(:read_namespace) }
|
||||
end
|
||||
|
|
|
@ -34,9 +34,5 @@ describe GitlabSchema.types['Query'] do
|
|||
is_expected.to have_graphql_type(Types::MetadataType)
|
||||
is_expected.to have_graphql_resolver(Resolvers::MetadataResolver)
|
||||
end
|
||||
|
||||
it 'authorizes with read_instance_metadata' do
|
||||
is_expected.to require_graphql_authorizations(:read_instance_metadata)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -58,9 +58,7 @@ describe 'getting projects', :nested_groups do
|
|||
it 'finds only public projects' do
|
||||
post_graphql(query, current_user: nil)
|
||||
|
||||
expect(graphql_data['namespace']['projects']['edges'].size).to eq(1)
|
||||
project = graphql_data['namespace']['projects']['edges'][0]['node']
|
||||
expect(project['id']).to eq(public_project.to_global_id.to_s)
|
||||
expect(graphql_data['namespace']).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue