Commit graph

20 commits

Author SHA1 Message Date
GitLab Bot
c6af94ea4e Add latest changes from gitlab-org/gitlab@master 2021-04-19 12:09:04 +00:00
GitLab Bot
09ff71d425 Add latest changes from gitlab-org/gitlab@master 2021-03-29 15:09:30 +00:00
GitLab Bot
5a80b10a84 Add latest changes from gitlab-org/gitlab@master 2021-03-27 00:09:34 +00:00
GitLab Bot
93b0b77287 Add latest changes from gitlab-org/gitlab@master 2021-03-24 03:09:04 +00:00
GitLab Bot
4d16568658 Add latest changes from gitlab-org/gitlab@master 2021-03-18 06:11:52 +00:00
GitLab Bot
74780f24f2 Add latest changes from gitlab-org/gitlab@master 2021-03-03 09:10:53 +00:00
GitLab Bot
ae42530b1b Add latest changes from gitlab-org/gitlab@master 2020-12-04 18:09:55 +00:00
GitLab Bot
7985071975 Add latest changes from gitlab-org/gitlab@master 2020-09-21 12:09:34 +00:00
GitLab Bot
bdca097916 Add latest changes from gitlab-org/gitlab@master 2020-08-11 03:11:00 +00:00
GitLab Bot
4f5c8572e9 Add latest changes from gitlab-org/gitlab@master 2020-06-16 18:09:01 +00:00
GitLab Bot
5bfb8d1fad Add latest changes from gitlab-org/gitlab@master 2020-03-18 18:09:35 +00:00
GitLab Bot
163a7046ac Add latest changes from gitlab-org/gitlab@master 2020-02-18 15:08:51 +00:00
GitLab Bot
c8f773a859 Add latest changes from gitlab-org/gitlab@master 2020-01-30 21:08:47 +00:00
GitLab Bot
d64e3a8b28 Add latest changes from gitlab-org/gitlab@master 2019-10-29 12:06:40 +00:00
Brett Walker
ec2b4bb65d Upgrade graphql gem to 1.9.10
- `edge_nodes` needs to get called on the object
- added `include GlobalID::Identification` in a couple places
- renamed `object` to `item` in spec due to conflict
2019-09-04 21:57:37 +00:00
Bob Van Landuyt
ed503d51a3 Expose IDs in GraphQL as a GlobalID
This exposes all fields named `id` as GlobalIDs so they can be used
across our entire GraphQL implementation.

When the objects loaded are `ApplicationRecord`s. We'll use our
existing batchloading to find them. Otherwise, we'll fall back to the
default implementation of `GlobalID`: Calling the `.find` method on
the class.
2019-06-03 21:59:25 +02:00
Bob Van Landuyt
eca8e6f09b Only check abilities on rendered GraphQL nodes
With this we only check abilities on the rendered edges of a GraphQL
connection instead of all the nodes in it.
2019-04-18 16:17:29 +02:00
Brett Walker
6643b92b88 Use parent object when authorizing scalar types 2019-04-04 09:03:21 -05:00
Luke Duncalfe
8207f7877f GraphQL Type authorization
Enables authorizations to be defined on GraphQL Types.

    module Types
      class ProjectType < BaseObject
        authorize :read_project
      end
    end

If a field has authorizations defined on it, and the return type of the
field also has authorizations defined on it. then all of the combined
permissions in the authorizations will be checked and must pass.

Connection fields are checked by "digging" to find the type class of the
"node" field in the expected location of edges->node.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
2019-04-03 14:36:33 +13:00
Luke Duncalfe
ccb4edbca1 Improve GraphQL Authorization DSL
Previously GraphQL field authorization happened like this:

    class ProjectType
      field :my_field, MyFieldType do
        authorize :permission
      end
    end

This change allowed us to authorize like this instead:

    class ProjectType
      field :my_field, MyFieldType, authorize: :permission
    end

A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:

    field.metadata[:authorize]

The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.

https://gitlab.com/gitlab-org/gitlab-ce/issues/57828
2019-02-26 10:22:12 +13:00