Commit graph

28 commits

Author SHA1 Message Date
Bob Van Landuyt
eca8e6f09b Only check abilities on rendered GraphQL nodes
With this we only check abilities on the rendered edges of a GraphQL
connection instead of all the nodes in it.
2019-04-18 16:17:29 +02:00
Nick Thomas
beeeede2ee
Fix a KeyError in GitlabSchema 2019-04-04 18:57:34 +01:00
Nick Thomas
a2d044bf97 Merge branch '57831-allow-graphql-scalar-fields-to-be-authorized' into 'master'
Allow GraphQL Scalar-fields to be authorized

Closes 

See merge request 
2019-04-04 17:12:43 +00:00
Brett Walker
6643b92b88 Use parent object when authorizing scalar types 2019-04-04 09:03:21 -05:00
Brett Walker
f458c56107 Initial field and query complexity limits
It makes all Types::BaseField default to a complexity of 1.

Queries themselves now have limited complexity, scaled
to the type of user: no user, authenticated user, or an
admin user.
2019-04-04 08:39:30 -05:00
Luke Duncalfe
8207f7877f GraphQL Type authorization
Enables authorizations to be defined on GraphQL Types.

    module Types
      class ProjectType < BaseObject
        authorize :read_project
      end
    end

If a field has authorizations defined on it, and the return type of the
field also has authorizations defined on it. then all of the combined
permissions in the authorizations will be checked and must pass.

Connection fields are checked by "digging" to find the type class of the
"node" field in the expected location of edges->node.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
2019-04-03 14:36:33 +13:00
Bob Van Landuyt
e756dca0c5 Extra permissions in Project & Issue GraphQL
Allow extra permissions for the `Types::ProjectType` and
`Types:IssueType` GraphQL types. As we'll be adding more permissions
in CE.

Now this spec only validates if all the expected permissions are
present, but it will not fail if there are more.
2019-04-01 10:55:33 +02:00
Sam Bigelow
1a14e5230e Add merge request popover with details
- Show pipeline status, title, MR Status and project path
- Popover attached to gitlab flavored markdown everywhere, including:
  + MR/Issue Title
  + MR/Issue description
  + MR/Issue comments
  + Rendered markdown files
2019-03-21 10:24:18 -04:00
Douwe Maan
01b1076bd8 Apply suggestion to spec/graphql/types/query_type_spec.rb 2019-03-05 15:46:00 +00:00
Nick Thomas
21779d0018
Add metadata about the GitLab server to GraphQL 2019-03-05 15:00:32 +00:00
Luke Duncalfe
ccb4edbca1 Improve GraphQL Authorization DSL
Previously GraphQL field authorization happened like this:

    class ProjectType
      field :my_field, MyFieldType do
        authorize :permission
      end
    end

This change allowed us to authorize like this instead:

    class ProjectType
      field :my_field, MyFieldType, authorize: :permission
    end

A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:

    field.metadata[:authorize]

The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.

https://gitlab.com/gitlab-org/gitlab-ce/issues/57828
2019-02-26 10:22:12 +13:00
Rémy Coutable
87dfe5a27a
Add GraphQL filters for issuables (state, labels, time fields)
Signed-off-by: Rémy Coutable <remy@rymai.me>
2019-02-21 09:40:49 +01:00
Lin Jen-Shin
30918929ad Implement singular iid for IssuesResolver and ProjectType 2019-02-14 15:52:17 +08:00
Lin Jen-Shin
564b86a314 Allow authorize on array of objects for GraphQL
And add tests
2019-02-14 15:52:17 +08:00
Lin Jen-Shin
7be1f0842f Add tests for BaseResolver and update accordingly 2019-02-14 15:52:17 +08:00
Lin Jen-Shin
91e9e50a11 Add field mergeRequests for project in GraphQL
And fix the tests so that it won't run into circular paths.
2019-02-14 15:52:17 +08:00
Lin Jen-Shin
ee60128cef Add argument iids to IssuesResolver 2019-02-01 23:55:44 +08:00
Rémy Coutable
3a2abc1d50
Enable the Layout/ExtraSpacing cop
Signed-off-by: Rémy Coutable <remy@rymai.me>
2019-01-24 13:05:45 +01:00
Phil Hughes
50e21a89a0
Suggests issues when typing title
This suggests possibly related issues when the user types a title.

This uses GraphQL to allow the frontend to request the exact
data that is requires. We also get free caching through the Vue Apollo
plugin.

With this we can include the ability to import .graphql files in JS
and Vue files.
Also we now have the Vue test utils library to make testing
Vue components easier.

Closes 
2018-11-27 15:10:40 +00:00
Tuomo Ala-Vannesluoma
c84b60b164 Make GitLab pages support access control 2018-10-05 13:41:11 +00:00
Bob Van Landuyt
3bcb04f100 Add mutation toggling WIP state of merge requests
This is mainly the setup of mutations for GraphQL. Including
authorization and basic return type-structure.
2018-07-25 18:37:12 +02:00
Bob Van Landuyt
04b046587f Add pipeline lists to GraphQL
This adds Keyset pagination to GraphQL lists. PoC for that is
pipelines on merge requests and projects.

When paginating a list, the base-64 encoded id of the ordering
field (in most cases the primary key) can be passed in the `before` or
`after` GraphQL argument.
2018-07-04 10:53:39 +02:00
Bob Van Landuyt
54b56f20b7 Expose permissions on types in GraphQL
This adds a reusable way to expose permissions for a user to types in
GraphQL.
2018-06-28 13:50:17 +02:00
Bob Van Landuyt
9403b1d951 Allow querying a single MR within a project
This allows the user to get a single MR nested in a GraphQL project
query.

Since we need the full path and the iid anyway, this makes more sense
than having a root query that needs the full path as well.
2018-06-15 14:38:32 +02:00
Bob Van Landuyt
9b65d4bb41 Initial setup GraphQL using graphql-ruby 1.8
- All definitions have been replaced by classes:
  http://graphql-ruby.org/schema/class_based_api.html
- Authorization & Presentation have been refactored to work in the
  class based system
- Loaders have been replaced by resolvers
- Times are now coersed as ISO 8601
2018-06-06 10:58:54 +02:00
Bob Van Landuyt
aa4b1ae712 Add present_using to types
By specifying a presenter for the object type, we can keep the logic
out of `GitlabSchema`.

The presenter gets initialized using the object being presented, and
the context (including the `current_user`).
2018-06-05 20:47:42 +02:00
Nick Thomas
287c34ca1f Convert from GraphQL::Batch to BatchLoader 2018-06-05 20:47:42 +02:00
Nick Thomas
9c6c17cbcd Add a minimal GraphQL API 2018-06-05 20:47:42 +02:00