8207f7877f
Enables authorizations to be defined on GraphQL Types. module Types class ProjectType < BaseObject authorize :read_project end end If a field has authorizations defined on it, and the return type of the field also has authorizations defined on it. then all of the combined permissions in the authorizations will be checked and must pass. Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
21 lines
539 B
Ruby
21 lines
539 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Gitlab
|
|
module Graphql
|
|
module Authorize
|
|
class Instrumentation
|
|
# Replace the resolver for the field with one that will only return the
|
|
# resolved object if the permissions check is successful.
|
|
def instrument(_type, field)
|
|
service = AuthorizeFieldService.new(field)
|
|
|
|
if service.authorizations?
|
|
field.redefine { resolve(service.authorized_resolve) }
|
|
else
|
|
field
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|