ccb4edbca1
Previously GraphQL field authorization happened like this:
class ProjectType
field :my_field, MyFieldType do
authorize :permission
end
end
This change allowed us to authorize like this instead:
class ProjectType
field :my_field, MyFieldType, authorize: :permission
end
A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:
field.metadata[:authorize]
The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.
https://gitlab.com/gitlab-org/gitlab-ce/issues/57828
15 lines
399 B
Ruby
15 lines
399 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Gitlab
|
|
module Graphql
|
|
# Allow fields to declare permissions their objects must have. The field
|
|
# will be set to nil unless all required permissions are present.
|
|
module Authorize
|
|
extend ActiveSupport::Concern
|
|
|
|
def self.use(schema_definition)
|
|
schema_definition.instrument(:field, Instrumentation.new)
|
|
end
|
|
end
|
|
end
|
|
end
|