delta/gitlab/gitlab-ce.git/config/initializers/graphql.rb, branch lib-differences gitlab.com: gitlab-org/gitlab-ce.git GraphQL Type authorization 2019-04-03T01:36:33+00:00 Luke Duncalfe lduncalfe@eml.cc 2019-03-04T02:30:32+00:00 8207f7877fea6987cbd8ef26e6f01feca6608bd2 Enables authorizations to be defined on GraphQL Types. module Types class ProjectType < BaseObject authorize :read_project end end If a field has authorizations defined on it, and the return type of the field also has authorizations defined on it. then all of the combined permissions in the authorizations will be checked and must pass. Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417 
Enables authorizations to be defined on GraphQL Types.

    module Types
      class ProjectType < BaseObject
        authorize :read_project
      end
    end

If a field has authorizations defined on it, and the return type of the
field also has authorizations defined on it. then all of the combined
permissions in the authorizations will be checked and must pass.

Connection fields are checked by "digging" to find the type class of the
"node" field in the expected location of edges->node.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
Types::BaseField accepts authorize after reload 2019-03-04T10:19:28+00:00 Bob Van Landuyt bob@vanlanduyt.co 2019-03-01T17:30:42+00:00 58aaa766a44b8b2105f59bf7fcc5a26447bdf286 When working on files in `app/graphql` the code correctly gets autoloaded. However, the redefined `Types::BaseField` would never receive the `.accepts_definition` call, causing all queries after a reload to fail. Calling `.accepts_definition` on its superclass makes sure the reloaded version also has the `authorize` definition specified. 
When working on files in `app/graphql` the code correctly gets
autoloaded.

However, the redefined `Types::BaseField` would never receive the
`.accepts_definition` call, causing all queries after a reload to
fail. Calling `.accepts_definition` on its superclass makes sure the
reloaded version also has the `authorize` definition specified.
Improve GraphQL Authorization DSL 2019-02-25T21:22:12+00:00 Luke Duncalfe lduncalfe@eml.cc 2019-02-18T01:19:49+00:00 ccb4edbca1aa7e94a76a5a8d361af02fd093e1b9 Previously GraphQL field authorization happened like this: class ProjectType field :my_field, MyFieldType do authorize :permission end end This change allowed us to authorize like this instead: class ProjectType field :my_field, MyFieldType, authorize: :permission end A new initializer registers the `authorize` metadata keyword on GraphQL Schema Objects and Fields, and we can collect this data within the context of Instrumentation like this: field.metadata[:authorize] The previous functionality of authorize is still being used for mutations, as the #authorize method here is called at during the code that executes during the mutation, rather than when a field resolves. https://gitlab.com/gitlab-org/gitlab-ce/issues/57828 
Previously GraphQL field authorization happened like this:

    class ProjectType
      field :my_field, MyFieldType do
        authorize :permission
      end
    end

This change allowed us to authorize like this instead:

    class ProjectType
      field :my_field, MyFieldType, authorize: :permission
    end

A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:

    field.metadata[:authorize]

The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.

https://gitlab.com/gitlab-org/gitlab-ce/issues/57828