diff options
| author | Luke Duncalfe <lduncalfe@eml.cc> | 2019-02-18 14:19:49 +1300 |
|---|---|---|
| committer | Luke Duncalfe <lduncalfe@eml.cc> | 2019-02-26 10:22:12 +1300 |
| commit | ccb4edbca1aa7e94a76a5a8d361af02fd093e1b9 (patch) | |
| tree | 833f8cd26fc162cc3b71e0a46ed4db69d4e69cde /app/graphql | |
| parent | 7ff0c8ae57e6a88c86afae4f8e08bfacfb34d761 (diff) | |
| download | gitlab-ce-ccb4edbca1aa7e94a76a5a8d361af02fd093e1b9.tar.gz | |
Improve GraphQL Authorization DSL
Previously GraphQL field authorization happened like this:
class ProjectType
field :my_field, MyFieldType do
authorize :permission
end
end
This change allowed us to authorize like this instead:
class ProjectType
field :my_field, MyFieldType, authorize: :permission
end
A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:
field.metadata[:authorize]
The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.
https://gitlab.com/gitlab-org/gitlab-ce/issues/57828
Diffstat (limited to 'app/graphql')
| -rw-r--r-- | app/graphql/types/issue_type.rb | 10 | ||||
| -rw-r--r-- | app/graphql/types/merge_request_type.rb | 4 | ||||
| -rw-r--r-- | app/graphql/types/project_type.rb | 10 | ||||
| -rw-r--r-- | app/graphql/types/query_type.rb | 5 |
4 files changed, 11 insertions, 18 deletions
diff --git a/app/graphql/types/issue_type.rb b/app/graphql/types/issue_type.rb index 87f6b1f8278..5ad3ea52930 100644 --- a/app/graphql/types/issue_type.rb +++ b/app/graphql/types/issue_type.rb @@ -15,18 +15,16 @@ module Types field :author, Types::UserType, null: false, - resolve: -> (obj, _args, _ctx) { Gitlab::Graphql::Loaders::BatchModelLoader.new(User, obj.author_id).find } do - authorize :read_user - end + resolve: -> (obj, _args, _ctx) { Gitlab::Graphql::Loaders::BatchModelLoader.new(User, obj.author_id).find }, + authorize: :read_user field :assignees, Types::UserType.connection_type, null: true field :labels, Types::LabelType.connection_type, null: true field :milestone, Types::MilestoneType, null: true, - resolve: -> (obj, _args, _ctx) { Gitlab::Graphql::Loaders::BatchModelLoader.new(Milestone, obj.milestone_id).find } do - authorize :read_milestone - end + resolve: -> (obj, _args, _ctx) { Gitlab::Graphql::Loaders::BatchModelLoader.new(Milestone, obj.milestone_id).find }, + authorize: :read_milestone field :due_date, Types::TimeType, null: true field :confidential, GraphQL::BOOLEAN_TYPE, null: false diff --git a/app/graphql/types/merge_request_type.rb b/app/graphql/types/merge_request_type.rb index 7827b6e3717..1ed27a14e33 100644 --- a/app/graphql/types/merge_request_type.rb +++ b/app/graphql/types/merge_request_type.rb @@ -48,9 +48,7 @@ module Types field :downvotes, GraphQL::INT_TYPE, null: false field :subscribed, GraphQL::BOOLEAN_TYPE, method: :subscribed?, null: false - field :head_pipeline, Types::Ci::PipelineType, null: true, method: :actual_head_pipeline do - authorize :read_pipeline - end + field :head_pipeline, Types::Ci::PipelineType, null: true, method: :actual_head_pipeline, authorize: :read_pipeline field :pipelines, Types::Ci::PipelineType.connection_type, resolver: Resolvers::MergeRequestPipelinesResolver end diff --git a/app/graphql/types/project_type.rb b/app/graphql/types/project_type.rb index d25c8c8bd90..3ef0cc5020c 100644 --- a/app/graphql/types/project_type.rb +++ b/app/graphql/types/project_type.rb @@ -69,16 +69,14 @@ module Types field :merge_requests, Types::MergeRequestType.connection_type, null: true, - resolver: Resolvers::MergeRequestsResolver do - authorize :read_merge_request - end + resolver: Resolvers::MergeRequestsResolver, + authorize: :read_merge_request field :merge_request, Types::MergeRequestType, null: true, - resolver: Resolvers::MergeRequestsResolver.single do - authorize :read_merge_request - end + resolver: Resolvers::MergeRequestsResolver.single, + authorize: :read_merge_request field :issues, Types::IssueType.connection_type, diff --git a/app/graphql/types/query_type.rb b/app/graphql/types/query_type.rb index 7c41716b82a..954bcc0a5a3 100644 --- a/app/graphql/types/query_type.rb +++ b/app/graphql/types/query_type.rb @@ -7,9 +7,8 @@ module Types field :project, Types::ProjectType, null: true, resolver: Resolvers::ProjectResolver, - description: "Find a project" do - authorize :read_project - end + description: "Find a project", + authorize: :read_project field :echo, GraphQL::STRING_TYPE, null: false, function: Functions::Echo.new end |