Allow authorize on array of objects for GraphQL

And add tests
author: Lin Jen-Shin <godfat@godfat.org> 2019-02-12 23:30:23 +0800
committer: Lin Jen-Shin <godfat@godfat.org> 2019-02-14 15:52:17 +0800
commit: 564b86a3145cd5f7eae8071ef244dc684bcd5031 (patch)
tree: 15c4a5db6bf9f9ed8018b4c6f989a8095616c1eb /lib
parent: 7be1f0842f281305f2c36e2b6066842d8e87875c (diff)
download: gitlab-ce-564b86a3145cd5f7eae8071ef244dc684bcd5031.tar.gz
1 files changed, 18 insertions, 3 deletions
diff --git a/lib/gitlab/graphql/authorize/instrumentation.rb b/lib/gitlab/graphql/authorize/instrumentation.rb
index d638d2b43ee..d6d3ff300f6 100644
--- a/lib/gitlab/graphql/authorize/instrumentation.rb
+++ b/lib/gitlab/graphql/authorize/instrumentation.rb
@@ -35,10 +35,25 @@ module Gitlab
         private
 
         def build_checker(current_user, abilities)
-          proc do |obj|
+          lambda do |value|
             # Load the elements if they weren't loaded by BatchLoader yet
-            obj = obj.sync if obj.respond_to?(:sync)
-            obj if abilities.all? { |ability| Ability.allowed?(current_user, ability, obj) }
+            value = value.sync if value.respond_to?(:sync)
+
+            check = lambda do |object|
+              abilities.all? do |ability|
+                Ability.allowed?(current_user, ability, object)
+              end
+            end
+
+            checked =
+              case value
+              when Array
+                value.all?(&check)
+              else
+                check.call(value)
+              end
+
+            value if checked
           end
         end
       end
author	Lin Jen-Shin <godfat@godfat.org>	2019-02-12 23:30:23 +0800
committer	Lin Jen-Shin <godfat@godfat.org>	2019-02-14 15:52:17 +0800
commit	564b86a3145cd5f7eae8071ef244dc684bcd5031 (patch)
tree	15c4a5db6bf9f9ed8018b4c6f989a8095616c1eb /lib
parent	7be1f0842f281305f2c36e2b6066842d8e87875c (diff)
download	gitlab-ce-564b86a3145cd5f7eae8071ef244dc684bcd5031.tar.gz