app/graphql/resolvers/milestone_resolver.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# frozen_string_literal: true

module Resolvers
  class MilestoneResolver < BaseResolver
    include Gitlab::Graphql::Authorize::AuthorizeResource
    include TimeFrameArguments

    argument :state, Types::MilestoneStateEnum,
              required: false,
              description: 'Filter milestones by state'

    type Types::MilestoneType, null: true

    def resolve(**args)
      validate_timeframe_params!(args)

      authorize!

      MilestonesFinder.new(milestones_finder_params(args)).execute
    end

    private

    def milestones_finder_params(args)
      {
        state: args[:state] || 'all',
        start_date: args[:start_date],
        end_date: args[:end_date]
      }.merge(parent_id_parameter)
    end

    def parent
      @parent ||= object.respond_to?(:sync) ? object.sync : object
    end

    def parent_id_parameter
      if parent.is_a?(Group)
        { group_ids: parent.id }
      elsif parent.is_a?(Project)
        { project_ids: parent.id }
      end
    end

    # MilestonesFinder does not check for current_user permissions,
    # so for now we need to keep it here.
    def authorize!
      Ability.allowed?(context[:current_user], :read_milestone, parent) || raise_resource_not_available_error!
    end
  end
end