Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
564b86a3
Commit
564b86a3
authored
Feb 12, 2019
by
Lin Jen-Shin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow authorize on array of objects for GraphQL
And add tests
parent
7be1f084
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
64 additions
and
5 deletions
+64
-5
app/graphql/types/project_type.rb
app/graphql/types/project_type.rb
+1
-1
lib/gitlab/graphql/authorize/instrumentation.rb
lib/gitlab/graphql/authorize/instrumentation.rb
+18
-3
spec/graphql/types/project_type_spec.rb
spec/graphql/types/project_type_spec.rb
+2
-1
spec/lib/gitlab/graphql/authorize/instrumentation_spec.rb
spec/lib/gitlab/graphql/authorize/instrumentation_spec.rb
+43
-0
No files found.
app/graphql/types/project_type.rb
View file @
564b86a3
...
@@ -70,7 +70,7 @@ module Types
...
@@ -70,7 +70,7 @@ module Types
Types
::
MergeRequestType
.
connection_type
,
Types
::
MergeRequestType
.
connection_type
,
null:
true
,
null:
true
,
resolver:
Resolvers
::
MergeRequestsResolver
do
resolver:
Resolvers
::
MergeRequestsResolver
do
#
authorize :read_merge_request
authorize
:read_merge_request
end
end
field
:merge_request
,
field
:merge_request
,
...
...
lib/gitlab/graphql/authorize/instrumentation.rb
View file @
564b86a3
...
@@ -35,10 +35,25 @@ module Gitlab
...
@@ -35,10 +35,25 @@ module Gitlab
private
private
def
build_checker
(
current_user
,
abilities
)
def
build_checker
(
current_user
,
abilities
)
proc
do
|
obj
|
lambda
do
|
value
|
# Load the elements if they weren't loaded by BatchLoader yet
# Load the elements if they weren't loaded by BatchLoader yet
obj
=
obj
.
sync
if
obj
.
respond_to?
(
:sync
)
value
=
value
.
sync
if
value
.
respond_to?
(
:sync
)
obj
if
abilities
.
all?
{
|
ability
|
Ability
.
allowed?
(
current_user
,
ability
,
obj
)
}
check
=
lambda
do
|
object
|
abilities
.
all?
do
|
ability
|
Ability
.
allowed?
(
current_user
,
ability
,
object
)
end
end
checked
=
case
value
when
Array
value
.
all?
(
&
check
)
else
check
.
call
(
value
)
end
value
if
checked
end
end
end
end
end
end
...
...
spec/graphql/types/project_type_spec.rb
View file @
564b86a3
...
@@ -15,7 +15,8 @@ describe GitlabSchema.types['Project'] do
...
@@ -15,7 +15,8 @@ describe GitlabSchema.types['Project'] do
end
end
it
'authorizes the merge requests'
do
it
'authorizes the merge requests'
do
skip
expect
(
described_class
.
fields
[
'mergeRequests'
])
.
to
require_graphql_authorizations
(
:read_merge_request
)
end
end
end
end
...
...
spec/lib/gitlab/graphql/authorize/instrumentation_spec.rb
0 → 100644
View file @
564b86a3
# frozen_string_literal: true
require
'spec_helper'
describe
Gitlab
::
Graphql
::
Authorize
::
Instrumentation
do
describe
'#build_checker'
do
let
(
:current_user
)
{
double
(
:current_user
)
}
let
(
:abilities
)
{
[
double
(
:first_ability
),
double
(
:last_ability
)]
}
let
(
:checker
)
do
described_class
.
new
.
__send__
(
:build_checker
,
current_user
,
abilities
)
end
it
'returns a checker which checks for a single object'
do
object
=
double
(
:object
)
abilities
.
each
do
|
ability
|
spy_ability_check_for
(
ability
,
object
)
end
expect
(
checker
.
call
(
object
)).
to
eq
(
object
)
end
it
'returns a checker which checks for all objects'
do
objects
=
[
double
(
:first
),
double
(
:last
)]
abilities
.
each
do
|
ability
|
objects
.
each
do
|
object
|
spy_ability_check_for
(
ability
,
object
)
end
end
expect
(
checker
.
call
(
objects
)).
to
eq
(
objects
)
end
def
spy_ability_check_for
(
ability
,
object
)
expect
(
Ability
)
.
to
receive
(
:allowed?
)
.
with
(
current_user
,
ability
,
object
)
.
and_return
(
true
)
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment