diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2019-07-12 08:16:53 +0000 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2019-07-12 08:16:53 +0000 |
commit | 0ae208dd9091eabe69e46a75e1ec70961116eb6f (patch) | |
tree | 06b8dccfb19965eb3a74c7c1f8dc336c1874c349 | |
parent | 2447c9ad3a4065a0f3d4f79aa3e78079d6ea2293 (diff) | |
parent | 67030789f5f5eff1d558e04cfbc9bf60316c46f0 (diff) | |
download | gitlab-ce-0ae208dd9091eabe69e46a75e1ec70961116eb6f.tar.gz |
Merge branch 'graphql-include-authorization-for-mutations' into 'master'
Include AuthorizeResource module for all mutations
See merge request gitlab-org/gitlab-ce!30243
-rw-r--r-- | app/graphql/mutations/award_emojis/base.rb | 2 | ||||
-rw-r--r-- | app/graphql/mutations/base_mutation.rb | 1 | ||||
-rw-r--r-- | app/graphql/mutations/merge_requests/base.rb | 1 | ||||
-rw-r--r-- | app/graphql/mutations/notes/base.rb | 2 | ||||
-rw-r--r-- | doc/development/api_graphql_styleguide.md | 8 |
5 files changed, 3 insertions, 11 deletions
diff --git a/app/graphql/mutations/award_emojis/base.rb b/app/graphql/mutations/award_emojis/base.rb index d868db84f9d..583744c3884 100644 --- a/app/graphql/mutations/award_emojis/base.rb +++ b/app/graphql/mutations/award_emojis/base.rb @@ -3,8 +3,6 @@ module Mutations module AwardEmojis class Base < BaseMutation - include Gitlab::Graphql::Authorize::AuthorizeResource - authorize :award_emoji argument :awardable_id, diff --git a/app/graphql/mutations/base_mutation.rb b/app/graphql/mutations/base_mutation.rb index 08d2a1f18a3..7273a74cb86 100644 --- a/app/graphql/mutations/base_mutation.rb +++ b/app/graphql/mutations/base_mutation.rb @@ -2,6 +2,7 @@ module Mutations class BaseMutation < GraphQL::Schema::RelayClassicMutation + prepend Gitlab::Graphql::Authorize::AuthorizeResource prepend Gitlab::Graphql::CopyFieldDescription field :errors, [GraphQL::STRING_TYPE], diff --git a/app/graphql/mutations/merge_requests/base.rb b/app/graphql/mutations/merge_requests/base.rb index e85d16fc2c5..28e0cdc8cc7 100644 --- a/app/graphql/mutations/merge_requests/base.rb +++ b/app/graphql/mutations/merge_requests/base.rb @@ -3,7 +3,6 @@ module Mutations module MergeRequests class Base < BaseMutation - include Gitlab::Graphql::Authorize::AuthorizeResource include Mutations::ResolvesProject argument :project_path, GraphQL::ID_TYPE, diff --git a/app/graphql/mutations/notes/base.rb b/app/graphql/mutations/notes/base.rb index a7198f5fba6..31dabc0a660 100644 --- a/app/graphql/mutations/notes/base.rb +++ b/app/graphql/mutations/notes/base.rb @@ -3,8 +3,6 @@ module Mutations module Notes class Base < BaseMutation - include Gitlab::Graphql::Authorize::AuthorizeResource - field :note, Types::Notes::NoteType, null: true, diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md index c83a0427c98..7569ccc04c1 100644 --- a/doc/development/api_graphql_styleguide.md +++ b/doc/development/api_graphql_styleguide.md @@ -424,12 +424,8 @@ Will generate a field called `mergeRequestSetWip` that ### Authorizing resources -To authorize resources inside a mutation, we can include the -`Gitlab::Graphql::Authorize::AuthorizeResource` concern in the -mutation. - -This allows us to provide the required abilities on the mutation like -this: +To authorize resources inside a mutation, we first provide the required + abilities on the mutation like this: ```ruby module Mutations |