Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-02 12:07:57 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-03-02 12:07:57 +0000
commit: 988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch)
tree: 9d93267209387e62d23ea7abf81ef9c0d64f2f0b /app/controllers/graphql_controller.rb
parent: a325f3a104748ecc68df7c3d793940aa709a111f (diff)
download: gitlab-ce-988b28ec1a379d38f6ac9ed04886ee564fd447fd.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index d7ff2ded5ae..522d171b5bf 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -15,6 +15,11 @@ class GraphqlController < ApplicationController
   before_action :authorize_access_api!
   before_action(only: [:execute]) { authenticate_sessionless_user!(:api) }
 
+  # Since we deactivate authentication from the main ApplicationController and
+  # defer it to :authorize_access_api!, we need to override the bypass session
+  # callback execution order here
+  around_action :sessionless_bypass_admin_mode!, if: :sessionless_user?
+
   def execute
     result = multiplex? ? execute_multiplex : execute_query
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-02 12:07:57 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-03-02 12:07:57 +0000
commit	988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch)
tree	9d93267209387e62d23ea7abf81ef9c0d64f2f0b /app/controllers/graphql_controller.rb
parent	a325f3a104748ecc68df7c3d793940aa709a111f (diff)
download	gitlab-ce-988b28ec1a379d38f6ac9ed04886ee564fd447fd.tar.gz