diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-02 12:07:57 +0000 |
commit | 988b28ec1a379d38f6ac9ed04886ee564fd447fd (patch) | |
tree | 9d93267209387e62d23ea7abf81ef9c0d64f2f0b /app/controllers/graphql_controller.rb | |
parent | a325f3a104748ecc68df7c3d793940aa709a111f (diff) | |
download | gitlab-ce-988b28ec1a379d38f6ac9ed04886ee564fd447fd.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/graphql_controller.rb')
-rw-r--r-- | app/controllers/graphql_controller.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index d7ff2ded5ae..522d171b5bf 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -15,6 +15,11 @@ class GraphqlController < ApplicationController before_action :authorize_access_api! before_action(only: [:execute]) { authenticate_sessionless_user!(:api) } + # Since we deactivate authentication from the main ApplicationController and + # defer it to :authorize_access_api!, we need to override the bypass session + # callback execution order here + around_action :sessionless_bypass_admin_mode!, if: :sessionless_user? + def execute result = multiplex? ? execute_multiplex : execute_query |