diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2019-06-18 18:33:47 +0200 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2019-06-21 13:00:50 +0200 |
commit | 967cbd083492f72ef59ddc9a98d7f67a7fe85d21 (patch) | |
tree | 3fffb0d26eeb4a2c6324b478ad31dfdd4f049951 /app/policies | |
parent | 703d0246ff6647802c0e2ddb064d0360b8fcfb94 (diff) | |
download | gitlab-ce-967cbd083492f72ef59ddc9a98d7f67a7fe85d21.tar.gz |
Enforce authorizations for non-nullable fields
This makes sure we also enforce authorizations for non-nullable
fields.
We are defining our authorizations on the unwrapped
types (Repository). But when a type like that is presented in a
non-nullable field, it's type is different (Repository!). The
non-nullable type would not have the authorization metadata.
This makes sure we check the metadata on the unwrapped type for
finding authorizations.
Diffstat (limited to 'app/policies')
-rw-r--r-- | app/policies/repository_policy.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/policies/repository_policy.rb b/app/policies/repository_policy.rb new file mode 100644 index 00000000000..32340749858 --- /dev/null +++ b/app/policies/repository_policy.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +class RepositoryPolicy < BasePolicy + delegate { @subject.project } +end |