diff options
author | Brett Walker <bwalker@gitlab.com> | 2019-09-04 17:42:48 +0000 |
---|---|---|
committer | Mayra Cabrera <mcabrera@gitlab.com> | 2019-09-04 17:42:48 +0000 |
commit | aa7b1cfc5b3319373a4b56c755b1fc1d4cbaff02 (patch) | |
tree | ba078b30d36bf8ed8d5ec8fece71871e40d85a2c /lib/gitlab/graphql | |
parent | 29e3a08b8f8f9511dd6e25566bc9abb135a597c4 (diff) | |
download | gitlab-ce-aa7b1cfc5b3319373a4b56c755b1fc1d4cbaff02.tar.gz |
Upgrade GraphQL gem to 1.8.17
- Due to https://github.com/exAspArk/batch-loader/pull/32,
we changed BatchLoader.for into BatchLoader::GraphQL.for
- since our results are wrapped in a BatchLoader::GraphQL,
calling `sync` during authorization is required to get real object
- `graphql` now has it's own authorization system. Our
`authorized?` method conflicted and required renaming
Diffstat (limited to 'lib/gitlab/graphql')
7 files changed, 17 insertions, 11 deletions
diff --git a/lib/gitlab/graphql/authorize/authorize_field_service.rb b/lib/gitlab/graphql/authorize/authorize_field_service.rb index 3b5dde2fde5..0b11ea2f608 100644 --- a/lib/gitlab/graphql/authorize/authorize_field_service.rb +++ b/lib/gitlab/graphql/authorize/authorize_field_service.rb @@ -54,14 +54,14 @@ module Gitlab # The field is a built-in/scalar type, or a list of scalars # authorize using the parent's object parent_typed_object.object - elsif resolved_type.respond_to?(:object) - # The field is a type representing a single object, we'll authorize - # against the object directly - resolved_type.object elsif @field.connection? || resolved_type.is_a?(Array) # The field is a connection or a list of non-built-in types, we'll # authorize each element when rendering nil + elsif resolved_type.respond_to?(:object) + # The field is a type representing a single object, we'll authorize + # against the object directly + resolved_type.object else # Resolved type is a single object that might not be loaded yet by # the batchloader, we'll authorize that diff --git a/lib/gitlab/graphql/authorize/authorize_resource.rb b/lib/gitlab/graphql/authorize/authorize_resource.rb index ef5caaf5b0e..6844367454f 100644 --- a/lib/gitlab/graphql/authorize/authorize_resource.rb +++ b/lib/gitlab/graphql/authorize/authorize_resource.rb @@ -29,19 +29,25 @@ module Gitlab def authorized_find!(*args) object = find_object(*args) + object = object.sync if object.respond_to?(:sync) + authorize!(object) object end def authorize!(object) - unless authorized?(object) + unless authorized_resource?(object) raise Gitlab::Graphql::Errors::ResourceNotAvailable, "The resource that you are attempting to access does not exist or you don't have permission to perform this action" end end - def authorized?(object) + # this was named `#authorized?`, however it conflicts with the native + # graphql gem version + # TODO consider adopting the gem's built in authorization system + # https://gitlab.com/gitlab-org/gitlab-ee/issues/13984 + def authorized_resource?(object) # Sanity check. We don't want to accidentally allow a developer to authorize # without first adding permissions to authorize against if self.class.required_permissions.empty? diff --git a/lib/gitlab/graphql/loaders/batch_lfs_oid_loader.rb b/lib/gitlab/graphql/loaders/batch_lfs_oid_loader.rb index 8f34e58a771..67511c124e4 100644 --- a/lib/gitlab/graphql/loaders/batch_lfs_oid_loader.rb +++ b/lib/gitlab/graphql/loaders/batch_lfs_oid_loader.rb @@ -9,7 +9,7 @@ module Gitlab end def find - BatchLoader.for(blob_id).batch(key: repository) do |blob_ids, loader, batch_args| + BatchLoader::GraphQL.for(blob_id).batch(key: repository) do |blob_ids, loader, batch_args| Gitlab::Git::Blob.batch_lfs_pointers(batch_args[:key], blob_ids).each do |loaded_blob| loader.call(loaded_blob.id, loaded_blob.lfs_oid) end diff --git a/lib/gitlab/graphql/loaders/batch_model_loader.rb b/lib/gitlab/graphql/loaders/batch_model_loader.rb index 50d3293fcbb..164fe74148c 100644 --- a/lib/gitlab/graphql/loaders/batch_model_loader.rb +++ b/lib/gitlab/graphql/loaders/batch_model_loader.rb @@ -12,7 +12,7 @@ module Gitlab # rubocop: disable CodeReuse/ActiveRecord def find - BatchLoader.for({ model: model_class, id: model_id.to_i }).batch do |loader_info, loader| + BatchLoader::GraphQL.for({ model: model_class, id: model_id.to_i }).batch do |loader_info, loader| per_model = loader_info.group_by { |info| info[:model] } per_model.each do |model, info| ids = info.map { |i| i[:id] } diff --git a/lib/gitlab/graphql/loaders/batch_project_statistics_loader.rb b/lib/gitlab/graphql/loaders/batch_project_statistics_loader.rb index 5e151f4dbd7..449f4160a6c 100644 --- a/lib/gitlab/graphql/loaders/batch_project_statistics_loader.rb +++ b/lib/gitlab/graphql/loaders/batch_project_statistics_loader.rb @@ -11,7 +11,7 @@ module Gitlab end def find - BatchLoader.for(project_id).batch do |project_ids, loader| + BatchLoader::GraphQL.for(project_id).batch do |project_ids, loader| ProjectStatistics.for_project_ids(project_ids).each do |statistics| loader.call(statistics.project_id, statistics) end diff --git a/lib/gitlab/graphql/loaders/batch_root_storage_statistics_loader.rb b/lib/gitlab/graphql/loaders/batch_root_storage_statistics_loader.rb index a0312366d66..366aa74d435 100644 --- a/lib/gitlab/graphql/loaders/batch_root_storage_statistics_loader.rb +++ b/lib/gitlab/graphql/loaders/batch_root_storage_statistics_loader.rb @@ -11,7 +11,7 @@ module Gitlab end def find - BatchLoader.for(namespace_id).batch do |namespace_ids, loader| + BatchLoader::GraphQL.for(namespace_id).batch do |namespace_ids, loader| Namespace::RootStorageStatistics.for_namespace_ids(namespace_ids).each do |statistics| loader.call(statistics.namespace_id, statistics) end diff --git a/lib/gitlab/graphql/loaders/pipeline_for_sha_loader.rb b/lib/gitlab/graphql/loaders/pipeline_for_sha_loader.rb index 81c5cabf451..70344392138 100644 --- a/lib/gitlab/graphql/loaders/pipeline_for_sha_loader.rb +++ b/lib/gitlab/graphql/loaders/pipeline_for_sha_loader.rb @@ -11,7 +11,7 @@ module Gitlab end def find_last - BatchLoader.for(sha).batch(key: project) do |shas, loader, args| + BatchLoader::GraphQL.for(sha).batch(key: project) do |shas, loader, args| pipelines = args[:key].ci_pipelines.latest_for_shas(shas) pipelines.each do |pipeline| |