diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2019-06-18 18:33:47 +0200 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2019-06-21 13:00:50 +0200 |
commit | 967cbd083492f72ef59ddc9a98d7f67a7fe85d21 (patch) | |
tree | 3fffb0d26eeb4a2c6324b478ad31dfdd4f049951 /lib/gitlab | |
parent | 703d0246ff6647802c0e2ddb064d0360b8fcfb94 (diff) | |
download | gitlab-ce-967cbd083492f72ef59ddc9a98d7f67a7fe85d21.tar.gz |
Enforce authorizations for non-nullable fields
This makes sure we also enforce authorizations for non-nullable
fields.
We are defining our authorizations on the unwrapped
types (Repository). But when a type like that is presented in a
non-nullable field, it's type is different (Repository!). The
non-nullable type would not have the authorization metadata.
This makes sure we check the metadata on the unwrapped type for
finding authorizations.
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/graphql/authorize/authorize_field_service.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/gitlab/graphql/authorize/authorize_field_service.rb b/lib/gitlab/graphql/authorize/authorize_field_service.rb index 619ce100421..3b5dde2fde5 100644 --- a/lib/gitlab/graphql/authorize/authorize_field_service.rb +++ b/lib/gitlab/graphql/authorize/authorize_field_service.rb @@ -39,6 +39,8 @@ module Gitlab type = node_type_for_basic_connection(type) end + type = type.unwrap if type.kind.non_null? + Array.wrap(type.metadata[:authorize]) end |