diff options
Diffstat (limited to 'app/graphql/resolvers/user_resolver.rb')
| -rw-r--r-- | app/graphql/resolvers/user_resolver.rb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/app/graphql/resolvers/user_resolver.rb b/app/graphql/resolvers/user_resolver.rb index 99fd0d4927d..f0fd60e9cbb 100644 --- a/app/graphql/resolvers/user_resolver.rb +++ b/app/graphql/resolvers/user_resolver.rb @@ -2,6 +2,8 @@ module Resolvers class UserResolver < BaseResolver + include Gitlab::Graphql::Authorize::AuthorizeResource + description 'Retrieve a single user' type Types::UserType, null: true @@ -23,6 +25,8 @@ module Resolvers end def resolve(id: nil, username: nil) + authorize! + if id GitlabSchema.object_from_id(id, expected_type: User) else @@ -39,5 +43,9 @@ module Resolvers end end end + + def authorize! + raise_resource_not_available_error! unless context[:current_user].present? + end end end |