summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
Commit message (Collapse)AuthorAgeFilesLines
* Replace echo function with a resolverBrett Walker2019-08-261-1/+4
| | | | | The `GraphQL::Function` has been deprecated in favor of resolvers.
* Enforce authorizations for non-nullable fieldsBob Van Landuyt2019-06-211-34/+48
| | | | | | | | | | | | | This makes sure we also enforce authorizations for non-nullable fields. We are defining our authorizations on the unwrapped types (Repository). But when a type like that is presented in a non-nullable field, it's type is different (Repository!). The non-nullable type would not have the authorization metadata. This makes sure we check the metadata on the unwrapped type for finding authorizations.
* Check for all scalar types60800-properly-authorize-our-own-graphql-scalar-typesBrett Walker2019-04-221-1/+15
|
* Only check abilities on rendered GraphQL nodesBob Van Landuyt2019-04-181-59/+71
| | | | | With this we only check abilities on the rendered edges of a GraphQL connection instead of all the nodes in it.
* Use parent object when authorizing scalar typesBrett Walker2019-04-041-31/+64
|
* GraphQL Type authorizationLuke Duncalfe2019-04-031-0/+73
Enables authorizations to be defined on GraphQL Types. module Types class ProjectType < BaseObject authorize :read_project end end If a field has authorizations defined on it, and the return type of the field also has authorizations defined on it. then all of the combined permissions in the authorizations will be checked and must pass. Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
View Lorry Controller Status