Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Check for all scalar types60800-properly-authorize-our-own-graphql-scalar-types | Brett Walker | 2019-04-22 | 1 | -1/+15 |
| | |||||
* | Only check abilities on rendered GraphQL nodes | Bob Van Landuyt | 2019-04-18 | 1 | -59/+71 |
| | | | | | With this we only check abilities on the rendered edges of a GraphQL connection instead of all the nodes in it. | ||||
* | Use parent object when authorizing scalar types | Brett Walker | 2019-04-04 | 1 | -31/+64 |
| | |||||
* | GraphQL Type authorization | Luke Duncalfe | 2019-04-03 | 1 | -0/+73 |
Enables authorizations to be defined on GraphQL Types. module Types class ProjectType < BaseObject authorize :read_project end end If a field has authorizations defined on it, and the return type of the field also has authorizations defined on it. then all of the combined permissions in the authorizations will be checked and must pass. Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417 |