app/graphql/subscriptions/notes/base.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

# frozen_string_literal: true

module Subscriptions
  module Notes
    class Base < ::Subscriptions::BaseSubscription
      include Gitlab::Graphql::Laziness

      argument :noteable_id, ::Types::GlobalIDType[::Noteable],
        required: false,
        description: 'ID of the noteable.'

      def subscribe(*args)
        nil
      end

      def authorized?(noteable_id:)
        noteable = force(GitlabSchema.find_by_gid(noteable_id))

        # unsubscribe if user cannot read the noteable anymore for any reason, e.g. issue was set confidential,
        # in the meantime the read note permissions is checked within its corresponding returned type, i.e. NoteType
        unauthorized! unless noteable && Ability.allowed?(current_user, :"read_#{noteable.to_ability_name}", noteable)

        true
      end
    end
  end
end