lib/gitlab/graphql/authorize.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

module Gitlab
  module Graphql
    # Allow fields to declare permissions their objects must have. The field
    # will be set to nil unless all required permissions are present.
    module Authorize
      extend ActiveSupport::Concern

      def self.use(schema_definition)
        schema_definition.instrument(:field, Instrumentation.new)
      end

      def required_permissions
        # If the `#authorize` call is used on multiple classes, we add the
        # permissions specified on a subclass, to the ones that were specified
        # on it's superclass.
        @required_permissions ||= if self.respond_to?(:superclass) && superclass.respond_to?(:required_permissions)
                                    superclass.required_permissions.dup
                                  else
                                    []
                                  end
      end

      def authorize(*permissions)
        required_permissions.concat(permissions)
      end
    end
  end
end