Merge branch 'graphql-include-authorization-for-mutations' into 'master'

Include AuthorizeResource module for all mutations

See merge request gitlab-org/gitlab-ce!30243

app/graphql/mutations/award_emojis/base.rb

@@ -3,8 +3,6 @@
 module Mutations
   module AwardEmojis
     class Base < BaseMutation
-      include Gitlab::Graphql::Authorize::AuthorizeResource
-
       authorize :award_emoji
 
       argument :awardable_id,

app/graphql/mutations/base_mutation.rb

@@ -2,6 +2,7 @@
 
 module Mutations
   class BaseMutation < GraphQL::Schema::RelayClassicMutation
+    prepend Gitlab::Graphql::Authorize::AuthorizeResource
     prepend Gitlab::Graphql::CopyFieldDescription
 
     field :errors, [GraphQL::STRING_TYPE],

app/graphql/mutations/merge_requests/base.rb

@@ -3,7 +3,6 @@
 module Mutations
   module MergeRequests
     class Base < BaseMutation
-      include Gitlab::Graphql::Authorize::AuthorizeResource
       include Mutations::ResolvesProject
 
       argument :project_path, GraphQL::ID_TYPE,

app/graphql/mutations/notes/base.rb

@@ -3,8 +3,6 @@
 module Mutations
   module Notes
     class Base < BaseMutation
-      include Gitlab::Graphql::Authorize::AuthorizeResource
-
       field :note,
             Types::Notes::NoteType,
             null: true,

doc/development/api_graphql_styleguide.md

@@ -424,12 +424,8 @@ Will generate a field called `mergeRequestSetWip` that
 
 ### Authorizing resources
 
-To authorize resources inside a mutation, we can include the
-`Gitlab::Graphql::Authorize::AuthorizeResource` concern in the
-mutation.
-
-This allows us to provide the required abilities on the mutation like
-this:
+To authorize resources inside a mutation, we first provide the required
+ abilities on the mutation like this:
 
 ```ruby
 module Mutations