- 05 9月, 2019 1 次提交
-
-
由 Brett Walker 提交于
- Due to https://github.com/exAspArk/batch-loader/pull/32, we changed BatchLoader.for into BatchLoader::GraphQL.for - since our results are wrapped in a BatchLoader::GraphQL, calling `sync` during authorization is required to get real object - `graphql` now has it's own authorization system. Our `authorized?` method conflicted and required renaming
-
- 21 6月, 2019 1 次提交
-
-
由 Bob Van Landuyt 提交于
This makes sure we also enforce authorizations for non-nullable fields. We are defining our authorizations on the unwrapped types (Repository). But when a type like that is presented in a non-nullable field, it's type is different (Repository!). The non-nullable type would not have the authorization metadata. This makes sure we check the metadata on the unwrapped type for finding authorizations.
-
- 23 4月, 2019 1 次提交
-
-
由 Brett Walker 提交于
-
- 18 4月, 2019 1 次提交
-
-
由 Bob Van Landuyt 提交于
With this we only check abilities on the rendered edges of a GraphQL connection instead of all the nodes in it.
-
- 04 4月, 2019 1 次提交
-
-
由 Brett Walker 提交于
-
- 03 4月, 2019 1 次提交
-
-
由 Luke Duncalfe 提交于
Enables authorizations to be defined on GraphQL Types. module Types class ProjectType < BaseObject authorize :read_project end end If a field has authorizations defined on it, and the return type of the field also has authorizations defined on it. then all of the combined permissions in the authorizations will be checked and must pass. Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
-