debian-mirror-gitlab/lib/gitlab/graphql/authorize/authorize_resource.rb

# frozen_string_literal: true

module Gitlab
  module Graphql
    module Authorize
      module AuthorizeResource
        extend ActiveSupport::Concern
        ConfigurationError = Class.new(StandardError)

        RESOURCE_ACCESS_ERROR = "The resource that you are attempting to access does " \
          "not exist or you don't have permission to perform this action"

        class_methods do
          def required_permissions
            # If the `#authorize` call is used on multiple classes, we add the
            # permissions specified on a subclass, to the ones that were specified
            # on its superclass.
            @required_permissions ||= if respond_to?(:superclass) && superclass.respond_to?(:required_permissions)
                                        superclass.required_permissions.dup
                                      else
                                        []
                                      end
          end

          def authorize(*permissions)
            required_permissions.concat(permissions)
          end

          def authorizes_object?
            defined?(@authorizes_object) ? @authorizes_object : false
          end

          def authorizes_object!
            @authorizes_object = true
          end

          def raise_resource_not_available_error!(msg = RESOURCE_ACCESS_ERROR)
            raise ::Gitlab::Graphql::Errors::ResourceNotAvailable, msg
          end
        end

        def find_object(*args)
          raise NotImplementedError, "Implement #find_object in #{self.class.name}"
        end

        def authorized_find!(*args, **kwargs)
          object = Graphql::Lazy.force(find_object(*args, **kwargs))

          authorize!(object)

          object
        end

        def authorize!(object)
          raise_resource_not_available_error! unless authorized_resource?(object)
        end

        def authorized_resource?(object)
          raise ConfigurationError, "#{self.class.name} has no authorizations" if self.class.authorization.none?

          self.class.authorization.ok?(object, current_user)
        end

        def raise_resource_not_available_error!(*args)
          self.class.raise_resource_not_available_error!(*args)
        end
      end
    end
  end
end
New upstream version 11.7.5 2019-02-15 15:39:39 +05:30			`# frozen_string_literal: true`

New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`module Gitlab`
			`module Graphql`
			`module Authorize`
			`module AuthorizeResource`
			`extend ActiveSupport::Concern`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`ConfigurationError = Class.new(StandardError)`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`RESOURCE_ACCESS_ERROR = "The resource that you are attempting to access does " \`
			`"not exist or you don't have permission to perform this action"`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`class_methods do`
			`def required_permissions`
			# If the `#authorize` call is used on multiple classes, we add the
			`# permissions specified on a subclass, to the ones that were specified`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`# on its superclass.`
			`@required_permissions \|\|= if respond_to?(:superclass) && superclass.respond_to?(:required_permissions)`
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`superclass.required_permissions.dup`
			`else`
			`[]`
			`end`
			`end`

			`def authorize(*permissions)`
			`required_permissions.concat(permissions)`
			`end`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30
			`def authorizes_object?`
			`defined?(@authorizes_object) ? @authorizes_object : false`
			`end`

			`def authorizes_object!`
			`@authorizes_object = true`
			`end`

			`def raise_resource_not_available_error!(msg = RESOURCE_ACCESS_ERROR)`
			`raise ::Gitlab::Graphql::Errors::ResourceNotAvailable, msg`
			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`

			`def find_object(*args)`
			`raise NotImplementedError, "Implement #find_object in #{self.class.name}"`
			`end`

New upstream version 13.5.5 2021-01-03 14:25:43 +05:30			`def authorized_find!(args, *kwargs)`
			`object = Graphql::Lazy.force(find_object(args, *kwargs))`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`authorize!(object)`

			`object`
			`end`

			`def authorize!(object)`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`raise_resource_not_available_error! unless authorized_resource?(object)`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`

New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`def authorized_resource?(object)`
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`raise ConfigurationError, "#{self.class.name} has no authorizations" if self.class.authorization.none?`
New upstream version 12.1.11 2019-09-30 21:07:59 +05:30
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`self.class.authorization.ok?(object, current_user)`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30
New upstream version 13.11.2+ds1 2021-04-29 21:17:54 +05:30			`def raise_resource_not_available_error!(*args)`
			`self.class.raise_resource_not_available_error!(*args)`
New upstream version 12.6.1 2020-01-01 13:55:28 +05:30			`end`
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`end`
			`end`
			`end`
			`end`