debian-mirror-gitlab/lib/gitlab/graphql/authorize/instrumentation.rb

26 lines
707 B
Ruby
Raw Normal View History

2019-02-15 15:39:39 +05:30
# frozen_string_literal: true
2018-11-08 19:23:39 +05:30
module Gitlab
module Graphql
module Authorize
class Instrumentation
# Replace the resolver for the field with one that will only return the
# resolved object if the permissions check is successful.
def instrument(_type, field)
2019-07-07 11:18:12 +05:30
service = AuthorizeFieldService.new(field)
2018-11-08 19:23:39 +05:30
2019-12-26 22:10:19 +05:30
if service.authorizations? && !resolver_skips_authorizations?(field)
2019-07-07 11:18:12 +05:30
field.redefine { resolve(service.authorized_resolve) }
else
field
2018-11-08 19:23:39 +05:30
end
end
2019-12-26 22:10:19 +05:30
def resolver_skips_authorizations?(field)
field.metadata[:resolver].try(:skip_authorizations?)
end
2018-11-08 19:23:39 +05:30
end
end
end
end