Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
eff42d59
Commit
eff42d59
authored
Apr 22, 2019
by
Brett Walker
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Check for all scalar types
parent
46bdbc5d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
18 additions
and
4 deletions
+18
-4
lib/gitlab/graphql/authorize/authorize_field_service.rb
lib/gitlab/graphql/authorize/authorize_field_service.rb
+3
-3
spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
.../gitlab/graphql/authorize/authorize_field_service_spec.rb
+15
-1
No files found.
lib/gitlab/graphql/authorize/authorize_field_service.rb
View file @
eff42d59
...
@@ -48,7 +48,7 @@ module Gitlab
...
@@ -48,7 +48,7 @@ module Gitlab
end
end
def
authorize_against
(
parent_typed_object
,
resolved_type
)
def
authorize_against
(
parent_typed_object
,
resolved_type
)
if
built_in
_type?
if
scalar
_type?
# The field is a built-in/scalar type, or a list of scalars
# The field is a built-in/scalar type, or a list of scalars
# authorize using the parent's object
# authorize using the parent's object
parent_typed_object
.
object
parent_typed_object
.
object
...
@@ -108,8 +108,8 @@ module Gitlab
...
@@ -108,8 +108,8 @@ module Gitlab
type
.
unwrap
type
.
unwrap
end
end
def
built_in
_type?
def
scalar
_type?
GraphQL
::
Schema
::
BUILT_IN_TYPES
.
has_value?
(
node_type_for_basic_connection
(
@field
.
type
))
node_type_for_basic_connection
(
@field
.
type
).
kind
.
scalar?
end
end
end
end
end
end
...
...
spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
View file @
eff42d59
...
@@ -45,7 +45,7 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
...
@@ -45,7 +45,7 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
end
end
end
end
context
"when the field is a scalar type"
do
context
"when the field is a
built-in
scalar type"
do
let
(
:field
)
{
type_with_field
(
GraphQL
::
STRING_TYPE
,
:read_field
).
fields
[
"testField"
].
to_graphql
}
let
(
:field
)
{
type_with_field
(
GraphQL
::
STRING_TYPE
,
:read_field
).
fields
[
"testField"
].
to_graphql
}
let
(
:expected_permissions
)
{
[
:read_field
]
}
let
(
:expected_permissions
)
{
[
:read_field
]
}
...
@@ -58,6 +58,20 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
...
@@ -58,6 +58,20 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
it_behaves_like
"checking permissions on the presented object"
it_behaves_like
"checking permissions on the presented object"
end
end
context
"when the field is sub-classed scalar type"
do
let
(
:field
)
{
type_with_field
(
Types
::
TimeType
,
:read_field
).
fields
[
"testField"
].
to_graphql
}
let
(
:expected_permissions
)
{
[
:read_field
]
}
it_behaves_like
"checking permissions on the presented object"
end
context
"when the field is a list of sub-classed scalar types"
do
let
(
:field
)
{
type_with_field
([
Types
::
TimeType
],
:read_field
).
fields
[
"testField"
].
to_graphql
}
let
(
:expected_permissions
)
{
[
:read_field
]
}
it_behaves_like
"checking permissions on the presented object"
end
end
end
context
"when the field is a specific type"
do
context
"when the field is a specific type"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment