Commit 4c4a43d7 authored by Alex Kalderimis's avatar Alex Kalderimis

Use read-based permissions

The permission level for an object should be read-only. There is no
need to mention the `create` ability.

Happily, these levels are currently synonymous, so this is not a
breaking change.
parent af7dd254
......@@ -6,7 +6,7 @@ module Types
graphql_name 'DastProfile'
description 'Represents a DAST Profile'
authorize :create_on_demand_dast_scan
authorize :read_on_demand_scans
field :id, ::Types::GlobalIDType[::Dast::Profile], null: false,
description: 'ID of the profile.'
......
......@@ -5,7 +5,7 @@ module Types
graphql_name 'DastSiteProfile'
description 'Represents a DAST Site Profile'
authorize :create_on_demand_dast_scan
authorize :read_on_demand_scans
expose_permissions Types::PermissionTypes::DastSiteProfile
......
......@@ -9,7 +9,7 @@ RSpec.describe GitlabSchema.types['DastProfile'] do
let_it_be(:fields) { %i[id name description dastSiteProfile dastScannerProfile editPath] }
specify { expect(described_class.graphql_name).to eq('DastProfile') }
specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
specify { expect(described_class).to require_graphql_authorizations(:read_on_demand_scans) }
it { expect(described_class).to have_graphql_fields(fields) }
......
......@@ -25,7 +25,7 @@ RSpec.describe GitlabSchema.types['DastSiteProfile'] do
end
specify { expect(described_class.graphql_name).to eq('DastSiteProfile') }
specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
specify { expect(described_class).to require_graphql_authorizations(:read_on_demand_scans) }
specify { expect(described_class).to expose_permissions_using(Types::PermissionTypes::DastSiteProfile) }
it { expect(described_class).to have_graphql_fields(fields) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment