Merge branch 'ajk-gql-ci-job-permission-check' into 'master'

Enforce permission check on CI builds in GraphQL See merge request gitlab-org/gitlab!50882

Merge branch 'ajk-gql-ci-job-permission-check' into 'master'
Enforce permission check on CI builds in GraphQL See merge request gitlab-org/gitlab!50882
52a7120a · Rémy Coutable · 77ffacbc · d9cd4d65 · 52a7120a · 52a7120a
Commit 52a7120a authored Jan 11, 2021 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

app/graphql/types/ci/job_type.rb app/graphql/types/ci/job_type.rb +1 -1

spec/graphql/types/ci/job_type_spec.rb spec/graphql/types/ci/job_type_spec.rb +1 -0

No files found.
--- a/app/graphql/types/ci/job_type.rb
+++ b/app/graphql/types/ci/job_type.rb
@@ -2,9 +2,9 @@

 module Types
  module Ci
-    # rubocop: disable Graphql/AuthorizeTypes
    class JobType < BaseObject
      graphql_name 'CiJob'
+      authorize :read_commit_status

      field :pipeline, Types::Ci::PipelineType, null: true,
            description: 'Pipeline the job belongs to'

--- a/spec/graphql/types/ci/job_type_spec.rb
+++ b/spec/graphql/types/ci/job_type_spec.rb
@@ -4,6 +4,7 @@ require 'spec_helper'

 RSpec.describe Types::Ci::JobType do
  specify { expect(described_class.graphql_name).to eq('CiJob') }
+  specify { expect(described_class).to require_graphql_authorizations(:read_commit_status) }

  it 'exposes the expected fields' do
    expected_fields = %i[