diff options
author | Luke Duncalfe <lduncalfe@eml.cc> | 2019-02-18 04:19:49 +0300 |
---|---|---|
committer | Luke Duncalfe <lduncalfe@eml.cc> | 2019-02-26 00:22:12 +0300 |
commit | ccb4edbca1aa7e94a76a5a8d361af02fd093e1b9 (patch) | |
tree | 833f8cd26fc162cc3b71e0a46ed4db69d4e69cde /spec/lib/gitlab/graphql/authorize | |
parent | 7ff0c8ae57e6a88c86afae4f8e08bfacfb34d761 (diff) |
Improve GraphQL Authorization DSL
Previously GraphQL field authorization happened like this:
class ProjectType
field :my_field, MyFieldType do
authorize :permission
end
end
This change allowed us to authorize like this instead:
class ProjectType
field :my_field, MyFieldType, authorize: :permission
end
A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:
field.metadata[:authorize]
The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.
https://gitlab.com/gitlab-org/gitlab-ce/issues/57828
Diffstat (limited to 'spec/lib/gitlab/graphql/authorize')
-rw-r--r-- | spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb b/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb index 95bf7685ade..13cf52fd795 100644 --- a/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb +++ b/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb @@ -100,4 +100,22 @@ describe Gitlab::Graphql::Authorize::AuthorizeResource do expect { fake_class.new.find_object }.to raise_error(/Implement #find_object in #{fake_class.name}/) end end + + describe '#authorize' do + it 'adds permissions from subclasses to those of superclasses when used on classes' do + base_class = Class.new do + include Gitlab::Graphql::Authorize::AuthorizeResource + + authorize :base_authorization + end + + sub_class = Class.new(base_class) do + authorize :sub_authorization + end + + expect(base_class.required_permissions).to contain_exactly(:base_authorization) + expect(sub_class.required_permissions) + .to contain_exactly(:base_authorization, :sub_authorization) + end + end end |