diff options
Diffstat (limited to 'app/graphql/mutations/base_mutation.rb')
| -rw-r--r-- | app/graphql/mutations/base_mutation.rb | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/app/graphql/mutations/base_mutation.rb b/app/graphql/mutations/base_mutation.rb index ac5ddc5bd4c..1f18a37fcb9 100644 --- a/app/graphql/mutations/base_mutation.rb +++ b/app/graphql/mutations/base_mutation.rb @@ -2,13 +2,14 @@ module Mutations class BaseMutation < GraphQL::Schema::RelayClassicMutation - prepend Gitlab::Graphql::Authorize::AuthorizeResource + include Gitlab::Graphql::Authorize::AuthorizeResource prepend Gitlab::Graphql::CopyFieldDescription prepend ::Gitlab::Graphql::GlobalIDCompatibility ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance' field_class ::Types::BaseField + argument_class ::Types::BaseArgument field :errors, [GraphQL::STRING_TYPE], null: false, @@ -28,11 +29,29 @@ module Mutations end def ready?(**args) - if Gitlab::Database.read_only? - raise Gitlab::Graphql::Errors::ResourceNotAvailable, ERROR_MESSAGE - else - true + raise_resource_not_available_error! ERROR_MESSAGE if Gitlab::Database.read_only? + + true + end + + def load_application_object(argument, lookup_as_type, id, context) + ::Gitlab::Graphql::Lazy.new { super }.catch(::GraphQL::UnauthorizedError) do |e| + Gitlab::ErrorTracking.track_exception(e) + # The default behaviour is to abort processing and return nil for the + # entire mutation field, but not set any top-level errors. We prefer to + # at least say that something went wrong. + raise_resource_not_available_error! end end + + def self.authorized?(object, context) + # we never provide an object to mutations, but we do need to have a user. + context[:current_user].present? && !context[:current_user].blocked? + end + + # See: AuthorizeResource#authorized_resource? + def self.authorization + @authorization ||= ::Gitlab::Graphql::Authorize::ObjectAuthorization.new(authorize) + end end end |