diff options
Diffstat (limited to 'app/graphql/resolvers/milestones_resolver.rb')
-rw-r--r-- | app/graphql/resolvers/milestones_resolver.rb | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/app/graphql/resolvers/milestones_resolver.rb b/app/graphql/resolvers/milestones_resolver.rb index dc6d781f584..25ff783b408 100644 --- a/app/graphql/resolvers/milestones_resolver.rb +++ b/app/graphql/resolvers/milestones_resolver.rb @@ -4,6 +4,11 @@ module Resolvers class MilestonesResolver < BaseResolver include Gitlab::Graphql::Authorize::AuthorizeResource include TimeFrameArguments + include LooksAhead + + # authorize before resolution + authorize :read_milestone + authorizes_object! argument :ids, [GraphQL::Types::ID], required: false, @@ -34,12 +39,10 @@ module Resolvers NON_STABLE_CURSOR_SORTS = %i[expired_last_due_date_asc expired_last_due_date_desc].freeze - def resolve(**args) + def resolve_with_lookahead(**args) validate_timeframe_params!(args) - authorize! - - milestones = MilestonesFinder.new(milestones_finder_params(args)).execute + milestones = apply_lookahead(MilestonesFinder.new(milestones_finder_params(args)).execute) if non_stable_cursor_sort?(args[:sort]) offset_pagination(milestones) @@ -50,6 +53,12 @@ module Resolvers private + def preloads + { + releases: :releases + } + end + def milestones_finder_params(args) { ids: parse_gids(args[:ids]), @@ -69,12 +78,6 @@ module Resolvers raise NotImplementedError end - # MilestonesFinder does not check for current_user permissions, - # so for now we need to keep it here. - def authorize! - Ability.allowed?(context[:current_user], :read_milestone, parent) || raise_resource_not_available_error! - end - def parse_gids(gids) gids&.map { |gid| GitlabSchema.parse_gid(gid, expected_type: Milestone).model_id } end |