| Age | Commit message (Collapse) | Author |
|---|
|
With this we only check abilities on the rendered edges of a GraphQL
connection instead of all the nodes in it.
|
|
|
|
Allow GraphQL Scalar-fields to be authorized
Closes #57831
See merge request gitlab-org/gitlab-ce!26338
|
|
|
|
It makes all Types::BaseField default to a complexity of 1.
Queries themselves now have limited complexity, scaled
to the type of user: no user, authenticated user, or an
admin user.
|
|
Enables authorizations to be defined on GraphQL Types.
module Types
class ProjectType < BaseObject
authorize :read_project
end
end
If a field has authorizations defined on it, and the return type of the
field also has authorizations defined on it. then all of the combined
permissions in the authorizations will be checked and must pass.
Connection fields are checked by "digging" to find the type class of the
"node" field in the expected location of edges->node.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
|
|
Allow extra permissions for the `Types::ProjectType` and
`Types:IssueType` GraphQL types. As we'll be adding more permissions
in CE.
Now this spec only validates if all the expected permissions are
present, but it will not fail if there are more.
|
|
- Show pipeline status, title, MR Status and project path
- Popover attached to gitlab flavored markdown everywhere, including:
+ MR/Issue Title
+ MR/Issue description
+ MR/Issue comments
+ Rendered markdown files
|
|
|
|
|
|
Previously GraphQL field authorization happened like this:
class ProjectType
field :my_field, MyFieldType do
authorize :permission
end
end
This change allowed us to authorize like this instead:
class ProjectType
field :my_field, MyFieldType, authorize: :permission
end
A new initializer registers the `authorize` metadata keyword on GraphQL
Schema Objects and Fields, and we can collect this data within the
context of Instrumentation like this:
field.metadata[:authorize]
The previous functionality of authorize is still being used for
mutations, as the #authorize method here is called at during the code
that executes during the mutation, rather than when a field resolves.
https://gitlab.com/gitlab-org/gitlab-ce/issues/57828
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
|
|
And add tests
|
|
|
|
And fix the tests so that it won't run into circular paths.
|
|
|
|
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|
This suggests possibly related issues when the user types a title.
This uses GraphQL to allow the frontend to request the exact
data that is requires. We also get free caching through the Vue Apollo
plugin.
With this we can include the ability to import .graphql files in JS
and Vue files.
Also we now have the Vue test utils library to make testing
Vue components easier.
Closes #22071
|
|
|
|
This is mainly the setup of mutations for GraphQL. Including
authorization and basic return type-structure.
|
|
This adds Keyset pagination to GraphQL lists. PoC for that is
pipelines on merge requests and projects.
When paginating a list, the base-64 encoded id of the ordering
field (in most cases the primary key) can be passed in the `before` or
`after` GraphQL argument.
|
|
This adds a reusable way to expose permissions for a user to types in
GraphQL.
|
|
This allows the user to get a single MR nested in a GraphQL project
query.
Since we need the full path and the iid anyway, this makes more sense
than having a root query that needs the full path as well.
|
|
- All definitions have been replaced by classes:
http://graphql-ruby.org/schema/class_based_api.html
- Authorization & Presentation have been refactored to work in the
class based system
- Loaders have been replaced by resolvers
- Times are now coersed as ISO 8601
|
|
By specifying a presenter for the object type, we can keep the logic
out of `GitlabSchema`.
The presenter gets initialized using the object being presented, and
the context (including the `current_user`).
|
|
|
|
|
