lib/gitlab/graphql/authorize/object_authorization.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

# frozen_string_literal: true

module Gitlab
  module Graphql
    module Authorize
      class ObjectAuthorization
        attr_reader :abilities

        def initialize(abilities)
          @abilities = Array.wrap(abilities).flatten
        end

        def none?
          abilities.empty?
        end

        def any?
          abilities.present?
        end

        def ok?(object, current_user)
          return true if none?

          subject = object.try(:declarative_policy_subject) || object
          abilities.all? do |ability|
            Ability.allowed?(current_user, ability, subject)
          end
        end
      end
    end
  end
end