1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# frozen_string_literal: true
module Types
class BaseObject < GraphQL::Schema::Object
prepend Gitlab::Graphql::Present
prepend Gitlab::Graphql::ExposePermissions
prepend Gitlab::Graphql::MarkdownField
field_class Types::BaseField
edge_type_class Types::BaseEdge
def self.authorize(*args)
raise 'Cannot redefine authorize' if @authorize_args && args.any?
@authorize_args = args.freeze if args.any?
@authorize_args || (superclass.respond_to?(:authorize) ? superclass.authorize : nil)
end
def self.accepts(*types)
@accepts ||= []
@accepts += types
@accepts
end
# All graphql fields exposing an id, should expose a global id.
def id
GitlabSchema.id_from_object(object)
end
def self.authorization_scopes
[:api, :read_api]
end
def self.authorization
@authorization ||= ::Gitlab::Graphql::Authorize::ObjectAuthorization.new(authorize, authorization_scopes)
end
def self.authorized?(object, context)
authorization.ok?(object, context[:current_user],
scope_validator: context[:scope_validator],
skip_abilities: context[:skip_type_authorization]
)
end
def current_user
context[:current_user]
end
def self.assignable?(object)
assignable = accepts
return true if assignable.blank?
assignable.any? { |cls| object.is_a?(cls) }
end
end
end
|
