Module: Gitlab::Graphql::Authorize::AuthorizeResource

Extended by:

ActiveSupport::Concern

Included in:

Mutations::Achievements::Award, Mutations::Achievements::Create, Mutations::Achievements::Delete, Mutations::Achievements::DeleteUserAchievement, Mutations::Achievements::Revoke, Mutations::Achievements::Update, Mutations::BaseMutation, Mutations::CustomerRelations::Contacts::Base, Mutations::CustomerRelations::Contacts::Create, Mutations::CustomerRelations::Organizations::Create, Mutations::Issues::BulkUpdate, Resolvers::AbuseReportLabelsResolver, Resolvers::Admin::Analytics::UsageTrends::MeasurementsResolver, Resolvers::AwardEmoji::BaseVotesCountResolver, Resolvers::BlameResolver, Resolvers::BlobsResolver, Resolvers::BoardListResolver, Resolvers::BoardListsResolver, Resolvers::BulkLabelsResolver, Resolvers::Ci::ConfigResolver, Resolvers::Ci::JobTokenScopeResolver, Resolvers::Ci::PipelineTriggersResolver, Resolvers::Ci::RunnerGroupsResolver, Resolvers::Ci::RunnerJobCountResolver, Resolvers::Ci::RunnerJobsResolver, Resolvers::Ci::RunnerProjectsResolver, Resolvers::Ci::RunnersResolver, Resolvers::Ci::TestSuiteResolver, Resolvers::CodequalityReportsComparerResolver, Resolvers::Crm::ContactStateCountsResolver, Resolvers::Crm::ContactsResolver, Resolvers::Crm::OrganizationStateCountsResolver, Resolvers::Crm::OrganizationsResolver, Resolvers::DataTransfer::GroupDataTransferResolver, Resolvers::DataTransfer::ProjectDataTransferResolver, Resolvers::DesignManagement::DesignAtVersionResolver, Resolvers::DesignManagement::Version::DesignAtVersionResolver, Resolvers::DesignManagement::Version::DesignsAtVersionResolver, Resolvers::DesignManagement::VersionInCollectionResolver, Resolvers::DesignManagement::VersionResolver, Resolvers::Environments::NestedEnvironmentsResolver, Resolvers::GroupMembers::NotificationEmailResolver, Resolvers::LabelsResolver, Resolvers::MembersResolver, Resolvers::MilestonesResolver, Resolvers::Notes::SyntheticNoteResolver, Resolvers::Organizations::GroupsResolver, Resolvers::Organizations::OrganizationResolver, Resolvers::Organizations::OrganizationUsersResolver, Resolvers::PackagePipelinesResolver, Resolvers::ProjectJobsResolver, Resolvers::ProjectPipelineStatisticsResolver, Resolvers::Projects::CommitReferencesResolver, Resolvers::Projects::ForkTargetsResolver, Resolvers::Projects::JiraProjectsResolver, Resolvers::Projects::ServicesResolver, Resolvers::Snippets::BlobsResolver, Resolvers::UserDiscussionsCountResolver, Resolvers::UserNotesCountResolver, Resolvers::UserResolver, Resolvers::Users::GroupsResolver, Resolvers::UsersResolver, Resolvers::WorkItemResolver, Resolvers::WorkItems::WorkItemDiscussionsResolver, Types::Admin::Analytics::UsageTrends::MeasurementType

Defined in:

lib/gitlab/graphql/authorize/authorize_resource.rb

Constant Summary

ConfigurationError =

Class.new(StandardError)

RESOURCE_ACCESS_ERROR =

"The resource that you are attempting to access does " \
"not exist or you don't have permission to perform this action"

Instance Method Summary

• #authorize!(object) ⇒ Object
• #authorized_find!(*args, **kwargs) ⇒ Object
• #authorized_resource?(object) ⇒ Boolean
• #find_object(id:) ⇒ Object
• #raise_resource_not_available_error! ⇒ Object

Instance Method Details

#authorize!(object) ⇒ Object

# File 'lib/gitlab/graphql/authorize/authorize_resource.rb', line 60

def authorize!(object)
  raise_resource_not_available_error! unless authorized_resource?(object)
end

#authorized_find!(*args, **kwargs) ⇒ Object

# File 'lib/gitlab/graphql/authorize/authorize_resource.rb', line 52

def authorized_find!(*args, **kwargs)
  object = Graphql::Lazy.force(find_object(*args, **kwargs))

  authorize!(object)

  object
end

#authorized_resource?(object) ⇒ Boolean

Returns:

• (Boolean)

Raises:

• (ConfigurationError)

# File 'lib/gitlab/graphql/authorize/authorize_resource.rb', line 64

def authorized_resource?(object)
  raise ConfigurationError, "#{self.class.name} has no authorizations" if self.class.authorization.none?

  self.class.authorization.ok?(object, current_user)
end

#find_object(id:) ⇒ Object

# File 'lib/gitlab/graphql/authorize/authorize_resource.rb', line 48

def find_object(id:)
  GitlabSchema.find_by_gid(id)
end

#raise_resource_not_available_error! ⇒ Object

# File 'lib/gitlab/graphql/authorize/authorize_resource.rb', line 70

def raise_resource_not_available_error!(...)
  self.class.raise_resource_not_available_error!(...)
end