Class: Types::Ci::JobBaseField
- Defined in:
- app/graphql/types/ci/job_base_field.rb
Overview
JobBaseField ensures that only allow-listed fields can be returned without a permission check. All other fields go through a permissions check based on the :job_field_authorization value passed in the context. rubocop: disable Graphql/AuthorizeTypes
Constant Summary collapse
- PUBLIC_FIELDS =
%i[allow_failure duration id kind status created_at finished_at queued_at queued_duration updated_at runner].freeze
Constants inherited from BaseField
Instance Attribute Summary collapse
-
#if_unauthorized ⇒ Object
Returns the value of attribute if_unauthorized.
Attributes inherited from BaseField
Instance Method Summary collapse
- #authorized?(object, args, ctx) ⇒ Boolean
-
#initialize(**kwargs, &block) ⇒ JobBaseField
constructor
A new instance of JobBaseField.
Methods inherited from BaseField
#base_complexity, #calls_gitaly?, #complexity_for, #constant_complexity?, #may_call_gitaly?, #requires_argument?
Methods included from Gitlab::Graphql::Deprecations
Constructor Details
#initialize(**kwargs, &block) ⇒ JobBaseField
Returns a new instance of JobBaseField.
14 15 16 17 18 |
# File 'app/graphql/types/ci/job_base_field.rb', line 14 def initialize(**kwargs, &block) @if_unauthorized = kwargs.delete(:if_unauthorized) super end |
Instance Attribute Details
#if_unauthorized ⇒ Object
Returns the value of attribute if_unauthorized.
12 13 14 |
# File 'app/graphql/types/ci/job_base_field.rb', line 12 def @if_unauthorized end |
Instance Method Details
#authorized?(object, args, ctx) ⇒ Boolean
20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'app/graphql/types/ci/job_base_field.rb', line 20 def (object, args, ctx) current_user = ctx[:current_user] = ctx[:job_field_authorization] if .nil? || PUBLIC_FIELDS.include?(ctx[:current_field].original_name) || current_user.can?(, object) return super end false end |