Class: Types::Ci::JobBaseField

Inherits:
BaseField
  • Object
show all
Defined in:
app/graphql/types/ci/job_base_field.rb

Overview

JobBaseField ensures that only allow-listed fields can be returned without a permission check. All other fields go through a permissions check based on the :job_field_authorization value passed in the context. rubocop: disable Graphql/AuthorizeTypes

Constant Summary collapse

PUBLIC_FIELDS = 
%i[allow_failure duration id kind status created_at finished_at queued_at queued_duration
updated_at runner].freeze

Constants inherited from BaseField

BaseField::DEFAULT_COMPLEXITY

Instance Attribute Summary collapse

Attributes inherited from BaseField

#doc_reference

Instance Method Summary collapse

Methods inherited from BaseField

#base_complexity, #calls_gitaly?, #complexity_for, #constant_complexity?, #may_call_gitaly?, #requires_argument?

Methods included from Gitlab::Graphql::Deprecations

#visible?

Constructor Details

#initialize(**kwargs, &block) ⇒ JobBaseField

Returns a new instance of JobBaseField.



14
15
16
17
18
 
# File 'app/graphql/types/ci/job_base_field.rb', line 14

def initialize(**kwargs, &block)
  @if_unauthorized = kwargs.delete(:if_unauthorized)

  super
end

Instance Attribute Details

#if_unauthorizedObject

Returns the value of attribute if_unauthorized.



12
13
14
 
# File 'app/graphql/types/ci/job_base_field.rb', line 12

def if_unauthorized
  @if_unauthorized
end

Instance Method Details

#authorized?(object, args, ctx) ⇒ Boolean

Returns:

  • (Boolean) 


20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'app/graphql/types/ci/job_base_field.rb', line 20

def authorized?(object, args, ctx)
  current_user = ctx[:current_user]
  permission = ctx[:job_field_authorization]

  if permission.nil? ||
      PUBLIC_FIELDS.include?(ctx[:current_field].original_name) ||
      current_user.can?(permission, object)
    return super
  end

  false
end