Class: Gitlab::Graphql::Authz::BoundaryExtractor
- Inherits:
-
Object
- Object
- Gitlab::Graphql::Authz::BoundaryExtractor
- Defined in:
- lib/gitlab/graphql/authz/boundary_extractor.rb
Overview
Extracts authorization boundary (Project/Group) from GraphQL field resolution
Usage in authorization directives:
-
‘boundary_argument: ’arg_name’‘ - Extracts boundary from argument (GlobalID or full_path string)
-
‘boundary: ’method_name’‘ - Calls method on resolved object, or falls back to :id argument for query fields
-
‘boundary: ’user’‘ or `boundary: ’instance’‘ - For standalone resources without project/group boundaries
Constant Summary collapse
- STANDALONE_BOUNDARIES =
%w[user instance].freeze
- VALID_BOUNDARY_ACCESSOR_METHODS =
%w[project group itself].freeze
Instance Method Summary collapse
- #extract ⇒ Object
-
#initialize(object:, arguments:, context:, directive:) ⇒ BoundaryExtractor
constructor
A new instance of BoundaryExtractor.
Constructor Details
#initialize(object:, arguments:, context:, directive:) ⇒ BoundaryExtractor
Returns a new instance of BoundaryExtractor.
16 17 18 19 20 21 22 |
# File 'lib/gitlab/graphql/authz/boundary_extractor.rb', line 16 def initialize(object:, arguments:, context:, directive:) @object = object @arguments = arguments @context = context @directive = directive @boundary_accessor = directive.arguments[:boundary] end |
Instance Method Details
#extract ⇒ Object
24 25 26 27 28 29 |
# File 'lib/gitlab/graphql/authz/boundary_extractor.rb', line 24 def extract resource = standalone_boundary? ? @boundary_accessor.to_sym : extract_resource return if resource.nil? ::Authz::Boundary.for(resource) end |