GraphQL Type authorization
What does this MR do?
Enables authorizations to be defined on GraphQL Types.
A single permission:
module Types
class ProjectType < BaseObject
authorize :read_project
end
end
A collection of permissions:
module Types
class ProjectType < BaseObject
authorize [:read_project, :another_permission]
end
end
Type and Field authorizations together
Permissions are cumulative, so where permissions are defined in both the Type and the Field:
class UserType
authorize :some_permission
end
class IssueType
field :author, UserType, authorize: :another_permission
end
The currently authenticated user would need both permissions on the User
.
Connection authorizations
Connection fields are checked by "digging" to find the type class of the "node" field in the expected location of edges->node
.
What are the relevant issue numbers?
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54417
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
Security reports checked/validated by reviewer
Edited by Luke Duncalfe