Improve GraphQL field authorization DSL when authorizing for more than one permission

This issue was created from a discussion https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/25724#note_148246884):

When adding authorize: to a GraphQL field, we add it like this:

field :merge_request,
      Types::MergeRequestType,
      null: true,
      resolver: Resolvers::MergeRequestsResolver.single,
      authorize: :read_merge_request

However, if we want to provide an Array of abilities for authorize: the graphql-ruby library doesn't appear to handle parsing Array values. It appears to ultimately splat the Array along with the key into three arguments.

So this:

field :merge_request,
      Types::MergeRequestType,
      null: true,
      resolver: Resolvers::MergeRequestsResolver.single,
      authorize: [:read_merge_request, :another_permission]

Throws an error:

ArgumentError (wrong number of arguments (given 3, expected 1..2))

So instead, currently, we would need to do this:

field :merge_request,
      Types::MergeRequestType,
      null: true,
      resolver: Resolvers::MergeRequestsResolver.single do
        authorize [:read_merge_request, :another_permission]
      end

This is documented in the GraphQL API Styleguide.

We would like to be able to do the more intuitive version that doesn't require a block.

Note, that at time of writing we do not have any fields that require more than one ability for authorization.

Edited Aug 14, 2020 by 🤖 GitLab Bot 🤖