Commit 901bcfba authored by Adam Hegyi's avatar Adam Hegyi

Drop AuthorizeTypes offense in instance statistics

This MR fixes the Graphql/AuthorizeTypes by introducing a policy for the
instance statistics measurement model.
parent ae1f26ee
# frozen_string_literal: true # frozen_string_literal: true
# rubocop:disable Graphql/AuthorizeTypes
module Types module Types
module Admin module Admin
module Analytics module Analytics
module InstanceStatistics module InstanceStatistics
class MeasurementType < BaseObject class MeasurementType < BaseObject
include Gitlab::Graphql::Authorize::AuthorizeResource
graphql_name 'InstanceStatisticsMeasurement' graphql_name 'InstanceStatisticsMeasurement'
description 'Represents a recorded measurement (object count) for the Admins' description 'Represents a recorded measurement (object count) for the Admins'
authorize :read_instance_statistics_measurements
field :recorded_at, Types::TimeType, null: true, field :recorded_at, Types::TimeType, null: true,
description: 'The time the measurement was recorded' description: 'The time the measurement was recorded'
......
# frozen_string_literal: true
module Analytics
module InstanceStatistics
class MeasurementPolicy < BasePolicy
delegate { :global }
end
end
end
...@@ -100,6 +100,7 @@ class GlobalPolicy < BasePolicy ...@@ -100,6 +100,7 @@ class GlobalPolicy < BasePolicy
enable :update_custom_attribute enable :update_custom_attribute
enable :approve_user enable :approve_user
enable :reject_user enable :reject_user
enable :read_instance_statistics_measurements
end end
# We can't use `read_statistics` because the user may have different permissions for different projects # We can't use `read_statistics` because the user may have different permissions for different projects
......
...@@ -8,4 +8,48 @@ RSpec.describe GitlabSchema.types['InstanceStatisticsMeasurement'] do ...@@ -8,4 +8,48 @@ RSpec.describe GitlabSchema.types['InstanceStatisticsMeasurement'] do
it { is_expected.to have_graphql_field(:recorded_at) } it { is_expected.to have_graphql_field(:recorded_at) }
it { is_expected.to have_graphql_field(:identifier) } it { is_expected.to have_graphql_field(:identifier) }
it { is_expected.to have_graphql_field(:count) } it { is_expected.to have_graphql_field(:count) }
describe 'authorization' do
let_it_be(:measurement) { create(:instance_statistics_measurement, :project_count) }
let(:user) { create(:user) }
let(:query) do
<<~GRAPHQL
query instanceStatisticsMeasurements($identifier: MeasurementIdentifier!) {
instanceStatisticsMeasurements(identifier: $identifier) {
nodes {
count
identifier
}
}
}
GRAPHQL
end
subject do
GitlabSchema.execute(
query,
variables: { identifier: 'PROJECTS' },
context: { current_user: user }
).to_h
end
context 'when the user is not admin' do
it 'returns no data' do
expect(subject.dig('data', 'instanceStatisticsMeasurements')).to be_nil
end
end
context 'when user is an admin' do
let(:user) { create(:user, :admin) }
before do
stub_feature_flags(user_mode_in_session: false)
end
it 'returns data' do
expect(subject.dig('data', 'instanceStatisticsMeasurements', 'nodes')).not_to be_empty
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment