Merge pull request #654 from code0-tech/expose-abilities

Expose mutation abilities for each type

Author: Taucher2003

app/graphql/sagittarius_schema.rb

@@ -57,4 +57,6 @@ def self.object_from_id(global_id, query_ctx = nil)
 # rubocop:enable GraphQL/MaxDepthSchema
 # rubocop:enable GraphQL/MaxComplexitySchema
 
-Types::BaseObject.instance_variable_set(:@user_ability_types, nil) # release temporary type map
+if Types::BaseObject.instance_variable_defined?(:@user_ability_types)
+  Types::BaseObject.remove_instance_variable(:@user_ability_types) # release temporary type map
+end

app/graphql/types/base_object.rb

@@ -24,7 +24,7 @@ def self.timestamps(entity_name = graphql_name)
       field :updated_at, Types::TimeType, null: false, description: "Time when this #{entity_name} was last updated"
     end
 
-    def self.expose_abilities(abilities, entity_name = graphql_name)
+    def self.expose_abilities(abilities, entity_name: graphql_name, subject_resolver: nil)
       @user_ability_types ||= {}
 
       type_class = @user_ability_types.fetch("#{entity_name}UserAbilities", nil)
@@ -43,10 +43,11 @@ def self.expose_abilities(abilities, entity_name = graphql_name)
         abilities.each do |ability|
           field ability, Boolean,
                 null: false,
-                description: "Shows if the current user can #{ability} in this #{entity_name}"
+                description: "Shows if the current user has the `#{ability}` ability on this #{entity_name}"
 
           define_method(ability) do
-            Ability.allowed?(current_user, ability, object)
+            subject = subject_resolver.nil? ? object : subject_resolver.call
+            Ability.allowed?(current_authentication, ability, subject)
           end
         end
       end

app/graphql/types/flow_type.rb

@@ -30,6 +30,10 @@ class FlowType < Types::BaseObject
           description: 'Nodes of the flow',
           method: :collect_node_functions
 
+    expose_abilities %i[
+      delete_flow
+    ]
+
     id_field Flow
     timestamps
 

app/graphql/types/namespace_member_type.rb

@@ -12,6 +12,11 @@ class NamespaceMemberType < Types::BaseObject
     field :member_roles, NamespaceMemberRoleType.connection_type, null: false, description: 'Memberroles of the member'
     field :roles, NamespaceRoleType.connection_type, null: false, description: 'Roles of the member'
 
+    expose_abilities %i[
+      assign_member_roles
+      delete_member
+    ]
+
     id_field NamespaceMember
     timestamps
   end

app/graphql/types/namespace_project_type.rb

@@ -23,6 +23,13 @@ class NamespaceProjectType < Types::BaseObject
 
     field :flows, Types::FlowType.connection_type, null: true, description: 'Fetches all flows in this project'
 
+    expose_abilities %i[
+      create_flow
+      assign_project_runtimes
+      delete_namespace_project
+      update_namespace_project
+    ]
+
     id_field NamespaceProject
     timestamps
 

app/graphql/types/namespace_role_type.rb

@@ -15,6 +15,13 @@ class NamespaceRoleType < BaseObject
     field :assigned_projects, Types::NamespaceProjectType.connection_type,
           description: 'The projects this role is assigned to'
 
+    expose_abilities %i[
+      assign_role_abilities
+      assign_role_projects
+      delete_namespace_role
+      update_namespace_role
+    ]
+
     id_field ::NamespaceRole
     timestamps
 

app/graphql/types/namespace_type.rb

@@ -22,6 +22,13 @@ class NamespaceType < Types::BaseObject
     lookahead_field :members, base_scope: ->(object) { object.namespace_members },
                               conditional_lookaheads: { user: :user, namespace: :namespace }
 
+    expose_abilities %i[
+      invite_member
+      create_namespace_role
+      create_namespace_project
+      create_runtime
+    ]
+
     id_field Namespace
     timestamps
   end

app/graphql/types/organization_type.rb

@@ -13,6 +13,11 @@ class OrganizationType < Types::BaseObject
           description: 'Namespace of this organization',
           method: :ensure_namespace
 
+    expose_abilities %i[
+      delete_organization
+      update_organization
+    ]
+
     id_field Organization
     timestamps
   end

app/graphql/types/query_type.rb

@@ -44,6 +44,15 @@ class QueryType < Types::BaseObject
 
     field :global_runtimes, Types::RuntimeType.connection_type, null: false, description: 'Find runtimes'
 
+    expose_abilities %i[
+      create_organization
+      create_runtime
+      delete_runtime
+      update_runtime
+      rotate_runtime_token
+      update_application_setting
+    ], entity_name: 'Instance', subject_resolver: -> { :global }
+
     def node(id:)
       context.schema.object_from_id(id, context)
     end

app/graphql/types/runtime_type.rb

@@ -17,6 +17,12 @@ class RuntimeType < Types::BaseObject
 
     field :token, String, null: true, description: 'Token belonging to the runtime, only present on creation'
 
+    expose_abilities %i[
+      delete_runtime
+      update_runtime
+      rotate_runtime_token
+    ]
+
     id_field Runtime
     timestamps