• Luke Duncalfe's avatar
    Removing sensitive properties from ProjectType · fdf34470
    Luke Duncalfe authored
    defaultBranch and ciConfigPath should only be available to users with
    the :download_code permission for the Project, as the respository might
    be private.
    
    When implementing the authorize check on these properties, it was
    found that our current Graphql::Authorize::Instrumentation class does
    not work with fields that resolve to subclasses of
    GraphQL::Schema::Scalar, like GraphQL::STRING_TYPE.
    
    After discussion with other Create Team members, it has been decided
    that because the GraphQL API is not GA, to remove these properties from
    ProjectType, and instead implement them as part of epic
    https://gitlab.com/groups/gitlab-org/-/epics/711
    
    Issue:
    https://gitlab.com/gitlab-org/gitlab-ce/issues/55316
    fdf34470
project_type.rb 2.97 KB