Maintenance: Add pundit helpers to graphql DSL

app/graphql/gql/concerns/handles_authorization.rb

@@ -19,6 +19,18 @@ module Gql::Concerns::HandlesAuthorization
       true # Authorization is granted by default.
     end
 
+    # Helper method to check pundit authorization of the current user for a given object.
+    def pundit_authorize!(record, query = :show?)
+      Pundit.authorize(context.current_user, record, query)
+    end
+
+    # Helper method to check pundit authorization of the current user for a given object.
+    def pundit_authorized?(record, query = :show?)
+      # Invoke policy directly to get back the actual result,
+      #   not the original object as returned by 'authorize'.
+      Pundit.policy(context.current_user, record).public_send(query)
+    end
+
     #
     # Internal methods
     #

app/graphql/gql/mutations/online_notification/delete.rb

@@ -14,7 +14,7 @@ module Gql::Mutations
     end
 
     def authorized?(online_notification:)
-      Pundit.authorize(context.current_user, online_notification, :destroy?)
+      pundit_authorized?(online_notification, :destroy?)
     end
   end
 end

app/graphql/gql/mutations/online_notification/mark_all_as_seen.rb

@@ -9,7 +9,7 @@ module Gql::Mutations
 
     def authorized?(online_notifications:)
       online_notifications.all? do |elem|
-        Pundit.authorize(context.current_user, elem, :update?)
+        pundit_authorized?(elem, :update?)
       end
     end
 

app/graphql/gql/mutations/online_notification/seen.rb

@@ -10,7 +10,7 @@ module Gql::Mutations
 
     def authorized?(object_id:)
       relevant_notifications(object_id).all? do |notification|
-        Pundit.authorize(context.current_user, notification, :update?)
+        pundit_authorized?(notification, :update?)
       end
     end
 

app/graphql/gql/mutations/ticket/article/delete.rb

@@ -14,7 +14,7 @@ module Gql::Mutations
     end
 
     def authorized?(article:)
-      Pundit.authorize(context.current_user, article, :destroy?)
+      pundit_authorized?(article, :destroy?)
     end
   end
 end

app/graphql/gql/mutations/ticket/article/retry_media_download.rb

@@ -14,7 +14,7 @@ module Gql::Mutations
     end
 
     def authorized?(article:)
-      Pundit.authorize(context.current_user, article, :update?)
+      pundit_authorized?(article, :update?)
     end
 
     def resolve(article:)

app/graphql/gql/mutations/ticket/article/retry_security_process.rb

@@ -14,7 +14,7 @@ module Gql::Mutations
     end
 
     def authorized?(article:)
-      Pundit.authorize(context.current_user, article, :update?)
+      pundit_authorized?(article, :update?)
     end
 
     def resolve(article:)

app/graphql/gql/mutations/ticket/checklist/add.rb

@@ -10,7 +10,7 @@ module Gql::Mutations
     field :checklist, Gql::Types::ChecklistType, null: true, description: 'Created checklist'
 
     def authorized?(ticket:, template_id: nil)
-      Setting.get('checklist') && Pundit.authorize(context.current_user, ticket, :agent_update_access?)
+      Setting.get('checklist') && pundit_authorized?(ticket, :agent_update_access?)
     end
 
     def resolve(ticket:, template_id: nil)

app/graphql/gql/mutations/ticket/checklist/delete.rb

@@ -9,7 +9,7 @@ module Gql::Mutations
     field :success, Boolean, description: 'Was the mutation succcessful?'
 
     def authorized?(checklist:)
-      Pundit.authorize(context.current_user, checklist, :destroy?)
+      pundit_authorized?(checklist, :destroy?)
     end
 
     def resolve(checklist:)

app/graphql/gql/mutations/ticket/checklist/item_delete.rb

@@ -10,7 +10,7 @@ module Gql::Mutations
     field :success, Boolean, description: 'Was the mutation succcessful?'
 
     def authorized?(checklist:, checklist_item:)
-      Pundit.authorize(context.current_user, checklist_item, :destroy?)
+      pundit_authorized?(checklist_item, :destroy?)
     end
 
     def resolve(checklist:, checklist_item:)