Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: ad8b4770f8
Branches Tags
zammad
/
app
/
graphql
/
gql
/
mutations
/
base_mutation.rb

base_mutation.rb 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. module Gql::Mutations
    4. 

  4.   # class BaseMutation < GraphQL::Schema::RelayClassicMutation
    5. 

  5.   class BaseMutation < GraphQL::Schema::Mutation
    6. 

  6.     include Gql::Concerns::HandlesAuthorization
    7. 

  7.     include Gql::Concerns::HasNestedGraphqlName
    8. 

  8. 

  9.     # FIXME: Remove when all mutations are using services which are taking care of this flag.
    10. 

  10.     include Gql::Mutations::Concerns::HandlesCoreWorkflow
    11. 

  11. 

  12.     argument_class Gql::Types::BaseArgument
    13. 

  13.     field_class    Gql::Fields::BaseField
    14. 

  14.     object_class   Gql::Types::BaseObject
    15. 

  15.     # input_object_class Gql::Types::BaseInputObject
    16. 

  16. 

  17.     description 'Base class for all mutations'
    18. 

  18. 

  19.     field :errors, [Gql::Types::UserErrorType], description: 'Errors encountered during execution of the mutation.'
    20. 

  20. 

  21.     # Override this for mutations that don't need CSRF verification.
    22. 

  22.     def self.requires_csrf_verification?
    23. 

  23.       true
    24. 

  24.     end
    25. 

  25. 

  26.     def self.before_authorize(*args)
    27. 

  27.       ctx = args[-1] # This may be called with 2 or 3 params, context is last.
    28. 

  28.       # CSRF - since this is expensive it is only called by mutations.
    29. 

  29.       verify_csrf_token(ctx) if requires_csrf_verification?
    30. 

  30.     end
    31. 

  31. 

  32.     # Require authentication by default for mutations.
    33. 

  33.     def self.authorize(_obj, ctx)
    34. 

  34.       ctx.current_user
    35. 

  35.     end
    36. 

  36. 

  37.     def self.verify_csrf_token(ctx)
    38. 

  38.       return true if ctx[:is_graphql_introspection_generator]
    39. 

  39.       # Support :graphql type tests that don't use HTTP.
    40. 

  40.       return true if Rails.env.test? && !ctx[:controller]
    41. 

  41.       # Support developer workflows that need to turn off CSRF.
    42. 

  42.       return true if Rails.env.development? && ctx[:controller].request.headers['SkipAuthenticityTokenCheck'] == 'true'
    43. 

  43. 

  44.       ctx[:controller].send(:verify_csrf_token) # verify_csrf_token is private :(
    45. 

  45.     end
    46. 

  46. 

  47.     def self.register_in_schema(schema)
    48. 

  48.       schema.field graphql_field_name, mutation: self
    49. 

  49.     end
    50. 

  50. 

  51.     # Generate a response with user errors
    52. 

  52.     #
    53. 

  53.     #   error_response({ message: 'Helpful error message.', field: 'error_field' }, ...)
    54. 

  54.     #
    55. 

  55.     def error_response(*errors)
    56. 

  56.       { errors: errors }
    57. 

  57.     end
    58. 

  58.   end
    59. 

  59. end
    60.