From 7bf4b80d8d08d2f38a1c97b86b6d97b83474dbd5 Mon Sep 17 00:00:00 2001
From: Heinrich Lee Yu <heinrich@gitlab.com>
Date: Mon, 19 Apr 2021 17:19:08 +0800
Subject: [PATCH] Skip redaction for skipped fields

Subscriptions can sometimes return GraphQL::Execution::Execute::SKIP
when there is no update
---
 .../authorize/connection_filter_extension.rb  |  2 ++
 spec/graphql/features/authorization_spec.rb   | 20 +++++++++++++++++++
 .../namespace_projects_resolver_spec.rb       |  2 +-
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/gitlab/graphql/authorize/connection_filter_extension.rb b/lib/gitlab/graphql/authorize/connection_filter_extension.rb
index 20526e19c2a50..c75510df3e30a 100644
--- a/lib/gitlab/graphql/authorize/connection_filter_extension.rb
+++ b/lib/gitlab/graphql/authorize/connection_filter_extension.rb
@@ -37,6 +37,8 @@ def remove_unauthorized(nodes)
         end
 
         def after_resolve(value:, context:, **rest)
+          return value if value.is_a?(GraphQL::Execution::Execute::Skip)
+
           if @field.connection?
             redact_connection(value, context)
           elsif @field.type.list?
diff --git a/spec/graphql/features/authorization_spec.rb b/spec/graphql/features/authorization_spec.rb
index d2a6b91d1c235..64e423e2bf8f6 100644
--- a/spec/graphql/features/authorization_spec.rb
+++ b/spec/graphql/features/authorization_spec.rb
@@ -376,6 +376,26 @@
     end
   end
 
+  describe 'Authorization on GraphQL::Execution::Execute::SKIP' do
+    let(:type) do
+      type_factory do |type|
+        type.authorize permission_single
+      end
+    end
+
+    let(:query_type) do
+      query_factory do |query|
+        query.field :item, [type], null: true, resolver: new_resolver(GraphQL::Execution::Execute::SKIP)
+      end
+    end
+
+    it 'skips redaction' do
+      expect(Ability).not_to receive(:allowed?)
+
+      result
+    end
+  end
+
   private
 
   def permit(*permissions)
diff --git a/spec/graphql/resolvers/namespace_projects_resolver_spec.rb b/spec/graphql/resolvers/namespace_projects_resolver_spec.rb
index 147a02e1d79d7..618d012bd6df7 100644
--- a/spec/graphql/resolvers/namespace_projects_resolver_spec.rb
+++ b/spec/graphql/resolvers/namespace_projects_resolver_spec.rb
@@ -112,7 +112,7 @@
       subject(:projects) { resolve_projects(args) }
 
       let(:include_subgroups) { false }
-      let(:project_3) { create(:project, name: 'Project', path: 'project', namespace: namespace) }
+      let!(:project_3) { create(:project, name: 'Project', path: 'project', namespace: namespace) }
 
       context 'when ids is provided' do
         let(:ids) { [project_3.to_global_id.to_s] }
-- 
GitLab