Skip to content

Admin can query all organizations #711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 23, 2025
+29 −2
Merged

Admin can query all organizations #711

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions app/graphql/types/query_type.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,8 @@ def organization(**args)
end

def organizations
return Organization.all if current_user&.admin?

OrganizationsFinder.new(namespace_member_user: current_user).execute
end

Expand Down
1 change: 1 addition & 0 deletions app/policies/base_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,5 @@ def user
# rubocop:enable Rails/Delegate

condition(:anonymous) { authentication.nil? || authentication.type == :none }
condition(:admin) { user&.admin? }
end
6 changes: 4 additions & 2 deletions app/policies/concerns/customizable_permission.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,14 @@ def namespace_resolver(&block)
def customizable_permission(ability)
condition(ability) { user_has_ability?(ability, user, subject) }

rule { send(ability) | admin }.enable ability
rule { send(ability) | namespace_admin }.enable ability
end
end

included do
condition(:admin) { user_has_ability?(:namespace_administrator, user, subject) || can?(:namespace_administrator) }
condition(:namespace_admin) do
user_has_ability?(:namespace_administrator, user, subject) || can?(:namespace_administrator)
end

def namespace(subject)
@namespace ||= self.class.namespace_resolver_block.call(subject)
Expand Down
5 changes: 5 additions & 0 deletions app/policies/namespace_policy.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ class NamespacePolicy < BasePolicy
condition(:is_user_namespace) { subject.user_type? }
condition(:is_owner) { subject.parent == user }

rule { admin }.policy do
enable :namespace_administrator
enable :has_access
end

rule { is_member }.enable :has_access

rule { is_user_namespace & is_owner }.policy do
Expand Down
17 changes: 17 additions & 0 deletions spec/requests/graphql/query/organizations_query_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,23 @@
create(:organization) # organization where the user isn't a member
end

context 'when admin' do
let(:current_user) { create(:user, :admin) }

before do
(1..3).each do |_|
create(:organization)
end

query!
end

it 'returns all organizations' do
organization_graphql_entities = Organization.all.map { |org| a_graphql_entity_for(org) }
expect(graphql_data_at(:organizations, :nodes)).to match_array(organization_graphql_entities)
end
end

context 'when anonymous' do
it 'does not return organizations' do
query!
Expand Down