enable graphiql in production for site admins

closes CNVS-39437 Change-Id: I9848d7577792939a65dabfc458a490a42f01d3d3 Reviewed-on: https://gerrit.instructure.com/127490 Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: Collin Parrish <cparrish@instructure.com> Tested-by: Jenkins Product-Review: Cameron Matheson <cameron@instructure.com>
2017-09-26 14:22:44 -06:00 · 2017-09-26 14:22:44 -06:00 · dc1ecf70fc
parent 61c56db3a5
commit dc1ecf70fc
2 changed files with 11 additions and 2 deletions
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@ -17,7 +17,8 @@ class GraphQLController < ApplicationController
  end

  def graphiql
-    if Rails.env.production?
+    if Rails.env.production? &&
+        !::Account.site_admin.grants_right?(@current_user, session, :read_as_admin)
       render plain: "unauthorized", status: :unauthorized
    else
      render :graphiql, layout: 'bare'
--- a/spec/controllers/graphql_controller_spec.rb
+++ b/spec/controllers/graphql_controller_spec.rb
@ -43,13 +43,21 @@ describe GraphQLController do
      expect(response.location).to match /\/login$/
    end

-    it "doesn't work in production" do
+    it "doesn't work in production for normal users" do
      allow(Rails.env).to receive(:production?).and_return(true)
      user_session(@student)
      get :graphiql
      expect(response.status).to eq 401
    end

+    it "works in production for site admins" do
+      allow(Rails.env).to receive(:production?).and_return(true)
+      site_admin_user(active_all: true)
+      user_session(@user)
+      get :graphiql
+      expect(response.status).to eq 200
+    end
+
    it "works" do
      user_session(@student)
      get :graphiql