Merge pull request #711 from code0-tech/695-adjust-queryorganizations-to-return-all-organizations-visible-to-the-current-user

Taucher2003 · web-flow · commit 61155dceb86d · 2025-11-23T15:39:58.000+01:00
Admin can query all organizations
diff --git a/app/graphql/types/query_type.rb b/app/graphql/types/query_type.rb
@@ -89,6 +89,8 @@ def organization(**args)
     end
 
     def organizations
+      return Organization.all if current_user&.admin?
+
       OrganizationsFinder.new(namespace_member_user: current_user).execute
     end
 
diff --git a/app/policies/base_policy.rb b/app/policies/base_policy.rb
@@ -21,4 +21,5 @@ def user
   # rubocop:enable Rails/Delegate
 
   condition(:anonymous) { authentication.nil? || authentication.type == :none }
+  condition(:admin) { user&.admin? }
 end
diff --git a/app/policies/concerns/customizable_permission.rb b/app/policies/concerns/customizable_permission.rb
@@ -13,12 +13,14 @@ def namespace_resolver(&block)
     def customizable_permission(ability)
       condition(ability) { user_has_ability?(ability, user, subject) }
 
-      rule { send(ability) | admin }.enable ability
+      rule { send(ability) | namespace_admin }.enable ability
     end
   end
 
   included do
-    condition(:admin) { user_has_ability?(:namespace_administrator, user, subject) || can?(:namespace_administrator) }
+    condition(:namespace_admin) do
+      user_has_ability?(:namespace_administrator, user, subject) || can?(:namespace_administrator)
+    end
 
     def namespace(subject)
       @namespace ||= self.class.namespace_resolver_block.call(subject)
diff --git a/app/policies/namespace_policy.rb b/app/policies/namespace_policy.rb
@@ -8,6 +8,11 @@ class NamespacePolicy < BasePolicy
   condition(:is_user_namespace) { subject.user_type? }
   condition(:is_owner) { subject.parent == user }
 
+  rule { admin }.policy do
+    enable :namespace_administrator
+    enable :has_access
+  end
+
   rule { is_member }.enable :has_access
 
   rule { is_user_namespace & is_owner }.policy do
diff --git a/spec/requests/graphql/query/organizations_query_spec.rb b/spec/requests/graphql/query/organizations_query_spec.rb
@@ -27,6 +27,23 @@
     create(:organization) # organization where the user isn't a member
   end
 
+  context 'when admin' do
+    let(:current_user) { create(:user, :admin) }
+
+    before do
+      (1..3).each do |_|
+        create(:organization)
+      end
+
+      query!
+    end
+
+    it 'returns all organizations' do
+      organization_graphql_entities = Organization.all.map { |org| a_graphql_entity_for(org) }
+      expect(graphql_data_at(:organizations, :nodes)).to match_array(organization_graphql_entities)
+    end
+  end
+
   context 'when anonymous' do
     it 'does not return organizations' do
       query!
