From 7a70b9ece4ebee4f862e4c2b5ba953886fdd13a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Wed, 20 Feb 2019 00:46:27 +0100
Subject: [PATCH] Implement authorization on Post mutations

---
 src/middleware/permissionsMiddleware.js | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js
index 0dd4a9a86..7db516e11 100644
--- a/src/middleware/permissionsMiddleware.js
+++ b/src/middleware/permissionsMiddleware.js
@@ -16,7 +16,7 @@ const isModerator = rule()(async (parent, args, ctx, info) => {
 })
 */
 
-const isOwner = rule({ cache: 'no_cache' })(async (parent, args, ctx, info) => {
+const myself = rule({ cache: 'no_cache' })(async (parent, args, ctx, info) => {
   return ctx.user.id === parent.id
 })
 
@@ -28,13 +28,16 @@ const permissions = shield({
     // customers: and(isAuthenticated, isAdmin)
   },
   Mutation: {
-    report: isAuthenticated
+    CreatePost: isAuthenticated,
+    // TODO UpdatePost: isOwner,
+    // TODO DeletePost: isOwner,
+    report: isAuthenticated,
     // addFruitToBasket: isAuthenticated
     // CreateUser: allow,
   },
   User: {
-    email: isOwner,
-    password: isOwner
+    email: myself,
+    password: myself
   }
   // Post: isAuthenticated
 })