diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js
index 0c6723b4b..c070e536d 100644
--- a/src/middleware/permissionsMiddleware.js
+++ b/src/middleware/permissionsMiddleware.js
@@ -1,4 +1,4 @@
-import { rule, shield, allow } from 'graphql-shield'
+import { rule, shield, allow, or } from 'graphql-shield'
 
 /*
 * TODO: implement
@@ -11,36 +11,38 @@ const isAuthenticated = rule()(async (parent, args, ctx, info) => {
 const isAdmin = rule()(async (parent, args, ctx, info) => {
   return ctx.user.role === 'ADMIN'
 })
-const isModerator = rule()(async (parent, args, ctx, info) => {
-  return ctx.user.role === 'MODERATOR'
-})
 */
 
+const isModerator = rule()(async (parent, args, { user }, info) => {
+  return user && (user.role === 'moderator' || user.role === 'admin')
+})
+
 const isMyOwn = rule({ cache: 'no_cache' })(async (parent, args, ctx, info) => {
   return ctx.user.id === parent.id
 })
 
+const onlyEnabledContent = rule({ cache: 'strict' })(async (parent, args, ctx, info) => {
+  const { disabled, deleted } = args
+  return !(disabled || deleted)
+})
+
 // Permissions
 const permissions = shield({
   Query: {
     statistics: allow,
-    currentUser: allow
-    // fruits: and(isAuthenticated, or(isAdmin, isModerator)),
-    // customers: and(isAuthenticated, isAdmin)
+    currentUser: allow,
+    Post: or(onlyEnabledContent, isModerator)
   },
   Mutation: {
     CreatePost: isAuthenticated,
     // TODO UpdatePost: isOwner,
     // TODO DeletePost: isOwner,
     report: isAuthenticated
-    // addFruitToBasket: isAuthenticated
-    // CreateUser: allow,
   },
   User: {
     email: isMyOwn,
     password: isMyOwn
   }
-  // Post: isAuthenticated
 })
 
 export default permissions
diff --git a/src/middleware/softDeleteMiddleware.js b/src/middleware/softDeleteMiddleware.js
index abc742bb3..bed7b6ca0 100644
--- a/src/middleware/softDeleteMiddleware.js
+++ b/src/middleware/softDeleteMiddleware.js
@@ -1,4 +1,4 @@
-const normalize = (args) => {
+const setDefaults = (args) => {
   if (typeof args.deleted !== 'boolean') {
     args.deleted = false
   }
@@ -11,13 +11,13 @@ const normalize = (args) => {
 export default {
   Query: {
     Post: (resolve, root, args, context, info) => {
-      return resolve(root, normalize(args), context, info)
+      return resolve(root, setDefaults(args), context, info)
     },
     Comment: async (resolve, root, args, context, info) => {
-      return resolve(root, normalize(args), context, info)
+      return resolve(root, setDefaults(args), context, info)
     },
     User: async (resolve, root, args, context, info) => {
-      return resolve(root, normalize(args), context, info)
+      return resolve(root, setDefaults(args), context, info)
     }
   }
 }