all repos — caroster @ 1608cf0361137ddf0c6bb0c00b38cc4aadd5cb20

[Octree] Group carpool to your event https://caroster.io

fix: :bug: Fix notifications GraphQL method
Tim Izzo tim@5ika.ch
Mon, 17 Jun 2024 14:51:36 +0200
commit

1608cf0361137ddf0c6bb0c00b38cc4aadd5cb20

parent

5a283984fb3e693cc263e12974b8629d0a8a25ac

2 files changed, 19 insertions(+), 1 deletions(-)

jump to
M backend/config/permissions.tsbackend/config/permissions.ts 
@@ -8,7 +8,11 @@ "api::setting.setting.find",
   "api::stripe.stripe.handleWebhook",
 ];
 
-const authenticated = [...publicPerms, "plugin::users-permissions.user.me"];
+const authenticated = [
+  ...publicPerms,
+  "api::event.event.find",
+  "plugin::users-permissions.user.me",
+];
 
 export default {
   roles: {
M backend/src/index.tsbackend/src/index.ts 
@@ -13,8 +13,22 @@ graphqlExtends(context);
 
     // Because of bug https://github.com/strapi/strapi/issues/17995, we're forced
     // to enable "plugin::users-permissions.user" permission for Authenticated role.
+    // Disable REST endpoints
     context.strapi.controller("plugin::users-permissions.user").find = (ctx) =>
       ctx.unauthorized();
+    context.strapi.controller("api::event.event").find = (ctx) =>
+      ctx.unauthorized();
+    // Disable GQL methods
+    strapi
+      .plugin("graphql")
+      .service("extension")
+      .shadowCRUD("plugin::users-permissions.user")
+      .disableAction("find");
+    strapi
+      .plugin("graphql")
+      .service("extension")
+      .shadowCRUD("api::event.event")
+      .disableAction("find");
   },
 
   /**