Created by: Tirokk
Authored by roschaefer Merged
This Pull Request throw an authorization error on all Queries/Mutations by default, unless we explicitly specifiy how authorization should behave.
The types on the other hand will be allowed by default. The types are checked after the resolver of the query/mutation has been called, the db requests have resolved and the response is on its way out. We e.g. have some extra checks on the email
, password
, and privateKey
field of the user, so those attributes can never be read.
@Mastercuber there are two failing cucumber scenarios now. I disabled these cucumber scenarios for reasons I explained in the commit message.