From dc62f6c914971263ef72bfd442bbcb2152b36564 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alberto=20Miedes=20Garc=C3=A9s?= <albertomg994@gmail.com>
Date: Wed, 12 Oct 2016 17:28:01 +0200
Subject: [PATCH] Skip authorization check in GraphQL controller

---
 app/controllers/graphql_controller.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index 86ea423da..665e6b93d 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -1,8 +1,6 @@
 class GraphqlController < ApplicationController
 
-  # (!!) Está autorizando todos los resources, no sólo Proposal ¿por qué?
-  # (!!) Nos da acceso a recursos a los que se supone que no tenemos acceso, cómo 'Geozones', ¿por qué?
-  authorize_resource :proposal
+  skip_authorization_check
 
   def query
     render json: ConsulSchema.execute(