From fe2546dbbbb7c8c5cfcf1a6f0457240788a73b47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alberto=20Miedes=20Garc=C3=A9s?= <albertomg994@gmail.com>
Date: Sat, 1 Oct 2016 08:50:16 +0200
Subject: [PATCH] Added clarifying comments related to security

---
 app/controllers/graphql_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb
index bf9858a7d..86ea423da 100644
--- a/app/controllers/graphql_controller.rb
+++ b/app/controllers/graphql_controller.rb
@@ -1,4 +1,7 @@
 class GraphqlController < ApplicationController
+
+  # (!!) Está autorizando todos los resources, no sólo Proposal ¿por qué?
+  # (!!) Nos da acceso a recursos a los que se supone que no tenemos acceso, cómo 'Geozones', ¿por qué?
   authorize_resource :proposal
 
   def query