From 780cd7b8fa95d54b1676fef08c207f576d422403 Mon Sep 17 00:00:00 2001
From: Adrian Smijulj <adrian1358@gmail.com>
Date: Sun, 17 Mar 2019 16:09:38 +0100
Subject: [PATCH] fix: site settings must be accessible by non-logged-in users
 (#481)

---
 .../src/plugins/api/index.js                                   | 3 ---
 .../webiny-integration-mailchimp/src/plugins/api/index.js      | 3 ---
 packages/demo-api/src/configs/development.js                   | 2 +-
 packages/demo-api/src/configs/production.js                    | 2 +-
 packages/webiny-api-cms/src/plugins/graphql.js                 | 3 ---
 5 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/independent/webiny-integration-google-tag-manager/src/plugins/api/index.js b/independent/webiny-integration-google-tag-manager/src/plugins/api/index.js
index 06bca237a5b..312dde72dac 100644
--- a/independent/webiny-integration-google-tag-manager/src/plugins/api/index.js
+++ b/independent/webiny-integration-google-tag-manager/src/plugins/api/index.js
@@ -19,9 +19,6 @@ export default [
         resolvers: {},
         security: {
             shield: {
-                SettingsQuery: {
-                    googleTagManager: hasScope("cms:settings")
-                },
                 SettingsMutation: {
                     googleTagManager: hasScope("cms:settings")
                 }
diff --git a/independent/webiny-integration-mailchimp/src/plugins/api/index.js b/independent/webiny-integration-mailchimp/src/plugins/api/index.js
index deaf165ce14..df6654641a4 100644
--- a/independent/webiny-integration-mailchimp/src/plugins/api/index.js
+++ b/independent/webiny-integration-mailchimp/src/plugins/api/index.js
@@ -102,9 +102,6 @@ export default [
                 },
                 MailchimpQuery: {
                     listLists: hasScope("cms:editor")
-                },
-                MailchimpMutation: {
-                    addToList: hasScope("cms:editor")
                 }
             }
         },
diff --git a/packages/demo-api/src/configs/development.js b/packages/demo-api/src/configs/development.js
index ddb4b5da607..7a60f473c20 100644
--- a/packages/demo-api/src/configs/development.js
+++ b/packages/demo-api/src/configs/development.js
@@ -39,7 +39,7 @@ export default async () => {
             }
         },
         security: {
-            enabled: false,
+            enabled: true,
             token: {
                 secret: process.env.WEBINY_JWT_SECRET,
                 expiresOn: () => addDays(new Date(), 30)
diff --git a/packages/demo-api/src/configs/production.js b/packages/demo-api/src/configs/production.js
index 479e9c7362f..44cc73586ed 100644
--- a/packages/demo-api/src/configs/production.js
+++ b/packages/demo-api/src/configs/production.js
@@ -21,7 +21,7 @@ export default async (context: Object) => {
             }
         },
         security: {
-            enabled: false,
+            enabled: true,
             token: {
                 secret: context.jwtSecret,
                 expiresOn: () => addDays(new Date(), 30)
diff --git a/packages/webiny-api-cms/src/plugins/graphql.js b/packages/webiny-api-cms/src/plugins/graphql.js
index b22aeb46201..48219ee1d26 100644
--- a/packages/webiny-api-cms/src/plugins/graphql.js
+++ b/packages/webiny-api-cms/src/plugins/graphql.js
@@ -79,9 +79,6 @@ export default {
                 updateElement: hasScope("cms:element:crud"),
                 deleteElement: hasScope("cms:element:crud")
             },
-            SettingsQuery: {
-                cms: hasScope("cms:settings")
-            },
             SettingsMutation: {
                 cms: hasScope("cms:settings")
             }