Increase the info security of GraphQL to sensitive data.
Description
This change aims to modify how the subscriptions in GraphQL are exposed to the public. After these changes, the allSubscription query from GraphQL will check if the user is authenticated. We have 4 main changes here:
Any user not logged in will not be able to call any subscription query from GraphQL.
Super users can still access the data without restrictions.
A logged-in user can see only their own content related to the subscriptions.
If a user is not the owner of the subscription but is a subscriber to that subscription, they can still see it.
Checklist
[x] I have reviewed the code changes.
[x] I have tested the changes locally.
[x] I have updated the documentation if needed.
[ ] I have added/modified tests to ensure the changes are valid.
Purpose
Increase the info security of GraphQL to sensitive data.
Description
This change aims to modify how the subscriptions in GraphQL are exposed to the public. After these changes, the allSubscription query from GraphQL will check if the user is authenticated. We have 4 main changes here:
Checklist
Testing and evidence
User accessing their own subscription data: https://github.com/basedosdados/backend/assets/5381250/fe921aee-9df5-4ab1-b6b1-61ef371c283e
User accessing others' subscription data: https://github.com/basedosdados/backend/assets/5381250/842f2350-534d-4559-98c7-e7f12cdf5e21
Not logged-in user trying to access subscription data: https://github.com/basedosdados/backend/assets/5381250/4e285c97-7212-4879-a127-f1b5d0b974ba