From a51694278530a7ace0c7cc7ea5f1cddab737a721 Mon Sep 17 00:00:00 2001
From: Dan Debrunner <ddebrunner@users.noreply.github.com>
Date: Wed, 28 Aug 2024 09:50:11 -0400
Subject: [PATCH 1/2] chore: switch to field access rules for makeAllPublic

---
 protection/makeAllPublic/config.yaml | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/protection/makeAllPublic/config.yaml b/protection/makeAllPublic/config.yaml
index 535895c..9fed8f4 100644
--- a/protection/makeAllPublic/config.yaml
+++ b/protection/makeAllPublic/config.yaml
@@ -1,10 +1,8 @@
-# This is a blanket way to make all endpoints public, i.e. not requiring an API Key or JWT.
+# This is a blanket way to make all Query endpoints public, i.e. not requiring an API Key or JWT.
 # For example, you would typically do this for your product catalog queries.
-# Remember to test this not through the localhost proxy 
-# that automatically sets the Apikey to be the admin key and bypasses these permissions,
-# but use separate a GraphQL or API client to check these.
-ruleset:
-  - query: "[ALL]"
-    rules:
-      - predicate: true
-        action: allow
\ No newline at end of file
+# Remember to test this not through a GraphQL client that does not automatically set an api or admin key.
+access:
+  policies:
+    - type: Query
+      policyDefault:
+        condition: true # allow all fields in Query with no authorization

From 84cda1e10124f46c93c627c01683f2f131b2cc72 Mon Sep 17 00:00:00 2001
From: Dan Debrunner <ddebrunner@users.noreply.github.com>
Date: Thu, 5 Sep 2024 22:55:25 -0400
Subject: [PATCH 2/2] chore: cleanup

---
 protection/makeAllPublic/config.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/protection/makeAllPublic/config.yaml b/protection/makeAllPublic/config.yaml
index 9fed8f4..22f421f 100644
--- a/protection/makeAllPublic/config.yaml
+++ b/protection/makeAllPublic/config.yaml
@@ -1,6 +1,6 @@
-# This is a blanket way to make all Query endpoints public, i.e. not requiring an API Key or JWT.
+# This is a blanket way to make all Query fields public, i.e. not requiring an API Key or JWT.
 # For example, you would typically do this for your product catalog queries.
-# Remember to test this not through a GraphQL client that does not automatically set an api or admin key.
+# Remember to test this through a GraphQL client that does not automatically set an api or admin key.
 access:
   policies:
     - type: Query