From bd5a9d42a9ccf4c28bb990539bb09b31a1f8145a Mon Sep 17 00:00:00 2001
From: Enzo Mercanti <131273915+enzomerca@users.noreply.github.com>
Date: Wed, 14 Aug 2024 09:56:41 -0300
Subject: [PATCH] fix: add validateStoreUserAccess to APIs (#154)

---
 CHANGELOG.md           | 3 +++
 graphql/schema.graphql | 8 ++++----
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 81159ed..b84a6f8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Changed
+- Changed the token validation directive of some operations
+
 ## [1.43.5] - 2024-08-08
 
 ### Fixed
diff --git a/graphql/schema.graphql b/graphql/schema.graphql
index 2c9a289..1ca7d69 100644
--- a/graphql/schema.graphql
+++ b/graphql/schema.graphql
@@ -23,7 +23,7 @@ type Query {
     @cacheControl(scope: PRIVATE, maxAge: SHORT)
     @withSender
 
-  getUser(id: ID!): User @cacheControl(scope: PRIVATE) @checkUserAccess
+  getUser(id: ID!): User @cacheControl(scope: PRIVATE) @validateStoreUserAccess
   getB2BUser(id: ID!): User @cacheControl(scope: PRIVATE)
 
   checkCustomerSchema: Boolean @cacheControl(scope: PRIVATE) @withSender
@@ -43,7 +43,7 @@ type Query {
     @deprecated(
       reason: "This query is deprecated, use listUsersPaginated query instead."
     )
-    @checkUserAccess
+    @validateStoreUserAccess
 
   listUsersPaginated(
     organizationId: ID
@@ -56,7 +56,7 @@ type Query {
     sortedBy: String
   ): UserPagination
     @cacheControl(scope: PRIVATE, maxAge: SHORT)
-    @checkUserAccess
+    @validateStoreUserAccess
 
   checkImpersonation: UserImpersonation
     @settings(settingsType: "workspace")
@@ -81,7 +81,7 @@ type Query {
 
   getOrganizationsByEmail(email: String!): [Organization]
     @cacheControl(scope: PRIVATE)
-    @checkUserAccess
+    @validateStoreUserAccess
 }
 
 type Mutation {