diff --git a/packages/api-admin-users/src/graphql/user.gql.ts b/packages/api-admin-users/src/graphql/user.gql.ts index 4d12f8150f4..18f48f653fa 100644 --- a/packages/api-admin-users/src/graphql/user.gql.ts +++ b/packages/api-admin-users/src/graphql/user.gql.ts @@ -70,8 +70,10 @@ export default (params: CreateUserGraphQlPluginsParams) => { resolvers: { AdminUserIdentity: { async profile(identity, _, context) { - const adminUser = await context.adminUsers.getUser({ - where: { id: identity.id } + const adminUser = await context.security.withoutAuthorization(async () => { + return context.adminUsers.getUser({ + where: { id: identity.id } + }); }); if (adminUser) { @@ -82,17 +84,19 @@ export default (params: CreateUserGraphQlPluginsParams) => { // a "parent" tenant user, so naturally, his user profile lives in his original tenant. const tenant = context.tenancy.getCurrentTenant(); - return await context.adminUsers.getUser({ - where: { - id: identity.id, - /** - * TODO @ts-refactor @pavel - * What happens if tenant has no parent? - * Or is the getUser.where.tenant optional parameter? In that case, remove comments and make tenant param optional - */ - // @ts-ignore - tenant: tenant.parent - } + return context.security.withoutAuthorization(async () => { + return context.adminUsers.getUser({ + where: { + id: identity.id, + /** + * TODO @ts-refactor @pavel + * What happens if tenant has no parent? + * Or is the getUser.where.tenant optional parameter? In that case, remove comments and make tenant param optional + */ + // @ts-ignore + tenant: tenant.parent + } + }); }); }, __isTypeOf(obj: SecurityIdentity) {