Hi All, Can somebody help me out with a connect permissions issue? The problem is that if I am a user and I get the project endpoint somehow. I can get the schema and with some knowledge of graphcool, I can signin and use my token to basically connect any model that has a user relation to myself. For example if a Post has a user relation and if I get the post id of someones post, I can simply call the connect mutation to assign that post to myself. I cannot disable the connect permission since if I disable it I would not be able to create a post with a userId param. Hope I have explained the problem well.

hi, i am using graphql backend with node. But i had the same issue. You can create a separate endpoint unprotected which can accept only specific mutations defined by you ex:`req.body.query.startsWith("mutation signinUserMutation")`. This was my other-way around for this situation. For schema introspection i used a third endpoint(unproteched) which is available only in development

Thanks for your response Cristian. I am not sure how that is supposed to work. I am using graphcool. Are you saying that I setup a proxy server?