From aead30f0abc3ee2b14784a72ddf230abd4829067 Mon Sep 17 00:00:00 2001
From: Darryl Hein <dhein@xmmedia.com>
Date: Thu, 5 Dec 2024 13:18:38 -0700
Subject: [PATCH] restrict admin send login link to only admin

---
 config/graphql/types/user.mutation.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/graphql/types/user.mutation.yaml b/config/graphql/types/user.mutation.yaml
index ac2259b5..46be1be8 100644
--- a/config/graphql/types/user.mutation.yaml
+++ b/config/graphql/types/user.mutation.yaml
@@ -103,6 +103,7 @@ UserMutation:
             AdminUserSendLoginLink:
                 type:        AdminUserLoginLinkMutationPayload!
                 description: 'Send a magic login link to a user.'
+                access:      '@=hasRole("ROLE_ADMIN")'
                 resolve:     '@=mutation("App\\GraphQl\\Mutation\\User\\AdminUserSendLoginLinkMutation", args["userId"])'
                 args:
                     userId: UserId!