From 60677e3d2a29902b86d04f902b6ae594f21ce576 Mon Sep 17 00:00:00 2001 From: Wyatt Johnson Date: Thu, 24 Aug 2017 13:07:44 -0600 Subject: [PATCH] cleaned up user query logic --- graph/resolvers/user.js | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/graph/resolvers/user.js b/graph/resolvers/user.js index e566a6af0..c2818bd20 100644 --- a/graph/resolvers/user.js +++ b/graph/resolvers/user.js @@ -24,13 +24,16 @@ const User = { }, comments({id}, {query}, {loaders: {Comments}, user}) { - // If the user is not an admin, only return comment list for the owner of - // the comments. - if (user && (user.can(SEARCH_OTHERS_COMMENTS) || user.id === id)) { - return Comments.getByQuery(Object.assign({}, query, {author_id: id})); + // If there is no user, or there is a user, but they are requesting someone + // else's comments, and they aren't allowed, don't return then anything! + if (!user || (user.id !== id && !user.can(SEARCH_OTHERS_COMMENTS))) { + return null; } - return null; + // Set the author id on the query. + query.author_id = id; + + return Comments.getByQuery(query); }, profiles({profiles}, _, {user}) {