From ef46f71c0dfd36122f73eb338f32eae9574d564f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Wed, 3 Jul 2019 22:22:32 +0200
Subject: [PATCH] Follow @mattwr18 code review :+1:

---
 backend/src/schema/resolvers/users.spec.js | 52 +++++++++++++---------
 backend/src/schema/types/type/User.gql     |  2 +-
 2 files changed, 31 insertions(+), 23 deletions(-)

diff --git a/backend/src/schema/resolvers/users.spec.js b/backend/src/schema/resolvers/users.spec.js
index bc95a026a..6f9b6dd3d 100644
--- a/backend/src/schema/resolvers/users.spec.js
+++ b/backend/src/schema/resolvers/users.spec.js
@@ -12,31 +12,39 @@ afterEach(async () => {
 
 describe('users', () => {
   describe('User', () => {
-    const query = `query($email: String) { User(email: $email) { id } }`
-    const variables = { email: 'any-email-address@example.org' }
-    beforeEach(() => {
-      client = new GraphQLClient(host)
-    })
-
-    it('is forbidden', async () => {
-      await expect(client.request(query, variables)).rejects.toThrow('Not Authorised')
-    })
-
-    describe('as admin', () => {
+    describe('query by email address', () => {
       beforeEach(async () => {
-        const userParams = {
-          role: 'admin',
-          email: 'admin@example.org',
-          password: '1234',
-        }
-        const factory = Factory()
-        await factory.create('User', userParams)
-        const headers = await login(userParams)
-        client = new GraphQLClient(host, { headers })
+        await factory.create('User', { name: 'Johnny', email: 'any-email-address@example.org' })
       })
 
-      it('is permitted', async () => {
-        await expect(client.request(query, variables)).resolves.toEqual({ User: [] })
+      const query = `query($email: String) { User(email: $email) { name } }`
+      const variables = { email: 'any-email-address@example.org' }
+      beforeEach(() => {
+        client = new GraphQLClient(host)
+      })
+
+      it('is forbidden', async () => {
+        await expect(client.request(query, variables)).rejects.toThrow('Not Authorised')
+      })
+
+      describe('as admin', () => {
+        beforeEach(async () => {
+          const userParams = {
+            role: 'admin',
+            email: 'admin@example.org',
+            password: '1234',
+          }
+          const factory = Factory()
+          await factory.create('User', userParams)
+          const headers = await login(userParams)
+          client = new GraphQLClient(host, { headers })
+        })
+
+        it('is permitted', async () => {
+          await expect(client.request(query, variables)).resolves.toEqual({
+            User: [{ name: 'Johnny' }],
+          })
+        })
       })
     })
   })
diff --git a/backend/src/schema/types/type/User.gql b/backend/src/schema/types/type/User.gql
index b11f9dea4..314f03521 100644
--- a/backend/src/schema/types/type/User.gql
+++ b/backend/src/schema/types/type/User.gql
@@ -141,7 +141,7 @@ type Query {
     first: Int
     offset: Int
     orderBy: [_UserOrdering]
-    filter: _UserFilter # adding this would expose email
+    filter: _UserFilter
   ): [User]
 }