From ac11d1fa6019b386112c4beef96908638d8a1193 Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 17 Mar 2022 09:55:15 +0100
Subject: [PATCH 1/7] store user entity created on authentication check in
 context to avoid further DB calls

---
 backend/src/graphql/directive/isAuthorized.ts |  1 +
 backend/src/graphql/resolver/UserResolver.ts  | 10 +++-------
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/backend/src/graphql/directive/isAuthorized.ts b/backend/src/graphql/directive/isAuthorized.ts
index 159a1614c..84756c45a 100644
--- a/backend/src/graphql/directive/isAuthorized.ts
+++ b/backend/src/graphql/directive/isAuthorized.ts
@@ -35,6 +35,7 @@ const isAuthorized: AuthChecker<any> = async ({ context }, rights) => {
   const userRepository = await getCustomRepository(UserRepository)
   try {
     const user = await userRepository.findByPubkeyHex(context.pubKey)
+    context.user = user
     const countServerUsers = await ServerUser.count({ email: user.email })
     context.role = countServerUsers > 0 ? ROLE_ADMIN : ROLE_USER
   } catch {
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 9896ddc97..39a983c2b 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -14,7 +14,6 @@ import UpdateUserInfosArgs from '@arg/UpdateUserInfosArgs'
 import { klicktippNewsletterStateMiddleware } from '@/middleware/klicktippMiddleware'
 import { UserSettingRepository } from '@repository/UserSettingRepository'
 import { Setting } from '@enum/Setting'
-import { UserRepository } from '@repository/User'
 import { LoginEmailOptIn } from '@entity/LoginEmailOptIn'
 import { sendResetPasswordEmail } from '@/mailer/sendResetPasswordEmail'
 import { sendAccountActivationEmail } from '@/mailer/sendAccountActivationEmail'
@@ -214,8 +213,7 @@ export class UserResolver {
   @UseMiddleware(klicktippNewsletterStateMiddleware)
   async verifyLogin(@Ctx() context: any): Promise<User> {
     // TODO refactor and do not have duplicate code with login(see below)
-    const userRepository = getCustomRepository(UserRepository)
-    const userEntity = await userRepository.findByPubkeyHex(context.pubKey)
+    const userEntity = context.user
     const user = new User(userEntity)
     // user.pubkey = userEntity.pubKey.toString('hex')
     // Elopage Status & Stored PublisherId
@@ -585,8 +583,7 @@ export class UserResolver {
     }: UpdateUserInfosArgs,
     @Ctx() context: any,
   ): Promise<boolean> {
-    const userRepository = getCustomRepository(UserRepository)
-    const userEntity = await userRepository.findByPubkeyHex(context.pubKey)
+    const userEntity = context.user
 
     if (firstName) {
       userEntity.firstName = firstName
@@ -664,8 +661,7 @@ export class UserResolver {
   @Authorized([RIGHTS.HAS_ELOPAGE])
   @Query(() => Boolean)
   async hasElopage(@Ctx() context: any): Promise<boolean> {
-    const userRepository = getCustomRepository(UserRepository)
-    const userEntity = await userRepository.findByPubkeyHex(context.pubKey).catch()
+    const userEntity = context.user
     if (!userEntity) {
       return false
     }

From fd9292b3d5ca6f97658f840d425e086ad4f1694b Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 17 Mar 2022 09:57:19 +0100
Subject: [PATCH 2/7] user context in admin interface

---
 backend/src/graphql/resolver/AdminResolver.ts | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts
index f116c3968..f0210dc8d 100644
--- a/backend/src/graphql/resolver/AdminResolver.ts
+++ b/backend/src/graphql/resolver/AdminResolver.ts
@@ -129,8 +129,7 @@ export class AdminResolver {
       throw new Error(`Could not find user with userId: ${userId}`)
     }
     // moderator user disabled own account?
-    const userRepository = getCustomRepository(UserRepository)
-    const moderatorUser = await userRepository.findByPubkeyHex(context.pubKey)
+    const moderatorUser = context.user
     if (moderatorUser.id === userId) {
       throw new Error('Moderator can not delete his own account!')
     }
@@ -294,8 +293,7 @@ export class AdminResolver {
   @Mutation(() => Boolean)
   async confirmPendingCreation(@Arg('id') id: number, @Ctx() context: any): Promise<boolean> {
     const pendingCreation = await AdminPendingCreation.findOneOrFail(id)
-    const userRepository = getCustomRepository(UserRepository)
-    const moderatorUser = await userRepository.findByPubkeyHex(context.pubKey)
+    const moderatorUser = context.user
     if (moderatorUser.id === pendingCreation.userId)
       throw new Error('Moderator can not confirm own pending creation')
 

From b44ef7175616a9956eec4e7f0d9d49306fa76425 Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 17 Mar 2022 10:05:07 +0100
Subject: [PATCH 3/7] no double DB calls to get user from db in resolvers

---
 backend/src/graphql/resolver/BalanceResolver.ts    |  6 +-----
 backend/src/graphql/resolver/GdtResolver.ts        |  5 +----
 .../graphql/resolver/TransactionLinkResolver.ts    | 14 ++++----------
 .../src/graphql/resolver/TransactionResolver.ts    |  3 +--
 4 files changed, 7 insertions(+), 21 deletions(-)

diff --git a/backend/src/graphql/resolver/BalanceResolver.ts b/backend/src/graphql/resolver/BalanceResolver.ts
index 12d5b2ba4..09d2fdc92 100644
--- a/backend/src/graphql/resolver/BalanceResolver.ts
+++ b/backend/src/graphql/resolver/BalanceResolver.ts
@@ -2,9 +2,7 @@
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 
 import { Resolver, Query, Ctx, Authorized } from 'type-graphql'
-import { getCustomRepository } from '@dbTools/typeorm'
 import { Balance } from '@model/Balance'
-import { UserRepository } from '@repository/User'
 import { calculateDecay } from '@/util/decay'
 import { RIGHTS } from '@/auth/RIGHTS'
 import { Transaction } from '@entity/Transaction'
@@ -16,9 +14,7 @@ export class BalanceResolver {
   @Query(() => Balance)
   async balance(@Ctx() context: any): Promise<Balance> {
     // load user and balance
-    const userRepository = getCustomRepository(UserRepository)
-
-    const user = await userRepository.findByPubkeyHex(context.pubKey)
+    const { user } = context
     const now = new Date()
 
     const lastTransaction = await Transaction.findOne(
diff --git a/backend/src/graphql/resolver/GdtResolver.ts b/backend/src/graphql/resolver/GdtResolver.ts
index c8c4cb331..26ae9b210 100644
--- a/backend/src/graphql/resolver/GdtResolver.ts
+++ b/backend/src/graphql/resolver/GdtResolver.ts
@@ -2,12 +2,10 @@
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 
 import { Resolver, Query, Args, Ctx, Authorized, Arg } from 'type-graphql'
-import { getCustomRepository } from '@dbTools/typeorm'
 import CONFIG from '@/config'
 import { GdtEntryList } from '@model/GdtEntryList'
 import Paginated from '@arg/Paginated'
 import { apiGet } from '@/apis/HttpRequest'
-import { UserRepository } from '@repository/User'
 import { Order } from '@enum/Order'
 import { RIGHTS } from '@/auth/RIGHTS'
 
@@ -22,8 +20,7 @@ export class GdtResolver {
     @Ctx() context: any,
   ): Promise<GdtEntryList> {
     // load user
-    const userRepository = getCustomRepository(UserRepository)
-    const userEntity = await userRepository.findByPubkeyHex(context.pubKey)
+    const userEntity = context.user
 
     try {
       const resultGDT = await apiGet(
diff --git a/backend/src/graphql/resolver/TransactionLinkResolver.ts b/backend/src/graphql/resolver/TransactionLinkResolver.ts
index 9e2af6111..ead82e182 100644
--- a/backend/src/graphql/resolver/TransactionLinkResolver.ts
+++ b/backend/src/graphql/resolver/TransactionLinkResolver.ts
@@ -2,11 +2,9 @@
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 
 import { Resolver, Args, Arg, Authorized, Ctx, Mutation, Query } from 'type-graphql'
-import { getCustomRepository } from '@dbTools/typeorm'
 import { TransactionLink } from '@model/TransactionLink'
 import { TransactionLink as dbTransactionLink } from '@entity/TransactionLink'
 import { User as dbUser } from '@entity/User'
-import { UserRepository } from '@repository/User'
 import TransactionLinkArgs from '@arg/TransactionLinkArgs'
 import Paginated from '@arg/Paginated'
 import { calculateBalance } from '@/util/validate'
@@ -42,8 +40,7 @@ export class TransactionLinkResolver {
     @Args() { amount, memo }: TransactionLinkArgs,
     @Ctx() context: any,
   ): Promise<TransactionLink> {
-    const userRepository = getCustomRepository(UserRepository)
-    const user = await userRepository.findByPubkeyHex(context.pubKey)
+    const { user } = context
 
     const createdDate = new Date()
     const validUntil = transactionLinkExpireDate(createdDate)
@@ -74,8 +71,7 @@ export class TransactionLinkResolver {
   @Authorized([RIGHTS.DELETE_TRANSACTION_LINK])
   @Mutation(() => Boolean)
   async deleteTransactionLink(@Arg('id') id: number, @Ctx() context: any): Promise<boolean> {
-    const userRepository = getCustomRepository(UserRepository)
-    const user = await userRepository.findByPubkeyHex(context.pubKey)
+    const { user } = context
 
     const transactionLink = await dbTransactionLink.findOne({ id })
     if (!transactionLink) {
@@ -116,8 +112,7 @@ export class TransactionLinkResolver {
     { currentPage = 1, pageSize = 5, order = Order.DESC }: Paginated,
     @Ctx() context: any,
   ): Promise<TransactionLink[]> {
-    const userRepository = getCustomRepository(UserRepository)
-    const user = await userRepository.findByPubkeyHex(context.pubKey)
+    const { user } = context
     // const now = new Date()
     const transactionLinks = await dbTransactionLink.find({
       where: {
@@ -137,8 +132,7 @@ export class TransactionLinkResolver {
   @Authorized([RIGHTS.REDEEM_TRANSACTION_LINK])
   @Mutation(() => Boolean)
   async redeemTransactionLink(@Arg('id') id: number, @Ctx() context: any): Promise<boolean> {
-    const userRepository = getCustomRepository(UserRepository)
-    const user = await userRepository.findByPubkeyHex(context.pubKey)
+    const { user } = context
     const transactionLink = await dbTransactionLink.findOneOrFail({ id })
     const linkedUser = await dbUser.findOneOrFail({ id: transactionLink.userId })
 
diff --git a/backend/src/graphql/resolver/TransactionResolver.ts b/backend/src/graphql/resolver/TransactionResolver.ts
index f64ba19e9..258ea9da6 100644
--- a/backend/src/graphql/resolver/TransactionResolver.ts
+++ b/backend/src/graphql/resolver/TransactionResolver.ts
@@ -256,8 +256,7 @@ export class TransactionResolver {
     @Ctx() context: any,
   ): Promise<boolean> {
     // TODO this is subject to replay attacks
-    const userRepository = getCustomRepository(UserRepository)
-    const senderUser = await userRepository.findByPubkeyHex(context.pubKey)
+    const senderUser = context.user
     if (senderUser.pubKey.length !== 32) {
       throw new Error('invalid sender public key')
     }

From 577ca00c460f2f30b77df77029f93f91f38d926d Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 17 Mar 2022 10:46:29 +0100
Subject: [PATCH 4/7] refactor transaction list query, do not allow user id an
 only creations as args any more. this query only return the transactions of
 the logged in user

---
 backend/src/graphql/arg/Paginated.ts          |  6 ------
 .../graphql/resolver/TransactionResolver.ts   | 19 +++----------------
 frontend/src/graphql/queries.js               | 14 ++------------
 3 files changed, 5 insertions(+), 34 deletions(-)

diff --git a/backend/src/graphql/arg/Paginated.ts b/backend/src/graphql/arg/Paginated.ts
index f365165de..97326caf2 100644
--- a/backend/src/graphql/arg/Paginated.ts
+++ b/backend/src/graphql/arg/Paginated.ts
@@ -11,10 +11,4 @@ export default class Paginated {
 
   @Field(() => Order, { nullable: true })
   order?: Order
-
-  @Field(() => Boolean, { nullable: true })
-  onlyCreations?: boolean
-
-  @Field(() => Int, { nullable: true })
-  userId?: number
 }
diff --git a/backend/src/graphql/resolver/TransactionResolver.ts b/backend/src/graphql/resolver/TransactionResolver.ts
index 258ea9da6..03640817f 100644
--- a/backend/src/graphql/resolver/TransactionResolver.ts
+++ b/backend/src/graphql/resolver/TransactionResolver.ts
@@ -17,7 +17,6 @@ import Paginated from '@arg/Paginated'
 
 import { Order } from '@enum/Order'
 
-import { UserRepository } from '@repository/User'
 import { TransactionRepository } from '@repository/Transaction'
 import { TransactionLinkRepository } from '@repository/TransactionLink'
 
@@ -131,22 +130,11 @@ export class TransactionResolver {
   @Query(() => TransactionList)
   async transactionList(
     @Args()
-    {
-      currentPage = 1,
-      pageSize = 25,
-      order = Order.DESC,
-      onlyCreations = false,
-      userId,
-    }: Paginated,
+    { currentPage = 1, pageSize = 25, order = Order.DESC }: Paginated,
     @Ctx() context: any,
   ): Promise<TransactionList> {
     const now = new Date()
-    // find user
-    const userRepository = getCustomRepository(UserRepository)
-    // TODO: separate those usecases - this is a security issue
-    const user = userId
-      ? await userRepository.findOneOrFail({ id: userId }, { withDeleted: true })
-      : await userRepository.findByPubkeyHex(context.pubKey)
+    const user = context.user
 
     // find current balance
     const lastTransaction = await dbTransaction.findOne(
@@ -182,7 +170,6 @@ export class TransactionResolver {
       pageSize,
       offset,
       order,
-      onlyCreations,
     )
 
     // find involved users; I am involved
@@ -208,7 +195,7 @@ export class TransactionResolver {
       await transactionLinkRepository.summary(user.id, now)
 
     // decay & link transactions
-    if (!onlyCreations && currentPage === 1 && order === Order.DESC) {
+    if (currentPage === 1 && order === Order.DESC) {
       transactions.push(
         virtualDecayTransaction(lastTransaction.balance, lastTransaction.balanceDate, now, self),
       )
diff --git a/frontend/src/graphql/queries.js b/frontend/src/graphql/queries.js
index 5887d585a..c2efe34d8 100644
--- a/frontend/src/graphql/queries.js
+++ b/frontend/src/graphql/queries.js
@@ -43,18 +43,8 @@ export const logout = gql`
 `
 
 export const transactionsQuery = gql`
-  query(
-    $currentPage: Int = 1
-    $pageSize: Int = 25
-    $order: Order = DESC
-    $onlyCreations: Boolean = false
-  ) {
-    transactionList(
-      currentPage: $currentPage
-      pageSize: $pageSize
-      order: $order
-      onlyCreations: $onlyCreations
-    ) {
+  query($currentPage: Int = 1, $pageSize: Int = 25, $order: Order = DESC) {
+    transactionList(currentPage: $currentPage, pageSize: $pageSize, order: $order) {
       balanceGDT
       count
       linkCount

From f21e0ed038340e5999af830b49a1dc74707d60db Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 17 Mar 2022 11:20:26 +0100
Subject: [PATCH 5/7] only creations transaction list with admin rights

---
 .../CreationTransactionListFormular.vue       |  7 ++-
 admin/src/graphql/creationTransactionList.js  | 22 ++++++++
 admin/src/graphql/transactionList.js          | 31 ------------
 backend/src/auth/RIGHTS.ts                    |  1 +
 backend/src/graphql/resolver/AdminResolver.ts | 50 +++++++++++++++----
 5 files changed, 65 insertions(+), 46 deletions(-)
 create mode 100644 admin/src/graphql/creationTransactionList.js
 delete mode 100644 admin/src/graphql/transactionList.js

diff --git a/admin/src/components/CreationTransactionListFormular.vue b/admin/src/components/CreationTransactionListFormular.vue
index 0b78ca4b8..ce2b136a4 100644
--- a/admin/src/components/CreationTransactionListFormular.vue
+++ b/admin/src/components/CreationTransactionListFormular.vue
@@ -5,7 +5,7 @@
   </div>
 </template>
 <script>
-import { transactionList } from '../graphql/transactionList'
+import { creationTransactionList } from '../graphql/creationTransactionList'
 export default {
   name: 'CreationTransactionList',
   props: {
@@ -51,17 +51,16 @@ export default {
     getTransactions() {
       this.$apollo
         .query({
-          query: transactionList,
+          query: creationTransactionList,
           variables: {
             currentPage: 1,
             pageSize: 25,
             order: 'DESC',
-            onlyCreations: true,
             userId: parseInt(this.userId),
           },
         })
         .then((result) => {
-          this.items = result.data.transactionList.transactions
+          this.items = result.data.creationTransactionList
         })
         .catch((error) => {
           this.toastError(error.message)
diff --git a/admin/src/graphql/creationTransactionList.js b/admin/src/graphql/creationTransactionList.js
new file mode 100644
index 000000000..327221814
--- /dev/null
+++ b/admin/src/graphql/creationTransactionList.js
@@ -0,0 +1,22 @@
+import gql from 'graphql-tag'
+
+export const creationTransactionList = gql`
+  query ($currentPage: Int = 1, $pageSize: Int = 25, $order: Order = DESC, $userId: Int!) {
+    creationTransactionList(
+      currentPage: $currentPage
+      pageSize: $pageSize
+      order: $order
+      userId: $userId
+    ) {
+      id
+      amount
+      balanceDate
+      creationDate
+      memo
+      linkedUser {
+        firstName
+        lastName
+      }
+    }
+  }
+`
diff --git a/admin/src/graphql/transactionList.js b/admin/src/graphql/transactionList.js
deleted file mode 100644
index 2ac81bf64..000000000
--- a/admin/src/graphql/transactionList.js
+++ /dev/null
@@ -1,31 +0,0 @@
-import gql from 'graphql-tag'
-
-export const transactionList = gql`
-  query (
-    $currentPage: Int = 1
-    $pageSize: Int = 25
-    $order: Order = DESC
-    $onlyCreations: Boolean = false
-    $userId: Int = null
-  ) {
-    transactionList(
-      currentPage: $currentPage
-      pageSize: $pageSize
-      order: $order
-      onlyCreations: $onlyCreations
-      userId: $userId
-    ) {
-      transactions {
-        id
-        amount
-        balanceDate
-        creationDate
-        memo
-        linkedUser {
-          firstName
-          lastName
-        }
-      }
-    }
-  }
-`
diff --git a/backend/src/auth/RIGHTS.ts b/backend/src/auth/RIGHTS.ts
index a2e92a2cc..cc108c7d3 100644
--- a/backend/src/auth/RIGHTS.ts
+++ b/backend/src/auth/RIGHTS.ts
@@ -33,4 +33,5 @@ export enum RIGHTS {
   SEND_ACTIVATION_EMAIL = 'SEND_ACTIVATION_EMAIL',
   DELETE_USER = 'DELETE_USER',
   UNDELETE_USER = 'UNDELETE_USER',
+  CREATION_TRANSACTION_LIST = 'CREATION_TRANSACTION_LIST',
 }
diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts
index f0210dc8d..0b4757ee9 100644
--- a/backend/src/graphql/resolver/AdminResolver.ts
+++ b/backend/src/graphql/resolver/AdminResolver.ts
@@ -1,7 +1,7 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 /* eslint-disable @typescript-eslint/explicit-module-boundary-types */
 
-import { Resolver, Query, Arg, Args, Authorized, Mutation, Ctx } from 'type-graphql'
+import { Resolver, Query, Arg, Args, Authorized, Mutation, Ctx, Int } from 'type-graphql'
 import {
   getCustomRepository,
   IsNull,
@@ -19,16 +19,21 @@ import { UserRepository } from '@repository/User'
 import CreatePendingCreationArgs from '@arg/CreatePendingCreationArgs'
 import UpdatePendingCreationArgs from '@arg/UpdatePendingCreationArgs'
 import SearchUsersArgs from '@arg/SearchUsersArgs'
-import { Transaction } from '@entity/Transaction'
+import { Transaction as DbTransaction } from '@entity/Transaction'
+import { Transaction } from '@model/Transaction'
 import { TransactionRepository } from '@repository/Transaction'
 import { calculateDecay } from '@/util/decay'
 import { AdminPendingCreation } from '@entity/AdminPendingCreation'
 import { hasElopageBuys } from '@/util/hasElopageBuys'
 import { LoginEmailOptIn } from '@entity/LoginEmailOptIn'
-import { User } from '@entity/User'
+import { User as dbUser } from '@entity/User'
+import { User } from '@model/User'
 import { TransactionTypeId } from '@enum/TransactionTypeId'
 import Decimal from 'decimal.js-light'
 import { Decay } from '@model/Decay'
+import Paginated from '@arg/Paginated'
+import { Order } from '@enum/Order'
+import { communityUser } from '@/util/communityUser'
 
 // const EMAIL_OPT_IN_REGISTER = 1
 // const EMAIL_OPT_UNKNOWN = 3 // elopage?
@@ -51,6 +56,7 @@ export class AdminResolver {
   ): Promise<SearchUsersResult> {
     const userRepository = getCustomRepository(UserRepository)
 
+    console.log('searchUsers')
     const filterCriteria: ObjectLiteral[] = []
     if (notActivated) {
       filterCriteria.push({ emailChecked: false })
@@ -123,7 +129,7 @@ export class AdminResolver {
   @Authorized([RIGHTS.DELETE_USER])
   @Mutation(() => Date, { nullable: true })
   async deleteUser(@Arg('userId') userId: number, @Ctx() context: any): Promise<Date | null> {
-    const user = await User.findOne({ id: userId })
+    const user = await dbUser.findOne({ id: userId })
     // user exists ?
     if (!user) {
       throw new Error(`Could not find user with userId: ${userId}`)
@@ -135,14 +141,14 @@ export class AdminResolver {
     }
     // soft-delete user
     await user.softRemove()
-    const newUser = await User.findOne({ id: userId }, { withDeleted: true })
+    const newUser = await dbUser.findOne({ id: userId }, { withDeleted: true })
     return newUser ? newUser.deletedAt : null
   }
 
   @Authorized([RIGHTS.UNDELETE_USER])
   @Mutation(() => Date, { nullable: true })
   async unDeleteUser(@Arg('userId') userId: number): Promise<Date | null> {
-    const user = await User.findOne({ id: userId }, { withDeleted: true })
+    const user = await dbUser.findOne({ id: userId }, { withDeleted: true })
     // user exists ?
     if (!user) {
       throw new Error(`Could not find user with userId: ${userId}`)
@@ -157,7 +163,7 @@ export class AdminResolver {
   async createPendingCreation(
     @Args() { email, amount, memo, creationDate, moderator }: CreatePendingCreationArgs,
   ): Promise<number[]> {
-    const user = await User.findOne({ email }, { withDeleted: true })
+    const user = await dbUser.findOne({ email }, { withDeleted: true })
     if (!user) {
       throw new Error(`Could not find user with email: ${email}`)
     }
@@ -214,7 +220,7 @@ export class AdminResolver {
   async updatePendingCreation(
     @Args() { id, email, amount, memo, creationDate, moderator }: UpdatePendingCreationArgs,
   ): Promise<UpdatePendingCreation> {
-    const user = await User.findOne({ email }, { withDeleted: true })
+    const user = await dbUser.findOne({ email }, { withDeleted: true })
     if (!user) {
       throw new Error(`Could not find user with email: ${email}`)
     }
@@ -264,7 +270,7 @@ export class AdminResolver {
 
     const userIds = pendingCreations.map((p) => p.userId)
     const userCreations = await getUserCreations(userIds)
-    const users = await User.find({ where: { id: In(userIds) }, withDeleted: true })
+    const users = await dbUser.find({ where: { id: In(userIds) }, withDeleted: true })
 
     return pendingCreations.map((pendingCreation) => {
       const user = users.find((u) => u.id === pendingCreation.userId)
@@ -297,7 +303,7 @@ export class AdminResolver {
     if (moderatorUser.id === pendingCreation.userId)
       throw new Error('Moderator can not confirm own pending creation')
 
-    const user = await User.findOneOrFail({ id: pendingCreation.userId }, { withDeleted: true })
+    const user = await dbUser.findOneOrFail({ id: pendingCreation.userId }, { withDeleted: true })
     if (user.deletedAt) throw new Error('This user was deleted. Cannot confirm a creation.')
 
     const creations = await getUserCreation(pendingCreation.userId, false)
@@ -319,7 +325,7 @@ export class AdminResolver {
     // TODO pending creations decimal
     newBalance = newBalance.add(new Decimal(Number(pendingCreation.amount)).toString())
 
-    const transaction = new Transaction()
+    const transaction = new DbTransaction()
     transaction.typeId = TransactionTypeId.CREATION
     transaction.memo = pendingCreation.memo
     transaction.userId = pendingCreation.userId
@@ -337,6 +343,28 @@ export class AdminResolver {
 
     return true
   }
+  
+  @Authorized([RIGHTS.CREATION_TRANSACTION_LIST])
+  @Query(() => [Transaction])
+  async creationTransactionList(
+    @Args()
+    { currentPage = 1, pageSize = 25, order = Order.DESC }: Paginated,
+    @Arg('userId', () => Int) userId: number,
+  ): Promise<Transaction[]> {
+
+    const offset = (currentPage - 1) * pageSize
+    const transactionRepository = getCustomRepository(TransactionRepository)
+    const [userTransactions] = await transactionRepository.findByUserPaged(
+      userId,
+      pageSize,
+      offset,
+      order,
+      true,
+    )
+
+    const user = await dbUser.findOneOrFail({ id: userId })
+    return userTransactions.map((t) => new Transaction(t, new User(user), communityUser))
+  }
 }
 
 interface CreationMap {

From 46389ca2e410da09bf01695db1c5c1af6e00e820 Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 17 Mar 2022 11:22:55 +0100
Subject: [PATCH 6/7] fix test after changing query

---
 .../CreationTransactionListFormular.spec.js   | 47 +++++++++----------
 1 file changed, 22 insertions(+), 25 deletions(-)

diff --git a/admin/src/components/CreationTransactionListFormular.spec.js b/admin/src/components/CreationTransactionListFormular.spec.js
index 5acff8ab7..fb137e516 100644
--- a/admin/src/components/CreationTransactionListFormular.spec.js
+++ b/admin/src/components/CreationTransactionListFormular.spec.js
@@ -6,32 +6,30 @@ const localVue = global.localVue
 
 const apolloQueryMock = jest.fn().mockResolvedValue({
   data: {
-    transactionList: {
-      transactions: [
-        {
-          id: 1,
-          amount: 100,
-          balanceDate: 0,
-          creationDate: new Date(),
-          memo: 'Testing',
-          linkedUser: {
-            firstName: 'Gradido',
-            lastName: 'Akademie',
-          },
+    creationTransactionList: [
+      {
+        id: 1,
+        amount: 100,
+        balanceDate: 0,
+        creationDate: new Date(),
+        memo: 'Testing',
+        linkedUser: {
+          firstName: 'Gradido',
+          lastName: 'Akademie',
         },
-        {
-          id: 2,
-          amount: 200,
-          balanceDate: 0,
-          creationDate: new Date(),
-          memo: 'Testing 2',
-          linkedUser: {
-            firstName: 'Gradido',
-            lastName: 'Akademie',
-          },
+      },
+      {
+        id: 2,
+        amount: 200,
+        balanceDate: 0,
+        creationDate: new Date(),
+        memo: 'Testing 2',
+        linkedUser: {
+          firstName: 'Gradido',
+          lastName: 'Akademie',
         },
-      ],
-    },
+      },
+    ],
   },
 })
 
@@ -67,7 +65,6 @@ describe('CreationTransactionListFormular', () => {
             currentPage: 1,
             pageSize: 25,
             order: 'DESC',
-            onlyCreations: true,
             userId: 1,
           },
         }),

From e8625cb5af69d2c1d6d5a1ece350fc012997e59f Mon Sep 17 00:00:00 2001
From: Moriz Wahl <moriz.wahl@gmx.de>
Date: Thu, 17 Mar 2022 11:32:52 +0100
Subject: [PATCH 7/7] remove console log

---
 backend/src/graphql/resolver/AdminResolver.ts | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts
index 0b4757ee9..4c902496d 100644
--- a/backend/src/graphql/resolver/AdminResolver.ts
+++ b/backend/src/graphql/resolver/AdminResolver.ts
@@ -56,7 +56,6 @@ export class AdminResolver {
   ): Promise<SearchUsersResult> {
     const userRepository = getCustomRepository(UserRepository)
 
-    console.log('searchUsers')
     const filterCriteria: ObjectLiteral[] = []
     if (notActivated) {
       filterCriteria.push({ emailChecked: false })
@@ -343,7 +342,7 @@ export class AdminResolver {
 
     return true
   }
-  
+
   @Authorized([RIGHTS.CREATION_TRANSACTION_LIST])
   @Query(() => [Transaction])
   async creationTransactionList(
@@ -351,7 +350,6 @@ export class AdminResolver {
     { currentPage = 1, pageSize = 25, order = Order.DESC }: Paginated,
     @Arg('userId', () => Int) userId: number,
   ): Promise<Transaction[]> {
-
     const offset = (currentPage - 1) * pageSize
     const transactionRepository = getCustomRepository(TransactionRepository)
     const [userTransactions] = await transactionRepository.findByUserPaged(