- it's good to return the pinnedAt date for ordering
- move test to a better describe block
- remove unneeded outdated variables from graphql/PostQuery UpdatePost
- fix indentation in Post.gql
- fix pinnedAt to return pinned.createdAt, not post.createdAt
Co-authored-by: Mike Aono <aonomike@gmail.com>
`BELONGS_TO` means a user owns an email address. `PRIMARY_EMAIL` means a
user authenticates with that email.
So right now, you get a proper error message if you try to change your
email back to your old email address (because you own it already).
I will make sure to delete the old email so this will be no problem
anymore. But maybe in the future we might have multiple email addresses
per user and then it makes a big difference to use `PRIMARY_EMAIL` or
`BELONGS_TO`.
It might be that people try to register email addresses that they don't own. Then if the actual owner tries to add this email address, she should not get a unique constraint violation. Instead the email will be re-used.
Is this a security issue? Because we re-use the nonce? 🤔
Ok, so here are multiple issues:
1. In cypher, `NOT NULL` will return `NULL` not `FALSE`. If we want
`FALSE` to be set in the database import, we should use `COAELESCE`
to find the first not-null value.
See:
https://neo4j.com/docs/cypher-manual/current/syntax/working-with-null/https://markhneedham.com/blog/2017/02/22/neo4j-null-values-even-work/
2. I removed the `disabled` and `deleted` checks on the commented
counter. With `neo4j-graphql-js` it is not possible to filter on the
join models (at least not without a lot of complexity) for disabled or
deleted items. Let's live with the fact that the list of commented posts
will include those posts, where the user has deleted his comment or where
the user's comment was disabled. It's being displayed as "not available"
so I think this is OK for now.
3. De-couple the pagination counters from the "commented", "shouted"
etc. counters. It might be that the list of posts is different for
different users. E.g. if the user has blocked you, the "posts" list
will be empty. The "shouted" or "commented" list will not have the
posts of the author. If you are a moderator, the list will include
disabled posts. So the counters are not in sync with the actual list
coming from the backend. Therefore I implemented "fetch and check if
resultSet < pageSize" instead of a global counter.
