From aec14ad63697f3fdce730b4b1263bbd498a8b86c Mon Sep 17 00:00:00 2001
From: Adam Coffman <acc@fastmail.com>
Date: Tue, 29 Oct 2024 14:47:39 -0500
Subject: [PATCH] move email from an explicit auth error to hidden

---
 server/app/graphql/types/entities/user_type.rb | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/server/app/graphql/types/entities/user_type.rb b/server/app/graphql/types/entities/user_type.rb
index fd49eff07..9e1c8b0be 100644
--- a/server/app/graphql/types/entities/user_type.rb
+++ b/server/app/graphql/types/entities/user_type.rb
@@ -21,6 +21,7 @@ class UserType < Types::BaseObject
     field :most_recent_activity_timestamp, GraphQL::Types::ISO8601DateTime, null: true
     field :most_recent_organization_id, Int, null: true
     field :ranks, Types::Entities::RanksType, null: false
+    field :email, String, null: true
 
     profile_image_sizes = [256, 128, 64, 32, 18, 12]
     field :profile_image_path, String, null: true do
@@ -33,12 +34,6 @@ class UserType < Types::BaseObject
         }
     end
 
-    field :email, String, null: true do
-      def authorized?(object, args, context)
-        object.id == context[:current_user]&.id
-      end
-    end
-
     field :notifications, Types::Entities::NotificationType.connection_type, null: true do
       description 'Filterable list of notifications for the logged in user.'
       type_desc = 'Filter the response to include only notifications of a certain type (ex: mentions).'
@@ -55,6 +50,15 @@ def authorized?(object, args, context)
       end
     end
 
+    def email
+      #You can only fetch your own email
+      if object.id == context[:current_user]&.id
+        object.email
+      else
+        nil
+      end
+    end
+
     def organizations
       Loaders::AssociationLoader.for(User, :organizations).load(object)
     end