From 8df402e4cb0e0e0de8c08c447f4666ab2a1facaf Mon Sep 17 00:00:00 2001
From: Matteo Cominetti <matteo@speckle.systems>
Date: Sat, 25 Jul 2020 21:21:59 +0100
Subject: [PATCH] fix(gql): query users, improves validations

---
 modules/core/graph/resolvers/user.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/modules/core/graph/resolvers/user.js b/modules/core/graph/resolvers/user.js
index bf9c0e8228..00903c9d9b 100644
--- a/modules/core/graph/resolvers/user.js
+++ b/modules/core/graph/resolvers/user.js
@@ -33,11 +33,12 @@ module.exports = {
         async users(parent, args, context, info) {
 
             await validateServerRole(context, 'server:user')
+            await validateScopes(context.scopes, 'profile:read')
+            await validateScopes(context.scopes, 'users:read')
 
-            if (!args.id)
-                await validateScopes(context.scopes, 'profile:read')
-            else
-                await validateScopes(context.scopes, 'users:read')
+            if (!args.query) {
+                throw new UserInputError('You must provide a search query.')
+            }
 
             return await findUsers(args.query)
         },