implements Node && permission!

backend/app/graphql/mutations/login.rb

@@ -6,7 +6,7 @@ class Login < BaseMutation
     argument :email_address, GraphQL::Types::String, required: true
     argument :password, GraphQL::Types::String, required: true
 
-    field :user, Types::UserType, null: true
+    field :success, GraphQL::Types::Boolean, null: false
     field :errors, [Types::Errors::LoginError], null: false
 
     def resolve(email_address:, password:)
@@ -18,7 +18,8 @@ def resolve(email_address:, password:)
         error = :something_wrong
         errors << error
       end
-      { user:, errors: }
+
+      { success: !!user, errors: }
     end
   end
 end

backend/app/graphql/mutations/signup.rb

@@ -5,7 +5,7 @@ class Signup < BaseMutation
 
     argument :email_address, GraphQL::Types::String, required: true
 
-    field :user, Types::UserType, null: true
+    field :success, GraphQL::Types::Boolean, null: false
     field :errors, [Types::Errors::SignupError], null: false
 
     def resolve(email_address:)
@@ -18,11 +18,12 @@ def resolve(email_address:)
       end
       if user.valid?
         InvitationMailer.invite(user.id).deliver_later
+        success = true
       else
         errors += user.errors.errors
-        user = nil
+        success = false
       end
-      { user:, errors: }
+      { success:, errors: }
     end
   end
 end

backend/app/graphql/mutations/verify_email_address.rb

@@ -5,7 +5,7 @@ class VerifyEmailAddress < BaseMutation
 
     argument :signed_id, GraphQL::Types::String, required: true
 
-    field :user, Types::UserType, null: true
+    field :success, GraphQL::Types::Boolean, null: false
 
     def resolve(signed_id:)
       user = nil
@@ -17,9 +17,8 @@ def resolve(signed_id:)
         next unless user
         user.update!(onboarding_status: :before_set_own_password)
         start_new_session_for(user)
-        user
       end
-      { user: }
+      { success: !!user }
     end
   end
 end

backend/app/graphql/types/user_type.rb

@@ -1,6 +1,10 @@
 module Types
   class UserType < Types::BaseObject
-    field :id, ID, null: false
+    implements NodeType
     field :email_address, String, null: false
+
+    def self.authorized?(object, context)
+      super && object == context.fetch(:current_user)
+    end
   end
 end

frontend/src/components/Login/index.tsx

@@ -1,8 +1,7 @@
 import { useMutation } from '@apollo/client'
-import React, { useEffect, type FormEvent, useState } from 'react'
+import React, { type FormEvent, useState } from 'react'
 import { Link } from 'react-router-dom'
 import { css } from '../../../styled-system/css'
-import type { LoginPayload, MutationLoginArgs } from '../../generated/graphql'
 import { LoginInputSchema } from '../../generated/graphql'
 import { LoginDocument } from '../../generated/graphql'
 import { ROUTES } from '../../routes'
@@ -35,8 +34,8 @@ export const Login = () => {
         },
       })
 
-      if (data?.login?.user) {
-        console.log('successful', data.login)
+      if (data?.login?.success) {
+        console.log('successful')
         location.href = ROUTES.ME
       } else if (errors?.length) {
         console.log('GraphQL failed', errors[0].message)

frontend/src/components/Login/login.graphql

@@ -1,8 +1,6 @@
 mutation Login($input: LoginInput!) {
   login(input: $input) {
-    user {
-      __typename
-    }
+    success
     errors {
       __typename
     }

frontend/src/components/Signup/index.tsx

@@ -31,9 +31,9 @@ export const Signup = () => {
         },
       })
 
-      if (data?.signup?.user) {
+      if (data?.signup?.success) {
         setInviting(true)
-        console.log('successful', data.signup.user)
+        console.log('successful')
       } else if (data?.signup?.errors[0].__typename === 'Taken') {
         setBusinessLogicError('Email address is already taken')
         console.log('already taken')

frontend/src/components/Signup/signup.graphql

@@ -1,8 +1,6 @@
 mutation Signup($input: SignupInput!) {
   signup(input: $input) {
-    user {
-      __typename
-    }
+    success
     errors {
       __typename
     }

frontend/src/components/VerifyEmailAddress/VerifyEmailAddress.graphql

@@ -1,8 +1,5 @@
 mutation VerifyEmailAddress($input: VerifyEmailAddressInput!) {
   verifyEmailAddress(input: $input) {
-    user {
-      id
-      __typename
-    }
+    success
   }
 }

frontend/src/components/VerifyEmailAddress/index.tsx

@@ -26,13 +26,13 @@ export const VerifyEmailAddress = () => {
           signedId,
         })
 
-        const response = await verifyEmailAddress({
+        const { data } = await verifyEmailAddress({
           variables: {
             input: validatedInput,
           },
         })
 
-        if (response.data?.verifyEmailAddress?.user) {
+        if (data?.verifyEmailAddress?.success) {
           setSuccess(true)
           setTimeout(() => {
             navigate(ROUTES.SET_PASSWORD)

graphql-schema/backend_schema.graphql

@@ -25,7 +25,7 @@ type LoginPayload {
   """
   clientMutationId: String
   errors: [LoginError!]!
-  user: User
+  success: Boolean!
 }
 
 """
@@ -101,11 +101,41 @@ type Mutation {
   ): VerifyEmailAddressPayload!
 }
 
+"""
+An object with an ID.
+"""
+interface Node {
+  """
+  ID of the object.
+  """
+  id: ID!
+}
+
 type Query {
   """
   Fetch current session
   """
   me: User
+
+  """
+  Fetches an object given its ID.
+  """
+  node(
+    """
+    ID of the object.
+    """
+    id: ID!
+  ): Node
+
+  """
+  Fetches a list of objects given a list of IDs.
+  """
+  nodes(
+    """
+    IDs of the objects.
+    """
+    ids: [ID!]!
+  ): [Node]
 }
 
 """
@@ -156,7 +186,7 @@ type SignupPayload {
   """
   clientMutationId: String
   errors: [SignupError!]!
-  user: User
+  success: Boolean!
 }
 
 type SomethingWrong {
@@ -167,8 +197,12 @@ type Taken {
   message: String!
 }
 
-type User {
+type User implements Node {
   emailAddress: String!
+
+  """
+  ID of the object.
+  """
   id: ID!
 }
 
@@ -191,5 +225,5 @@ type VerifyEmailAddressPayload {
   A unique identifier for the client performing the mutation.
   """
   clientMutationId: String
-  user: User
+  success: Boolean!
 }