Missing DataLoader for strapi::user in GraphQL plugin for querying updated_by and created_by

[daanvanham]

Describe the bug
When I try to add updated_by or created_by to my GraphQL query an error returns: "Cannot read property 'load' of undefined". It looks like the DataLoader for strapi::user is missing (that's the targetModel.uid I saw while debugging a bit).

Steps to reproduce the behavior

1. Go to 'http://localhost:1337/graphql'
2. Do a query on one of your content types with updated_by { id } or created_by { id } in the query
3. See error

Expected behavior
I expected there to be an ID of the user that created the content for that content type.

Screenshots
https://ibb.co/BtwPYr3

System

• Node.js version: v12.13.1
• NPM version: v6.12.1
• Strapi version: v3.1.3
• Database: MongoDB
• Operating system: Mac OSX

[lauriejim]

Thank you for reporting this issue.
I ping @alexandrebodin about that.
I think it's something you can try to investigate in the code source of the plugin to fix this issue.
I really appreciate your contribution on that point.

[jaakidup]

Yes, I'm hitting the same errors.
Specifically when the created_by user is the adminUser <= not sure if this makes a difference

[daanvanham]

Well I'm not sure how/where to fix this, even though I would love to contribute.

But I think I'm onto something... If I go to the data-loaders.js in the graphql plugin and log Object.keys(strapi.models) and Object.keys(strapi.plugins) it doesn't show the model for Users. I think this has something to do with the user/permission a few weeks ago. Anyway, I think all that should happen is add it to the list of models, because when I just write down this.createLoader('strapi::user') somewhere in the initializeLoader method, everything is fine. The query now return the AdminUser like we expect it to.

Hope you guys can do something with this info :)

[alexandrebodin]

@daanvanham If you are willing to make a PR your are right on point ;)

To be honest this info is not meant to be used as a public info though. as it really is meant only for the admin but if you really want to use it go ahead :)

[daanvanham]

@daanvanham If you are willing to make a PR your are right on point ;)

But I'm not sure where the code should be, adding a model to the strapi.models. If you can hint me in the right direction :)

To be honest this info is not meant to be used as a public info though

Then why is it in the model? Since you're always an AdminUser if you create content using the Strapi interface. That would mean that created_by and updated_by are only "valid fields" if content is created through the API with one of the UserPermissionUsers, don't think that's how it should be working I guess? Correct me if I'm wrong :)

[alexandrebodin]

@daanvanham you need to run this.createLoader('strapi::user') in the intializeLoader like you mentionned :)

The info is in the model as we are using in in the Admin and is usefull in the Admin. What I mean is that it is not meant to be used as an author info but is for internal purposes. We could certainly remove it from the APIs but figured this could be usefull for some users.

[alexandrebodin]

Hi @daanvanham Are you in fact using the created_by and updated_by fields ? we are actually thinking of making them private for now to avoid any non wanted data leaks. You can check the conversation here. #7177

[daanvanham]

Hi, yes we are currently using it for one of our applications.

But in the conversation I saw a suggestion of one of the users to add a controller which can filter out the unwanted fields.
#7177 (comment)

This in my opinion is a better solution to "fix" this "unwanted data leaks issue". Otherwise you'll have to add a user field for the contenttypes you want to have an author field and thus a duplicate user (both admin and non-admin). This feels a bit obsolete.

Another solution could be, if you guys want to put it in a feature later on, to make the field configurable. So that you can set it to public/private inside Strapi (the whole User Object or certain parts of the User Object).