User Type
The User type represents a user account in the system.
Type Definition
"""
Represents a user account in the system.
"""
type User {
"""
Unique identifier for the user.
"""
id: Int!
"""
User's full name.
"""
name: String!
"""
User's email address.
"""
email: String!
"""
List of client IDs this user has access to.
"""
client_list: [Int!]
"""
User roles for permission management.
"""
roles: [String!]
}
Fields
| Field | Type | Description |
|---|---|---|
id | Int! | Required. Unique identifier |
name | String! | Required. User's full name |
email | String! | Required. User's email address |
client_list | [Int!] | Optional. List of accessible clients |
roles | [String!] | Optional. User roles (e.g., "admin") |
Example Queries
Get User by ID
query GetUser {
user(id: 123) {
id
name
email
client_list
roles
}
}
Get Current User
query GetCurrentUser {
currentUser {
id
name
email
client_list
roles
}
}
The currentUser query is particularly useful for checking the current user's permissions, including whether they have the admin role required for certain operations like updating tracker locations.
Authentication
The system uses JWT tokens for authentication. When a user logs in successfully, they receive a JWT token containing their client_list claim, which determines which clients' data they can access.
Best Practices
-
Authentication
- Always include valid JWT with client_list claim
- Handle token expiration gracefully
- Validate email addresses
-
Authorization
- Check client_list permissions
- Validate client access
- Audit sensitive actions
-
Security
- Protect personal data
- Log access attempts
- Rate limit operations