fix(acl): filter out the results based on type (#7978)

We store the groupId and userId in a predicate named dgraph.xid.There was a subtle bug where if a we create the group with same name as that of a user, then the user is not able to log in. This happens because we were not applying a filter by type. This PR fixes that. (cherry picked from commit 3553855)
dgraph-io · NamanJain8 · Aug 12, 2021 · Aug 12, 2021 · Aug 12, 2021 · ee46b52beca16c43588135f2255d26ea971bbca4
commit ee46b52beca16c43588135f2255d26ea971bbca4
diff --git a/edgraph/access_ee.go b/edgraph/access_ee.go
@@ -273,7 +273,7 @@ func getRefreshJwt(userId string, namespace uint64) (string, error) {
 
 const queryUser = `
     query search($userid: string, $password: string){
-      user(func: eq(dgraph.xid, $userid)) {
+      user(func: eq(dgraph.xid, $userid)) @filter(type(dgraph.type.User)) {
 	    uid
         dgraph.xid
         password_match: checkpwd(dgraph.password, $password)
@@ -459,7 +459,7 @@ func InitializeAcl(closer *z.Closer) {
 func upsertGuardian(ctx context.Context) error {
 	query := fmt.Sprintf(`
 			{
-				guid as guardians(func: eq(dgraph.xid, "%s")){
+				guid as guardians(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.Group)) {
 					uid
 				}
 			}
@@ -529,10 +529,10 @@ func upsertGroot(ctx context.Context, passwd string) error {
 	// groot is the default user of guardians group.
 	query := fmt.Sprintf(`
 			{
-				grootid as grootUser(func: eq(dgraph.xid, "%s")){
+				grootid as grootUser(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.User)) {
 					uid
 				}
-				guid as var(func: eq(dgraph.xid, "%s"))
+				guid as var(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.Group))
 			}
 		`, x.GrootId, x.GuardiansId)
 	userNQuads := acl.CreateUserNQuads(x.GrootId, passwd)