balances queried by account owners only

for privacy, debitor and creditor values in transactions receive queries from account owners only. *EXCEPTION: account in query set as public by owner (later feature)*

1. sign into account on react client
1. POST /graphql/transactions with query and [cognito token](https://github.com/systemaccounting/mxfactorial/issues/98)

**expected**  
1. /graphql calls [getUser()](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#getUser-property) with cognito token
1. cognito `data` returns from `getUser()`
1. /graphql tests cognito `data.Username` in `debitor` and `creditor` values of balance query **before resolving** measure-faas invocation:
```js
const authorizeAccountBalanceQuery = (query, usernameFromCognitoGetUser) => {
  // ...
  if (query.creditor !== usernameFromCognitoGetUser && query.debitor !== usernameFromCognitoGetUser) {
    console.log("401 Unauthorized")
    return "401 Unauthorized"
  }
  // ...
}
```

---

**Estimations will include unit and e2e test coverage of requirements. New screens will include an e2e inventory test ([example](https://github.com/systemaccounting/mxfactorial/blob/cec04261f6e3e47356b2f0338f851bd71e2f59bc/react/e2e/private/homeScreen/homeScreenInventory.test.js)).*

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

balances queried by account owners only #100

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

balances queried by account owners only #100

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions