Attempt to add GQL query for looking up user

This fails: despite the AllowAnonymous, the GraphQL query is being
rejected because the RegisterAccount audience is not allowed to use GQL
queries. I'll need to find some other way to do this.

backend/LexBoxApi/GraphQL/LexQueries.cs

@@ -1,3 +1,4 @@
+using HotChocolate.Authorization;
 using HotChocolate.Resolvers;
 using LexBoxApi.Auth;
 using LexBoxApi.Auth.Attributes;
@@ -201,6 +202,26 @@ public IQueryable<User> Users(LexBoxDbContext context)
  };
  }
 
+ [AllowAnonymous]
+ public async Task<MeDto?> UserById(LexBoxDbContext context, LoggedInContext loggedInContext, Guid userId)
+ {
+ var registeringUser = loggedInContext.User;
+ // Only admins can look up users other than themselves via this query
+ if (!registeringUser.IsAdmin && registeringUser.Id != userId)
+ {
+ throw new UnauthorizedAccessException();
+ }
+ var user = await context.Users.FindAsync(userId);
+ if (user == null) return null;
+ return new MeDto
+ {
+ Id = user.Id,
+ Name = user.Name,
+ Email = user.Email,
+ Locale = user.LocalizationCode
+ };
+ }
+
  public async Task<OrgMemberDto?> OrgMemberById(LexBoxDbContext context, IPermissionService permissionService, Guid orgId, Guid userId)
  {
  // Only site admins and org admins are allowed to run this query

frontend/schema.graphql

@@ -1,4 +1,4 @@
-schema {
+schema {
  query: Query
  mutation: Mutation
 }
@@ -426,6 +426,7 @@ type Query {
  orgById(orgId: UUID!): OrgById
  users(skip: Int take: Int where: UserFilterInput orderBy: [UserSortInput!]): UsersCollectionSegment @authorize(policy: "AdminRequiredPolicy")
  me: MeDto
+ userById(userId: UUID!): MeDto @authorize(policy: "AllowAnyAudiencePolicy")
  orgMemberById(orgId: UUID! userId: UUID!): OrgMemberDto
  meAuth: LexAuthUser!
  testingThrowsError: LexAuthUser!