better use account reference and fetchAccountWithReference (#11210)

Author: znarf

server/graphql/v2/mutation/AccountMutations.ts

@@ -33,7 +33,6 @@ import { checkRemoteUserCanUseAccount, checkRemoteUserCanUseHost } from '../../c
 import { BadRequest, Forbidden, NotFound, Unauthorized, ValidationFailed } from '../../errors';
 import { AccountTypeToModelMapping } from '../enum/AccountType';
 import { GraphQLTwoFactorMethodEnum } from '../enum/TwoFactorMethodEnum';
-import { idDecode } from '../identifiers';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import { GraphQLAccountUpdateInput } from '../input/AccountUpdateInput';
 import { GraphQLDuplicateAccountDataTypeInput } from '../input/DuplicateAccountDataTypeInput';
@@ -374,7 +373,7 @@ const accountMutations = {
     async resolve(_: void, args, req: express.Request) {
       checkRemoteUserCanUseAccount(req);
 
-      const account = await fetchAccountWithReference(args.account);
+      const account = await fetchAccountWithReference(args.account, { loaders: req.loaders, throwIfMissing: true });
 
       if (!req.remoteUser.isAdminOfCollective(account)) {
         throw new Forbidden();
@@ -414,7 +413,7 @@ const accountMutations = {
     ): Promise<Record<string, unknown>> {
       checkRemoteUserCanUseAccount(req);
 
-      const account = await fetchAccountWithReference(args.account);
+      const account = await fetchAccountWithReference(args.account, { loaders: req.loaders, throwIfMissing: true });
 
       if (!req.remoteUser.isAdminOfCollective(account)) {
         throw new Forbidden();
@@ -545,7 +544,7 @@ const accountMutations = {
     async resolve(_: void, args, req: express.Request): Promise<Collective> {
       checkRemoteUserCanUseAccount(req);
 
-      const account = await fetchAccountWithReference(args.account);
+      const account = await fetchAccountWithReference(args.account, { loaders: req.loaders, throwIfMissing: true });
 
       if (!req.remoteUser.isAdminOfCollective(account)) {
         throw new Forbidden();
@@ -651,11 +650,7 @@ const accountMutations = {
     async resolve(_: void, args, req: express.Request): Promise<Collective> {
       checkRemoteUserCanUseAccount(req);
 
-      const id = idDecode(args.account.id, 'account');
-      const account = await req.loaders.Collective.byId.load(id);
-      if (!account) {
-        throw new NotFound('Account Not Found');
-      }
+      const account = await fetchAccountWithReference(args.account, { loaders: req.loaders, throwIfMissing: true });
 
       if (!req.remoteUser.isAdminOfCollective(account) && !req.remoteUser.isRoot()) {
         throw new Forbidden();
@@ -808,11 +803,7 @@ const accountMutations = {
     async resolve(_: void, args, req: express.Request): Promise<Collective> {
       checkRemoteUserCanUseAccount(req);
 
-      const id = args.account.legacyId || idDecode(args.account.id, 'account');
-      const account = await req.loaders.Collective.byId.load(id);
-      if (!account) {
-        throw new NotFound('Account Not Found');
-      }
+      const account = await fetchAccountWithReference(args.account, { loaders: req.loaders, throwIfMissing: true });
 
       // Check host only policies
       const previousPolicies = account.data?.policies || {};
@@ -865,11 +856,7 @@ const accountMutations = {
     async resolve(_, args, req) {
       checkRemoteUserCanUseAccount(req);
 
-      const id = args.account.legacyId || idDecode(args.account.id, 'account');
-      const account = await req.loaders.Collective.byId.load(id);
-      if (!account) {
-        throw new NotFound('Account Not Found');
-      }
+      const account = await fetchAccountWithReference(args.account, { loaders: req.loaders, throwIfMissing: true });
 
       if (!req.remoteUser.isAdminOfCollective(account)) {
         throw new Unauthorized('You need to be logged in as an Admin of the account.');