From 356f69cef2ff21cf232df1fd1221b9d625bf3f57 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Wed, 31 Mar 2021 10:06:13 +0200
Subject: [PATCH] Fix accessing a discussion without being a member

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 js/src/views/Discussions/Discussion.vue | 27 ++++++++++++++++++++-----
 lib/graphql/resolvers/discussion.ex     |  1 +
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/js/src/views/Discussions/Discussion.vue b/js/src/views/Discussions/Discussion.vue
index 56618e6c2..da3b1e9f3 100644
--- a/js/src/views/Discussions/Discussion.vue
+++ b/js/src/views/Discussions/Discussion.vue
@@ -18,7 +18,7 @@
             }"
             >{{ discussion.actor.name }}</router-link
           >
-          <b-skeleton v-else animated />
+          <b-skeleton v-else-if="$apollo.loading" animated />
         </li>
         <li>
           <router-link
@@ -31,7 +31,7 @@
             }"
             >{{ $t("Discussions") }}</router-link
           >
-          <b-skeleton animated v-else />
+          <b-skeleton animated v-else-if="$apollo.loading" />
         </li>
         <li class="is-active">
           <router-link
@@ -41,6 +41,9 @@
         </li>
       </ul>
     </nav>
+    <b-message v-if="error" type="is-danger">
+      {{ error }}
+    </b-message>
     <section>
       <div class="discussion-title">
         <h2 class="title" v-if="discussion.title && !editTitleMode">
@@ -60,8 +63,16 @@
             <b-icon icon="pencil" />
           </span>
         </h2>
-        <b-skeleton v-else-if="!editTitleMode" height="50px" animated />
-        <form v-else @submit.prevent="updateDiscussion" class="title-edit">
+        <b-skeleton
+          v-else-if="!editTitleMode && $apollo.loading"
+          height="50px"
+          animated
+        />
+        <form
+          v-else-if="!$apollo.loading && !error"
+          @submit.prevent="updateDiscussion"
+          class="title-edit"
+        >
           <b-input :value="discussion.title" v-model="newTitle" />
           <div class="buttons">
             <b-button
@@ -100,7 +111,7 @@
         @click="loadMoreComments"
         >{{ $t("Fetch more") }}</b-button
       >
-      <form @submit.prevent="reply">
+      <form @submit.prevent="reply" v-if="!error">
         <b-field :label="$t('Text')">
           <editor v-model="newComment" />
         </b-field>
@@ -217,6 +228,7 @@ export default class discussion extends mixins(GroupMixin) {
   RouteName = RouteName;
 
   usernameWithDomain = usernameWithDomain;
+  error: string | null = null;
 
   async reply(): Promise<void> {
     if (this.newComment === "") return;
@@ -422,6 +434,11 @@ export default class discussion extends mixins(GroupMixin) {
     if (errors[0].message.includes("No such discussion")) {
       await this.$router.push({ name: RouteName.PAGE_NOT_FOUND });
     }
+    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+    // @ts-ignore
+    if (errors[0].code === "unauthorized") {
+      this.error = errors[0].message;
+    }
   }
 
   mounted(): void {
diff --git a/lib/graphql/resolvers/discussion.ex b/lib/graphql/resolvers/discussion.ex
index 328b0d718..fe7ba3c02 100644
--- a/lib/graphql/resolvers/discussion.ex
+++ b/lib/graphql/resolvers/discussion.ex
@@ -60,6 +60,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Discussion do
       {:ok, discussion}
     else
       nil -> {:error, dgettext("errors", "Discussion not found")}
+      {:member, false} -> {:error, :unauthorized}
     end
   end