Fix accessing a discussion without being a member

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-03-31 10:06:13 +02:00
parent be20cb807c
commit 356f69cef2
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
2 changed files with 23 additions and 5 deletions
js/src/views/Discussions
lib/graphql/resolvers

View File

@ -18,7 +18,7 @@
}"
>{{ discussion.actor.name }}</router-link
>
<b-skeleton v-else animated />
<b-skeleton v-else-if="$apollo.loading" animated />
</li>
<li>
<router-link
@ -31,7 +31,7 @@
}"
>{{ $t("Discussions") }}</router-link
>
<b-skeleton animated v-else />
<b-skeleton animated v-else-if="$apollo.loading" />
</li>
<li class="is-active">
<router-link
@ -41,6 +41,9 @@
</li>
</ul>
</nav>
<b-message v-if="error" type="is-danger">
{{ error }}
</b-message>
<section>
<div class="discussion-title">
<h2 class="title" v-if="discussion.title && !editTitleMode">
@ -60,8 +63,16 @@
<b-icon icon="pencil" />
</span>
</h2>
<b-skeleton v-else-if="!editTitleMode" height="50px" animated />
<form v-else @submit.prevent="updateDiscussion" class="title-edit">
<b-skeleton
v-else-if="!editTitleMode && $apollo.loading"
height="50px"
animated
/>
<form
v-else-if="!$apollo.loading && !error"
@submit.prevent="updateDiscussion"
class="title-edit"
>
<b-input :value="discussion.title" v-model="newTitle" />
<div class="buttons">
<b-button
@ -100,7 +111,7 @@
@click="loadMoreComments"
>{{ $t("Fetch more") }}</b-button
>
<form @submit.prevent="reply">
<form @submit.prevent="reply" v-if="!error">
<b-field :label="$t('Text')">
<editor v-model="newComment" />
</b-field>
@ -217,6 +228,7 @@ export default class discussion extends mixins(GroupMixin) {
RouteName = RouteName;
usernameWithDomain = usernameWithDomain;
error: string | null = null;
async reply(): Promise<void> {
if (this.newComment === "") return;
@ -422,6 +434,11 @@ export default class discussion extends mixins(GroupMixin) {
if (errors[0].message.includes("No such discussion")) {
await this.$router.push({ name: RouteName.PAGE_NOT_FOUND });
}
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
// @ts-ignore
if (errors[0].code === "unauthorized") {
this.error = errors[0].message;
}
}
mounted(): void {

View File

@ -60,6 +60,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Discussion do
{:ok, discussion}
else
nil -> {:error, dgettext("errors", "Discussion not found")}
{:member, false} -> {:error, :unauthorized}
end
end