From c4b997bc5248900fba36e239394e2ca44f5fd4bf Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 5 Feb 2021 14:45:39 +0100
Subject: [PATCH 1/5] Fix accessing group event unlogged

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 js/src/components/Comment/Comment.vue     |  8 +++-----
 js/src/components/Comment/CommentTree.vue | 10 ++++------
 js/src/views/Event/Edit.vue               | 16 +++++++---------
 3 files changed, 14 insertions(+), 20 deletions(-)

diff --git a/js/src/components/Comment/Comment.vue b/js/src/components/Comment/Comment.vue
index 8040a2c8b..8d86dc9b6 100644
--- a/js/src/components/Comment/Comment.vue
+++ b/js/src/components/Comment/Comment.vue
@@ -296,11 +296,9 @@ export default class Comment extends Vue {
   }
 
   get commentFromOrganizer(): boolean {
-    return (
-      this.event.organizerActor !== undefined &&
-      this.comment.actor != null &&
-      this.comment.actor.id === this.event.organizerActor.id
-    );
+    const organizerId =
+      this.event?.organizerActor?.id || this.event?.attributedTo?.id;
+    return organizerId !== undefined && this.comment?.actor?.id === organizerId;
   }
 
   get commentId(): string {
diff --git a/js/src/components/Comment/CommentTree.vue b/js/src/components/Comment/CommentTree.vue
index 10c5bbc44..363f517a8 100644
--- a/js/src/components/Comment/CommentTree.vue
+++ b/js/src/components/Comment/CommentTree.vue
@@ -320,11 +320,9 @@ export default class CommentTree extends Vue {
   }
 
   get isEventOrganiser(): boolean {
-    return (
-      this.currentActor.id !== undefined &&
-      this.event.organizerActor !== undefined &&
-      this.currentActor.id === this.event.organizerActor.id
-    );
+    const organizerId =
+      this.event?.organizerActor?.id || this.event?.attributedTo?.id;
+    return organizerId !== undefined && this.currentActor?.id === organizerId;
   }
 
   get areCommentsClosed(): boolean {
@@ -335,7 +333,7 @@ export default class CommentTree extends Vue {
   }
 
   get isAbleToComment(): boolean {
-    if (this.currentActor && this.currentActor.id) {
+    if (this.currentActor?.id) {
       return this.areCommentsClosed || this.isEventOrganiser;
     }
     return false;
diff --git a/js/src/views/Event/Edit.vue b/js/src/views/Event/Edit.vue
index 86304b3de..e88e2f946 100644
--- a/js/src/views/Event/Edit.vue
+++ b/js/src/views/Event/Edit.vue
@@ -579,7 +579,7 @@ export default class EditEvent extends Vue {
   }
 
   private getDefaultActor() {
-    if (this.event.organizerActor && this.event.organizerActor.id) {
+    if (this.event.organizerActor?.id) {
       return this.event.organizerActor;
     }
     return this.currentActor;
@@ -725,7 +725,7 @@ export default class EditEvent extends Vue {
   get isCurrentActorOrganizer(): boolean {
     return !(
       this.eventId &&
-      this.event.organizerActor &&
+      this.event.organizerActor?.id !== undefined &&
       this.currentActor.id !== this.event.organizerActor.id
     ) as boolean;
   }
@@ -822,19 +822,17 @@ export default class EditEvent extends Vue {
   }
 
   get attributedToEqualToOrganizerActor(): boolean {
-    return (this.event.organizerActor &&
-      this.event.attributedTo &&
-      this.event.attributedTo.id === this.event.organizerActor.id) as boolean;
+    return (this.event.organizerActor?.id !== undefined &&
+      this.event.attributedTo?.id === this.event.organizerActor?.id) as boolean;
   }
 
   /**
    * Build variables for Event GraphQL creation query
    */
   private async buildVariables() {
-    this.event.organizerActor =
-      this.event.organizerActor && this.event.organizerActor.id
-        ? this.event.organizerActor
-        : this.currentActor;
+    this.event.organizerActor = this.event.organizerActor?.id
+      ? this.event.organizerActor
+      : this.currentActor;
     let res = this.event.toEditJSON();
     if (this.event.organizerActor) {
       res = Object.assign(res, {

From c934889b58fc23e59ab5d9d494ef7e0d46734268 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 26 Feb 2021 11:44:27 +0100
Subject: [PATCH 2/5] Allow every origin for connect-src because of Webfinger

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/web/plugs/http_security_plug.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/web/plugs/http_security_plug.ex b/lib/web/plugs/http_security_plug.ex
index f66cb9aa3..ab10f77d9 100644
--- a/lib/web/plugs/http_security_plug.ex
+++ b/lib/web/plugs/http_security_plug.ex
@@ -52,8 +52,9 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
 
     media_src = ["media-src 'self' "] ++ Config.get([:http_security, :csp_policy, :media_src])
 
+    # Connect-src is available for any origin because of webfinger query to redirect to content
     connect_src =
-      ["connect-src 'self' blob: ", static_url, ?\s, websocket_url] ++
+      ["connect-src 'self' * blob: ", static_url, ?\s, websocket_url] ++
         Config.get([:http_security, :csp_policy, :connect_src])
 
     script_src =

From 0b6d21fe7a35d40754e01066c8da2a00f87deb5d Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 26 Feb 2021 14:04:10 +0100
Subject: [PATCH 3/5] Fix editing a group discussion

Make sure media is preloaded

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/mobilizon/discussions/discussions.ex | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/mobilizon/discussions/discussions.ex b/lib/mobilizon/discussions/discussions.ex
index 35d3b47dd..fac154fc9 100644
--- a/lib/mobilizon/discussions/discussions.ex
+++ b/lib/mobilizon/discussions/discussions.ex
@@ -43,7 +43,8 @@ defmodule Mobilizon.Discussions do
     :replies,
     :tags,
     :mentions,
-    :discussion
+    :discussion,
+    :media
   ]
 
   @discussion_preloads [

From 7997a10c29df58dcc323d83a9f5b3fdfda59069c Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 26 Feb 2021 16:21:23 +0100
Subject: [PATCH 4/5] Improve search form display

Closes #557

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 js/src/views/Search.vue | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/js/src/views/Search.vue b/js/src/views/Search.vue
index 765c96899..6157f0b37 100644
--- a/js/src/views/Search.vue
+++ b/js/src/views/Search.vue
@@ -31,7 +31,7 @@
               />
             </b-field>
             <b-field :label="$t('Radius')" label-for="radius">
-              <b-select v-model="radius" id="radius">
+              <b-select v-model="radius" id="radius" expanded>
                 <option
                   v-for="(radiusOption, index) in radiusOptions"
                   :key="index"
@@ -42,7 +42,12 @@
               </b-select>
             </b-field>
             <b-field :label="$t('Date')" label-for="date">
-              <b-select v-model="when" id="date" :disabled="activeTab !== 0">
+              <b-select
+                v-model="when"
+                id="date"
+                :disabled="activeTab !== 0"
+                expanded
+              >
                 <option
                   v-for="(option, index) in options"
                   :key="index"
@@ -461,5 +466,16 @@ form {
   ::v-deep .field label.label {
     margin-bottom: 0;
   }
+
+  .field.is-expanded:last-child > .field-body > .field.is-grouped {
+    flex-wrap: wrap;
+    flex: 1;
+    .field {
+      flex: 1 0 auto;
+      &:first-child {
+        flex: 3 0 300px;
+      }
+    }
+  }
 }
 </style>

From 3b00ad66c9e4ba9c3dda91a3d2558e2c020580ec Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 26 Feb 2021 16:34:51 +0100
Subject: [PATCH 5/5] Bump version to 1.0.7

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 CHANGELOG.md    | 16 +++++++++++++---
 js/package.json |  2 +-
 mix.exs         |  2 +-
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ebd0c391c..2d9b0e222 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## 1.0.6 - 04-02-2020
+## 1.0.7 - 27-02-2021
+
+### Fixed
+
+- Fixed accessing group event unlogged
+- Fixed broken redirection with Webfinger due to strict connect-src
+- Fixed editing group discussions
+- Fixed search form display
+- Fixed wrong year in CHANGELOG.md
+
+## 1.0.6 - 04-02-2021
 
 ### Added
 
@@ -16,13 +26,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed sending events & posts to group followers
 - Fixed redirection after deleting an event
 
-## 1.0.5 - 27-01-2020
+## 1.0.5 - 27-01-2021
 
 ### Fixed
 
 - Fixed duplicate entries in search with empty search query
 
-## 1.0.4 - 26-01-2020
+## 1.0.4 - 26-01-2021
 
 ### Added
 
diff --git a/js/package.json b/js/package.json
index f0e91abb3..6087d6a50 100644
--- a/js/package.json
+++ b/js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "mobilizon",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "private": true,
   "scripts": {
     "serve": "vue-cli-service serve",
diff --git a/mix.exs b/mix.exs
index 980e58095..7cfa06538 100644
--- a/mix.exs
+++ b/mix.exs
@@ -1,7 +1,7 @@
 defmodule Mobilizon.Mixfile do
   use Mix.Project
 
-  @version "1.0.6"
+  @version "1.0.7"
 
   def project do
     [