Handle getting organized events from an actor when not authorized
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
7aadc447e1
commit
b95b3c16e7
@ -368,9 +368,13 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
|
||||
context: %{current_user: %User{id: user_id, role: role}}
|
||||
}
|
||||
) do
|
||||
with true <- actor_user_id == user_id or is_moderator(role),
|
||||
with {:can_get_events, true} <-
|
||||
{:can_get_events, actor_user_id == user_id or is_moderator(role)},
|
||||
%Page{} = page <- Events.list_organized_events_for_actor(actor, page, limit) do
|
||||
{:ok, page}
|
||||
else
|
||||
{:can_get_events, false} ->
|
||||
{:error, :unauthorized}
|
||||
end
|
||||
end
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user