Handle getting organized events from an actor when not authorized

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-03-25 10:46:45 +01:00 · 2021-03-25 10:46:45 +01:00 · b95b3c16e7
parent 7aadc447e1
commit b95b3c16e7
1 changed files with 5 additions and 1 deletions
--- a/lib/graphql/resolvers/person.ex
+++ b/lib/graphql/resolvers/person.ex
@ -368,9 +368,13 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
          context: %{current_user: %User{id: user_id, role: role}}
        }
      ) do
-    with true <- actor_user_id == user_id or is_moderator(role),
+    with {:can_get_events, true} <-
+           {:can_get_events, actor_user_id == user_id or is_moderator(role)},
         %Page{} = page <- Events.list_organized_events_for_actor(actor, page, limit) do
      {:ok, page}
+    else
+      {:can_get_events, false} ->
+        {:error, :unauthorized}
    end
  end