From b95b3c16e7c445db69205c51384b3dada42ee9ec Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 25 Mar 2021 10:46:45 +0100
Subject: [PATCH] Handle getting organized events from an actor when not
 authorized

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/graphql/resolvers/person.ex | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/graphql/resolvers/person.ex b/lib/graphql/resolvers/person.ex
index a3ab617ec..a1588263f 100644
--- a/lib/graphql/resolvers/person.ex
+++ b/lib/graphql/resolvers/person.ex
@@ -368,9 +368,13 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
           context: %{current_user: %User{id: user_id, role: role}}
         }
       ) do
-    with true <- actor_user_id == user_id or is_moderator(role),
+    with {:can_get_events, true} <-
+           {:can_get_events, actor_user_id == user_id or is_moderator(role)},
          %Page{} = page <- Events.list_organized_events_for_actor(actor, page, limit) do
       {:ok, page}
+    else
+      {:can_get_events, false} ->
+        {:error, :unauthorized}
     end
   end