Handle getting organized events from an actor when not authorized

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-03-25 10:46:45 +01:00
parent 7aadc447e1
commit b95b3c16e7
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773

View File

@ -368,9 +368,13 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
context: %{current_user: %User{id: user_id, role: role}} context: %{current_user: %User{id: user_id, role: role}}
} }
) do ) do
with true <- actor_user_id == user_id or is_moderator(role), with {:can_get_events, true} <-
{:can_get_events, actor_user_id == user_id or is_moderator(role)},
%Page{} = page <- Events.list_organized_events_for_actor(actor, page, limit) do %Page{} = page <- Events.list_organized_events_for_actor(actor, page, limit) do
{:ok, page} {:ok, page}
else
{:can_get_events, false} ->
{:error, :unauthorized}
end end
end end