Handle getting organized events from an actor when not authorized
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
7aadc447e1
commit
b95b3c16e7
@ -368,9 +368,13 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
|
|||||||
context: %{current_user: %User{id: user_id, role: role}}
|
context: %{current_user: %User{id: user_id, role: role}}
|
||||||
}
|
}
|
||||||
) do
|
) do
|
||||||
with true <- actor_user_id == user_id or is_moderator(role),
|
with {:can_get_events, true} <-
|
||||||
|
{:can_get_events, actor_user_id == user_id or is_moderator(role)},
|
||||||
%Page{} = page <- Events.list_organized_events_for_actor(actor, page, limit) do
|
%Page{} = page <- Events.list_organized_events_for_actor(actor, page, limit) do
|
||||||
{:ok, page}
|
{:ok, page}
|
||||||
|
else
|
||||||
|
{:can_get_events, false} ->
|
||||||
|
{:error, :unauthorized}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user