Fix search exposing events to unlogged users

Closes #892 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-11-08 18:46:04 +01:00
parent 729a6a7113
commit 3961a2067b
6 changed files with 78 additions and 36 deletions
--- a/lib/graphql/resolvers/event.ex
+++ b/lib/graphql/resolvers/event.ex
@@ -117,28 +117,19 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
  @spec find_event(any(), map(), Absinthe.Resolution.t()) ::
          {:ok, Event.t()} | {:error, :event_not_found}
  def find_event(parent, %{uuid: uuid} = args, %{context: context} = resolution) do
-    with {:has_event, %Event{} = event} <-
-           {:has_event, Events.get_public_event_by_uuid_with_preload(uuid)},
-         {:access_valid, true} <-
-           {:access_valid, Map.has_key?(context, :current_user) || check_event_access(event)} do
-      {:ok, event}
-    else
-      {:has_event, _} ->
+    case Events.get_public_event_by_uuid_with_preload(uuid) do
+      %Event{} = event ->
+        if Map.has_key?(context, :current_user) || check_event_access?(event) do
+          {:ok, event}
+        else
+          {:error, :event_not_found}
+        end
+
+      _ ->
        find_private_event(parent, args, resolution)
-
-      {:access_valid, _} ->
-        {:error, :event_not_found}
    end
  end

-  @spec check_event_access(Event.t()) :: boolean()
-  defp check_event_access(%Event{local: true}), do: true
-
-  defp check_event_access(%Event{url: url}) do
-    relay_actor_id = Config.relay_actor_id()
-    Events.check_if_event_has_instance_follow(url, relay_actor_id)
-  end
-
  @doc """
  List participants for event (through an event request)
  """