Absinthe middleware actor provider

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-10 11:35:32 +02:00
parent ae97339353
commit 55e7696230
29 changed files with 483 additions and 442 deletions
--- a/lib/graphql/resolvers/event.ex
+++ b/lib/graphql/resolvers/event.ex
@@ -3,7 +3,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
  Handles the event-related GraphQL calls.
  """

-  alias Mobilizon.{Actors, Admin, Events, Users}
+  alias Mobilizon.{Actors, Admin, Events}
  alias Mobilizon.Actors.Actor
  alias Mobilizon.Config
  alias Mobilizon.Events.{Event, EventParticipantStats}
@@ -24,11 +24,12 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
  def organizer_for_event(
        %Event{attributed_to_id: attributed_to_id, organizer_actor_id: organizer_actor_id},
        _args,
-        %{context: %{current_user: %User{role: user_role} = user}} = _resolution
+        %{
+          context: %{current_user: %User{role: user_role}, current_actor: %Actor{id: actor_id}}
+        } = _resolution
      )
      when not is_nil(attributed_to_id) do
    with %Actor{id: group_id} <- Actors.get_actor(attributed_to_id),
-         %Actor{id: actor_id} <- Users.get_actor_for_user(user),
         {:member, true} <-
           {:member, Actors.is_member?(actor_id, group_id) or is_moderator(user_role)},
         %Actor{} = actor <- Actors.get_actor(organizer_actor_id) do
@@ -77,10 +78,8 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
  defp find_private_event(
         _parent,
         %{uuid: uuid},
-         %{context: %{current_user: %User{} = user}} = _resolution
+         %{context: %{current_actor: %Actor{} = profile}} = _resolution
       ) do
-    %Actor{} = profile = Users.get_actor_for_user(user)
-
    case Events.get_event_by_uuid_with_preload(uuid) do
      # Event attributed to group
      %Event{attributed_to: %Actor{}} = event ->
@@ -136,12 +135,10 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
  def list_participants_for_event(
        %Event{id: event_id} = event,
        %{page: page, limit: limit, roles: roles},
-        %{context: %{current_user: %User{} = user}} = _resolution
+        %{context: %{current_actor: %Actor{} = actor}} = _resolution
      ) do
-    with %Actor{} = actor <- Users.get_actor_for_user(user),
-         # Check that moderator has right
-         {:event_can_be_managed, true} <-
-           {:event_can_be_managed, can_event_be_updated_by?(event, actor)} do
+    # Check that moderator has right
+    if can_event_be_updated_by?(event, actor) do
      roles =
        case roles do
          nil ->
@@ -160,9 +157,8 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
      participants = Events.list_participants_for_event(event_id, roles, page, limit)
      {:ok, participants}
    else
-      {:event_can_be_managed, _} ->
-        {:error,
-         dgettext("errors", "Provided profile doesn't have moderator permissions on this event")}
+      {:error,
+       dgettext("errors", "Provided profile doesn't have moderator permissions on this event")}
    end
  end

@@ -290,13 +286,12 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
  def update_event(
        _parent,
        %{event_id: event_id} = args,
-        %{context: %{current_user: %User{} = user}} = _resolution
+        %{context: %{current_user: %User{} = user, current_actor: %Actor{} = actor}} = _resolution
      ) do
    # See https://github.com/absinthe-graphql/absinthe/issues/490
    args = Map.put(args, :options, args[:options] || %{})

    with {:ok, %Event{} = event} <- Events.get_event_with_preload(event_id),
-         %Actor{} = actor <- Users.get_actor_for_user(user),
         {:ok, args} <- verify_profile_change(args, event, user, actor),
         {:event_can_be_managed, true} <-
           {:event_can_be_managed, can_event_be_updated_by?(event, actor)},
@@ -335,27 +330,32 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
  def delete_event(
        _parent,
        %{event_id: event_id},
-        %{context: %{current_user: %User{role: role} = user}}
+        %{
+          context: %{
+            current_user: %User{role: role},
+            current_actor: %Actor{id: actor_id} = actor
+          }
+        }
      ) do
-    with {:ok, %Event{local: is_local} = event} <- Events.get_event_with_preload(event_id),
-         %Actor{id: actor_id} = actor <- Users.get_actor_for_user(user) do
-      cond do
-        {:event_can_be_managed, true} ==
-            {:event_can_be_managed, can_event_be_deleted_by?(event, actor)} ->
-          do_delete_event(event, actor)
+    case Events.get_event_with_preload(event_id) do
+      {:ok, %Event{local: is_local} = event} ->
+        cond do
+          {:event_can_be_managed, true} ==
+              {:event_can_be_managed, can_event_be_deleted_by?(event, actor)} ->
+            do_delete_event(event, actor)

-        role in [:moderator, :administrator] ->
-          with {:ok, res} <- do_delete_event(event, actor, !is_local),
-               %Actor{} = actor <- Actors.get_actor(actor_id) do
-            Admin.log_action(actor, "delete", event)
+          role in [:moderator, :administrator] ->
+            with {:ok, res} <- do_delete_event(event, actor, !is_local),
+                 %Actor{} = actor <- Actors.get_actor(actor_id) do
+              Admin.log_action(actor, "delete", event)

-            {:ok, res}
-          end
+              {:ok, res}
+            end
+
+          true ->
+            {:error, dgettext("errors", "You cannot delete this event")}
+        end

-        true ->
-          {:error, dgettext("errors", "You cannot delete this event")}
-      end
-    else
      {:error, :event_not_found} ->
        {:error, dgettext("errors", "Event not found")}
    end