add "only platform admin can create groups" and "only groups can create events" restrictions

lib/graphql/resolvers/config.ex

@@ -134,6 +134,10 @@ defmodule Mobilizon.GraphQL.Resolvers.Config do
         event_creation: Config.instance_event_creation_enabled?(),
         koena_connect: Config.get([:instance, :koena_connect_link], false)
       },
+      restrictions: %{
+        only_admin_can_create_groups: Config.only_admin_can_create_groups?(),
+        only_groups_can_create_events: Config.only_groups_can_create_events?()
+      },
       rules: Config.instance_rules(),
       version: Config.instance_version(),
       federating: Config.instance_federating(),

lib/graphql/resolvers/event.ex

@@ -265,29 +265,33 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
         %{context: %{current_user: user}} = _resolution
       ) do
     # See https://github.com/absinthe-graphql/absinthe/issues/490
-    with {:is_owned, %Actor{} = organizer_actor} <- User.owns_actor(user, organizer_actor_id),
-         args <- Map.put(args, :options, args[:options] || %{}),
-         {:group_check, true} <- {:group_check, is_organizer_group_member?(args)},
-         args_with_organizer <- Map.put(args, :organizer_actor, organizer_actor),
-         {:ok, %Activity{data: %{"object" => %{"type" => "Event"}}}, %Event{} = event} <-
-           API.Events.create_event(args_with_organizer) do
-      {:ok, event}
+    if Config.only_groups_can_create_events?() and Map.get(args, :attributed_to_id) == nil do
+      {:error, "only groups can create events"}
     else
-      {:group_check, false} ->
-        {:error,
-         dgettext(
-           "errors",
-           "Organizer profile doesn't have permission to create an event on behalf of this group"
-         )}
+      with {:is_owned, %Actor{} = organizer_actor} <- User.owns_actor(user, organizer_actor_id),
+           args <- Map.put(args, :options, args[:options] || %{}),
+           {:group_check, true} <- {:group_check, is_organizer_group_member?(args)},
+           args_with_organizer <- Map.put(args, :organizer_actor, organizer_actor),
+           {:ok, %Activity{data: %{"object" => %{"type" => "Event"}}}, %Event{} = event} <-
+             API.Events.create_event(args_with_organizer) do
+        {:ok, event}
+      else
+        {:group_check, false} ->
+          {:error,
+           dgettext(
+             "errors",
+             "Organizer profile doesn't have permission to create an event on behalf of this group"
+           )}
 
-      {:is_owned, nil} ->
-        {:error, dgettext("errors", "Organizer profile is not owned by the user")}
+        {:is_owned, nil} ->
+          {:error, dgettext("errors", "Organizer profile is not owned by the user")}
 
-      {:error, _, %Ecto.Changeset{} = error, _} ->
-        {:error, error}
+        {:error, _, %Ecto.Changeset{} = error, _} ->
+          {:error, error}
 
-      {:error, %Ecto.Changeset{} = error} ->
-        {:error, error}
+        {:error, %Ecto.Changeset{} = error} ->
+          {:error, error}
+      end
     end
   end
 

lib/graphql/resolvers/group.ex

@@ -4,6 +4,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Group do
   """
 
   import Mobilizon.Users.Guards
+  alias Mobilizon.Config
   alias Mobilizon.{Actors, Events}
   alias Mobilizon.Actors.{Actor, Member}
   alias Mobilizon.Federation.ActivityPub.Actions
@@ -137,23 +138,29 @@ defmodule Mobilizon.GraphQL.Resolvers.Group do
         args,
         %{
           context: %{
-            current_actor: %Actor{id: creator_actor_id} = creator_actor
+            current_actor: %Actor{id: creator_actor_id} = creator_actor,
+            current_user: %User{role: role} = _resolution
           }
         }
       ) do
-    with args when is_map(args) <- Map.update(args, :preferred_username, "", &String.downcase/1),
-         args when is_map(args) <- Map.put(args, :creator_actor, creator_actor),
-         args when is_map(args) <- Map.put(args, :creator_actor_id, creator_actor_id),
-         {:picture, args} when is_map(args) <- {:picture, save_attached_pictures(args)},
-         {:ok, _activity, %Actor{type: :Group} = group} <-
-           API.Groups.create_group(args) do
-      {:ok, group}
+    if Config.only_admin_can_create_groups?() and not is_admin(role) do
+      {:error, "only admins can create groups"}
     else
-      {:picture, {:error, :file_too_large}} ->
-        {:error, dgettext("errors", "The provided picture is too heavy")}
+      with args when is_map(args) <-
+             Map.update(args, :preferred_username, "", &String.downcase/1),
+           args when is_map(args) <- Map.put(args, :creator_actor, creator_actor),
+           args when is_map(args) <- Map.put(args, :creator_actor_id, creator_actor_id),
+           {:picture, args} when is_map(args) <- {:picture, save_attached_pictures(args)},
+           {:ok, _activity, %Actor{type: :Group} = group} <-
+             API.Groups.create_group(args) do
+        {:ok, group}
+      else
+        {:picture, {:error, :file_too_large}} ->
+          {:error, dgettext("errors", "The provided picture is too heavy")}
 
-      {:error, err} when is_binary(err) ->
-        {:error, err}
+        {:error, err} when is_binary(err) ->
+          {:error, err}
+      end
     end
   end
 

lib/graphql/schema/config.ex

@@ -37,6 +37,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
 
     field(:timezones, list_of(:string), description: "The instance's available timezones")
     field(:features, :features, description: "The instance's features")
+    field(:restrictions, :restrictions, description: "The instance's restrictions")
     field(:version, :string, description: "The instance's version")
     field(:federating, :boolean, description: "Whether this instance is federation")
 
@@ -275,6 +276,19 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
     field(:koena_connect, :boolean, description: "Activate link to Koena Connect")
   end
 
+  @desc """
+  The instance's restrictions
+  """
+  object :restrictions do
+    field(:only_admin_can_create_groups, :boolean,
+      description: "Whether groups creation is allowed only for admin, not for all users"
+    )
+
+    field(:only_groups_can_create_events, :boolean,
+      description: "Whether events creation is allowed only for groups, not for persons"
+    )
+  end
+
   @desc """
   The instance's auth configuration
   """