Fix profiles not administrators able to edit a group

Related to #385

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/graphql/resolvers/group.ex

@@ -145,11 +145,11 @@ defmodule Mobilizon.GraphQL.Resolvers.Group do
   end
 
   @doc """
-  Create a new group. The creator is automatically added as admin
+  Update a group. The creator is automatically added as admin
   """
   def update_group(
         _parent,
-        args,
+        %{id: group_id} = args,
         %{
           context: %{
             current_user: %User{} = user
@@ -157,6 +157,8 @@ defmodule Mobilizon.GraphQL.Resolvers.Group do
         }
       ) do
     with %Actor{} = updater_actor <- Users.get_actor_for_user(user),
+         {:administrator, true} <-
+           {:administrator, Actors.is_administrator?(updater_actor.id, group_id)},
          args <- Map.put(args, :updater_actor, updater_actor),
          args <- save_attached_pictures(args),
          {:ok, _activity, %Actor{type: :Group} = group} <-
@@ -166,8 +168,8 @@ defmodule Mobilizon.GraphQL.Resolvers.Group do
       {:error, err} when is_binary(err) ->
         {:error, err}
 
-      {:is_owned, nil} ->
-        {:error, dgettext("errors", "Creator profile is not owned by the current user")}
+      {:administrator, false} ->
+        {:error, dgettext("errors", "Profile is not administrator for the group")}
     end
   end
 

lib/mobilizon/actors/actors.ex

@@ -704,6 +704,22 @@ defmodule Mobilizon.Actors do
     )
   end
 
+  @spec is_moderator?(integer | String.t(), integer | String.t()) :: boolean()
+  def is_moderator?(actor_id, parent_id) do
+    match?(
+      {:ok, %Member{}},
+      get_member(actor_id, parent_id, @moderator_roles)
+    )
+  end
+
+  @spec is_administrator?(integer | String.t(), integer | String.t()) :: boolean()
+  def is_administrator?(actor_id, parent_id) do
+    match?(
+      {:ok, %Member{}},
+      get_member(actor_id, parent_id, @administrator_roles)
+    )
+  end
+
   @doc """
   Gets a single member of an actor (for example a group).
   """