Merge branch 'fix-accessing-user-with-moderator-rights' into 'main'

include user role in moderator role

Closes #1291

See merge request framasoft/mobilizon!1389
This commit is contained in:
Thomas Citharel 2023-05-23 16:06:41 +00:00
commit 0b3d7d5b3c
2 changed files with 30 additions and 1 deletions

View file

@ -31,13 +31,14 @@ defmodule Mobilizon.GraphQL.Authorization do
@impl true @impl true
def role_authorized?(_user_role, :all), do: true def role_authorized?(_user_role, :all), do: true
def role_authorized?(role, _allowed_role) when is_super_role(role), do: true def role_authorized?(role, _allowed_role) when is_super_role(role), do: true
def role_authorized?(:moderator, :user), do: true
def role_authorized?(user_role, allowed_role) when is_atom(user_role) and is_atom(allowed_role), def role_authorized?(user_role, allowed_role) when is_atom(user_role) and is_atom(allowed_role),
do: user_role === allowed_role do: user_role === allowed_role
def role_authorized?(user_role, allowed_roles) def role_authorized?(user_role, allowed_roles)
when is_atom(user_role) and is_list(allowed_roles), when is_atom(user_role) and is_list(allowed_roles),
do: user_role in allowed_roles do: user_role in allowed_roles or (user_role === :moderator and :user in allowed_roles)
@impl true @impl true
def get_user_role(%ApplicationToken{user: %{role: role}}), do: role def get_user_role(%ApplicationToken{user: %{role: role}}), do: role

View file

@ -200,6 +200,34 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
assert res["data"]["loggedUser"]["id"] == to_string(user.id) assert res["data"]["loggedUser"]["id"] == to_string(user.id)
end end
test "get_current_user/3 returns the current logged-in user with moderator role", %{
conn: conn
} do
user = insert(:user, role: :moderator)
res =
conn
|> AbsintheHelpers.graphql_query(
query: @logged_user_query,
variables: %{}
)
assert res["data"]["loggedUser"] == nil
assert hd(res["errors"])["message"] ==
"You need to be logged in"
res =
conn
|> auth_conn(user)
|> AbsintheHelpers.graphql_query(
query: @logged_user_query,
variables: %{}
)
assert res["data"]["loggedUser"]["id"] == to_string(user.id)
end
end end
describe "Resolver: List users" do describe "Resolver: List users" do