From dd174f2446d0f613b9cd86e22d6b20bb6bfacaeb Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 25 Jan 2019 17:06:57 +0100 Subject: [PATCH] Add ability to delete an event --- lib/mobilizon/actors/member.ex | 2 +- lib/mobilizon/actors/user.ex | 4 +-- lib/mobilizon/events/event.ex | 9 ++++++ lib/mobilizon/events/events.ex | 19 ++++++++++++ lib/mobilizon_web/resolvers/event.ex | 28 +++++++++++++++++ lib/mobilizon_web/resolvers/group.ex | 2 +- lib/mobilizon_web/schema.ex | 8 +++++ .../resolvers/event_resolver_test.exs | 30 +++++++++++++++++++ 8 files changed, 98 insertions(+), 4 deletions(-) diff --git a/lib/mobilizon/actors/member.ex b/lib/mobilizon/actors/member.ex index 6534a9688..5d6b85075 100644 --- a/lib/mobilizon/actors/member.ex +++ b/lib/mobilizon/actors/member.ex @@ -36,7 +36,7 @@ defmodule Mobilizon.Actors.Member do end end - def is_administrator(%Member{role: 2} = member) do + def is_administrator(%Member{role: 2}) do {:is_admin, true} end diff --git a/lib/mobilizon/actors/user.ex b/lib/mobilizon/actors/user.ex index aede05314..9fc1c6792 100644 --- a/lib/mobilizon/actors/user.ex +++ b/lib/mobilizon/actors/user.ex @@ -145,12 +145,12 @@ defmodule Mobilizon.Actors.User do {:ok, user} end - def owns_actor(%User{default_actor_id: default_actor_id} = user, %Actor{id: actor_id}) + def owns_actor(%User{default_actor_id: default_actor_id}, %Actor{id: actor_id}) when default_actor_id == actor_id do {:is_owned, true} end - def owns_actor(%User{actors: actors} = user, actor_id) do + def owns_actor(%User{actors: actors}, actor_id) do case Enum.any?(actors, fn a -> a.id == actor_id end) do true -> {:is_owned, true} _ -> {:is_owned, false} diff --git a/lib/mobilizon/events/event.ex b/lib/mobilizon/events/event.ex index 58fa14ac9..c8ce770ad 100644 --- a/lib/mobilizon/events/event.ex +++ b/lib/mobilizon/events/event.ex @@ -82,4 +82,13 @@ defmodule Mobilizon.Events.Event do :uuid ]) end + + def can_event_be_managed_by(%Event{organizer_actor_id: organizer_actor_id}, actor_id) + when organizer_actor_id == actor_id do + {:event_can_be_managed, true} + end + + def can_event_be_managed_by(_event, _actor) do + {:event_can_be_managed, false} + end end diff --git a/lib/mobilizon/events/events.ex b/lib/mobilizon/events/events.ex index a9b0b426d..798eab90c 100644 --- a/lib/mobilizon/events/events.ex +++ b/lib/mobilizon/events/events.ex @@ -103,6 +103,16 @@ defmodule Mobilizon.Events do """ def get_event!(id), do: Repo.get!(Event, id) + @doc """ + Gets a single event. + """ + def get_event(id) do + case Repo.get(Event, id) do + nil -> {:error, :event_not_found} + event -> {:ok, event} + end + end + @doc """ Gets an event by it's URL """ @@ -311,6 +321,15 @@ defmodule Mobilizon.Events do Repo.delete(event) end + @doc """ + Deletes a Event. + + Raises an exception if it fails. + """ + def delete_event!(%Event{} = event) do + Repo.delete!(event) + end + @doc """ Returns an `%Ecto.Changeset{}` for tracking event changes. diff --git a/lib/mobilizon_web/resolvers/event.ex b/lib/mobilizon_web/resolvers/event.ex index 99c6da25a..b11ba3831 100644 --- a/lib/mobilizon_web/resolvers/event.ex +++ b/lib/mobilizon_web/resolvers/event.ex @@ -5,6 +5,7 @@ defmodule MobilizonWeb.Resolvers.Event do alias Mobilizon.Service.ActivityPub alias Mobilizon.Activity alias Mobilizon.Events.Event + alias Mobilizon.Actors.User # We limit the max number of events that can be retrieved @event_max_limit 100 @@ -94,4 +95,31 @@ defmodule MobilizonWeb.Resolvers.Event do def create_event(_parent, _args, _resolution) do {:error, "You need to be logged-in to create events"} end + + @doc """ + Delete an event + """ + def delete_event(_parent, %{event_id: event_id, actor_id: actor_id}, %{ + context: %{current_user: user} + }) do + with {:ok, %Event{} = event} <- Mobilizon.Events.get_event(event_id), + {:is_owned, true} <- User.owns_actor(user, actor_id), + {:event_can_be_managed, true} <- Event.can_event_be_managed_by(event, actor_id), + event <- Mobilizon.Events.delete_event!(event) do + {:ok, %{id: event.id}} + else + {:error, :event_not_found} -> + {:error, "Event not found"} + + {:is_owned, false} -> + {:error, "Actor id is not owned by authenticated user"} + + {:event_can_be_managed, false} -> + {:error, "You cannot delete this event"} + end + end + + def delete_event(_parent, _args, _resolution) do + {:error, "You need to be logged-in to delete an event"} + end end diff --git a/lib/mobilizon_web/resolvers/group.ex b/lib/mobilizon_web/resolvers/group.ex index d5f9ea31e..8a045c590 100644 --- a/lib/mobilizon_web/resolvers/group.ex +++ b/lib/mobilizon_web/resolvers/group.ex @@ -89,7 +89,7 @@ defmodule MobilizonWeb.Resolvers.Group do {:ok, %{id: group.id}} else {:error, :group_not_found} -> - {:error, "Group with preferred username not found"} + {:error, "Group not found"} {:is_owned, false} -> {:error, "Actor id is not owned by authenticated user"} diff --git a/lib/mobilizon_web/schema.ex b/lib/mobilizon_web/schema.ex index ff8f094a3..48edd79da 100644 --- a/lib/mobilizon_web/schema.ex +++ b/lib/mobilizon_web/schema.ex @@ -217,6 +217,14 @@ defmodule MobilizonWeb.Schema do resolve(&Resolvers.Event.create_event/3) end + @desc "Delete an event" + field :delete_event, :deleted_object do + arg(:event_id, non_null(:integer)) + arg(:actor_id, non_null(:integer)) + + resolve(&Resolvers.Event.delete_event/3) + end + @desc "Create a comment" field :create_comment, type: :comment do arg(:text, non_null(:string)) diff --git a/test/mobilizon_web/resolvers/event_resolver_test.exs b/test/mobilizon_web/resolvers/event_resolver_test.exs index d98124444..2659cefb7 100644 --- a/test/mobilizon_web/resolvers/event_resolver_test.exs +++ b/test/mobilizon_web/resolvers/event_resolver_test.exs @@ -306,5 +306,35 @@ defmodule MobilizonWeb.Resolvers.EventResolverTest do assert json_response(res, 200)["errors"] |> hd |> Map.get("message") == "Event with UUID #{event.uuid} not found" end + + test "delete_event/3 deletes an event", %{conn: conn, user: user, actor: actor} do + event = insert(:event, organizer_actor: actor) + + mutation = """ + mutation { + deleteEvent( + actor_id: #{actor.id}, + event_id: #{event.id} + ) { + id + } + } + """ + + res = + conn + |> auth_conn(user) + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert json_response(res, 200)["errors"] == nil + assert json_response(res, 200)["data"]["deleteEvent"]["id"] == event.id + + res = + conn + |> auth_conn(user) + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "not found" + end end end