From 5bc0593ed6e772d48722c308ccb444dc49f3c079 Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Mon, 8 Jan 2024 17:32:56 +0100
Subject: [PATCH] fix(graphql): fix checking actor identity when publishing
 event announcements

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/graphql/resolvers/participant.ex | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/lib/graphql/resolvers/participant.ex b/lib/graphql/resolvers/participant.ex
index fb8803b71..2aa5ab7cf 100644
--- a/lib/graphql/resolvers/participant.ex
+++ b/lib/graphql/resolvers/participant.ex
@@ -381,10 +381,15 @@ defmodule Mobilizon.GraphQL.Resolvers.Participant do
         visibility: :private
       })
 
-    with {:member, true} <-
+    with {:ok,
+          %Event{organizer_actor_id: organizer_actor_id, attributed_to_id: attributed_to_id} =
+            _event} <- Mobilizon.Events.get_event(event_id),
+         {:member, true} <-
            {:member,
-            to_string(current_actor_id) == to_string(actor_id) or
-              Actors.member?(current_actor_id, actor_id)},
+            (to_string(current_actor_id) == to_string(organizer_actor_id) and
+               to_string(current_actor_id) == to_string(actor_id)) or
+              (!is_nil(attributed_to_id) and Actors.member?(current_actor_id, attributed_to_id) and
+                 to_string(attributed_to_id) == to_string(actor_id))},
          {:ok, _activity, %Conversation{} = conversation} <- Comments.create_conversation(args) do
       {:ok, conversation_to_view(conversation, Actors.get_actor(actor_id))}
     else