From c4d60194a6900a3f9430355c5fbb346d910e4df6 Mon Sep 17 00:00:00 2001
From: Hugo Renard <hugo.renard@protonmail.com>
Date: Mon, 22 May 2023 19:11:30 +0200
Subject: [PATCH] fix: include user role in moderator role

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/graphql/authorization.ex         |  3 ++-
 test/graphql/resolvers/user_test.exs | 28 ++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/lib/graphql/authorization.ex b/lib/graphql/authorization.ex
index c30675dd9..21f4ad962 100644
--- a/lib/graphql/authorization.ex
+++ b/lib/graphql/authorization.ex
@@ -31,13 +31,14 @@ defmodule Mobilizon.GraphQL.Authorization do
   @impl true
   def role_authorized?(_user_role, :all), do: true
   def role_authorized?(role, _allowed_role) when is_super_role(role), do: true
+  def role_authorized?(:moderator, :user), do: true
 
   def role_authorized?(user_role, allowed_role) when is_atom(user_role) and is_atom(allowed_role),
     do: user_role === allowed_role
 
   def role_authorized?(user_role, allowed_roles)
       when is_atom(user_role) and is_list(allowed_roles),
-      do: user_role in allowed_roles
+      do: user_role in allowed_roles or (user_role === :moderator and :user in allowed_roles)
 
   @impl true
   def get_user_role(%ApplicationToken{user: %{role: role}}), do: role
diff --git a/test/graphql/resolvers/user_test.exs b/test/graphql/resolvers/user_test.exs
index 8ba4ca797..544e6fb5f 100644
--- a/test/graphql/resolvers/user_test.exs
+++ b/test/graphql/resolvers/user_test.exs
@@ -200,6 +200,34 @@ defmodule Mobilizon.GraphQL.Resolvers.UserTest do
 
       assert res["data"]["loggedUser"]["id"] == to_string(user.id)
     end
+
+    test "get_current_user/3 returns the current logged-in user with moderator role", %{
+      conn: conn
+    } do
+      user = insert(:user, role: :moderator)
+
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @logged_user_query,
+          variables: %{}
+        )
+
+      assert res["data"]["loggedUser"] == nil
+
+      assert hd(res["errors"])["message"] ==
+               "You need to be logged in"
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @logged_user_query,
+          variables: %{}
+        )
+
+      assert res["data"]["loggedUser"]["id"] == to_string(user.id)
+    end
   end
 
   describe "Resolver: List users" do