Merge branch 'fixes' into 'master'

Fixes

See merge request framasoft/mobilizon!580

js/src/components/Comment/CommentTree.vue

@@ -2,7 +2,7 @@
   <div>
     <form
       class="new-comment"
-      v-if="currentActor.id && event.options.commentModeration !== CommentModeration.CLOSED"
+      v-if="isAbleToComment"
       @submit.prevent="createCommentForEvent(newComment)"
       @keyup.ctrl.enter="createCommentForEvent(newComment)"
     >
@@ -22,11 +22,7 @@
         </div>
       </article>
     </form>
-    <b-notification
+    <b-notification v-else :closable="false">{{ $t("Comments have been closed.") }}</b-notification>
-      v-else-if="event.options.commentModeration === CommentModeration.CLOSED"
-      :closable="false"
-      >{{ $t("Comments have been closed.") }}</b-notification
-    >
     <transition name="comment-empty-list" mode="out-in">
       <transition-group name="comment-list" v-if="comments.length" class="comment-list" tag="ul">
         <comment
@@ -51,7 +47,6 @@
 import { Prop, Vue, Component, Watch } from "vue-property-decorator";
 import Comment from "@/components/Comment/Comment.vue";
 import IdentityPickerWrapper from "@/views/Account/IdentityPickerWrapper.vue";
-import { SnackbarProgrammatic as Snackbar } from "buefy";
 import { CommentModel, IComment } from "../../types/comment.model";
 import {
   CREATE_COMMENT_FROM_EVENT,
@@ -190,8 +185,11 @@ export default class CommentTree extends Vue {
 
       // and reset the new comment field
       this.newComment = new CommentModel();
-    } catch (e) {
+    } catch (error) {
-      Snackbar.open({ message: e.message, type: "is-danger", position: "is-bottom" });
+      console.error(error);
+      if (error.graphQLErrors && error.graphQLErrors.length > 0) {
+        this.$notifier.error(error.graphQLErrors[0].message);
+      }
     }
   }
 
@@ -260,8 +258,11 @@ export default class CommentTree extends Vue {
         },
       });
       // this.comments = this.comments.filter(commentItem => commentItem.id !== comment.id);
-    } catch (e) {
+    } catch (error) {
-      Snackbar.open({ message: e.message, type: "is-danger", position: "is-bottom" });
+      console.error(error);
+      if (error.graphQLErrors && error.graphQLErrors.length > 0) {
+        this.$notifier.error(error.graphQLErrors[0].message);
+      }
     }
   }
 
@@ -279,6 +280,18 @@ export default class CommentTree extends Vue {
   get filteredOrderedComments(): IComment[] {
     return this.orderedComments.filter((comment) => !comment.deletedAt || comment.totalReplies > 0);
   }
+
+  get isAbleToComment(): boolean {
+    if (this.currentActor.id) {
+      if (
+        this.event.options.commentModeration !== CommentModeration.CLOSED ||
+        (this.event.organizerActor && this.currentActor.id === this.event.organizerActor.id)
+      ) {
+        return true;
+      }
+    }
+    return false;
+  }
 }
 </script>
 

js/src/i18n/en_US.json

@@ -20,7 +20,6 @@
   "Admin": "Admin",
   "Administration": "Administration",
   "All the places have already been taken": "All the places have been taken|One place is still available|{places} places are still available",
-  "Allow all comments": "Allow all comments",
   "Allow registrations": "Allow registrations",
   "Anonymous participant": "Anonymous participant",
   "Anonymous participants will be asked to confirm their participation through e-mail.": "Anonymous participants will be asked to confirm their participation through e-mail.",
@@ -785,5 +784,6 @@
   "Accessible only to members": "Accessible only to members",
   "Created by {name}": "Created by {name}",
   "View all posts": "View all posts",
-  "Didn't receive the instructions?": "Didn't receive the instructions?"
+  "Didn't receive the instructions?": "Didn't receive the instructions?",
+  "Allow all comments from users with accounts": "Allow all comments from logged-in users"
 }

js/src/i18n/fr_FR.json

@@ -823,5 +823,6 @@
   "{number} posts": "Aucun billet|Un billet|{number} billets",
   "{profile} (by default)": "{profile} (par défault)",
   "{title} ({count} todos)": "{title} ({count} todos)",
-  "© The OpenStreetMap Contributors": "© Les Contributeur⋅ices OpenStreetMap"
+  "© The OpenStreetMap Contributors": "© Les Contributeur⋅ices OpenStreetMap",
+  "Allow all comments from users with accounts": "Autoriser tous les commentaires d'utilisateur·ices avec des comptes"
 }

js/src/views/Event/Edit.vue

@@ -169,7 +169,7 @@
             v-model="event.options.commentModeration"
             name="commentModeration"
             :native-value="CommentModeration.ALLOW_ALL"
-            >{{ $t("Allow all comments") }}</b-radio
+            >{{ $t("Allow all comments from users with accounts") }}</b-radio
           >
         </div>
 

lib/graphql/resolvers/comment.ex

@@ -3,9 +3,10 @@ defmodule Mobilizon.GraphQL.Resolvers.Comment do
   Handles the comment-related GraphQL calls.
   """
 
-  alias Mobilizon.{Actors, Admin, Discussions}
+  alias Mobilizon.{Actors, Admin, Discussions, Events}
   alias Mobilizon.Actors.Actor
   alias Mobilizon.Discussions.Comment, as: CommentModel
+  alias Mobilizon.Events.{Event, EventOptions}
   alias Mobilizon.Users
   alias Mobilizon.Users.User
   import Mobilizon.Web.Gettext
@@ -20,7 +21,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Comment do
 
   def create_comment(
         _parent,
-        %{actor_id: actor_id} = args,
+        %{actor_id: actor_id, event_id: event_id} = args,
         %{
           context: %{
             current_user: %User{} = user
@@ -28,10 +29,23 @@ defmodule Mobilizon.GraphQL.Resolvers.Comment do
         }
       ) do
     with {:is_owned, %Actor{} = _organizer_actor} <- User.owns_actor(user, actor_id),
+         {:find_event,
+          {:ok,
+           %Event{
+             options: %EventOptions{comment_moderation: comment_moderation},
+             organizer_actor_id: organizer_actor_id
+           }}} <-
+           {:find_event, Events.get_event(event_id)},
+         {actor_id, ""} <- Integer.parse(actor_id),
+         {:allowed, true} <-
+           {:allowed, comment_moderation != :closed || actor_id == organizer_actor_id},
          {:ok, _, %CommentModel{} = comment} <-
            Comments.create_comment(args) do
       {:ok, comment}
     else
+      {:allowed, false} ->
+        {:error, :unauthorized}
+
       {:is_owned, nil} ->
         {:error, dgettext("errors", "Profile is not owned by authenticated user")}
     end

lib/graphql/schema/discussions/comment.ex

@@ -66,7 +66,7 @@ defmodule Mobilizon.GraphQL.Schema.Discussions.CommentType do
     @desc "Create a comment"
     field :create_comment, type: :comment do
       arg(:text, non_null(:string))
-      arg(:event_id, :id)
+      arg(:event_id, non_null(:id))
       arg(:in_reply_to_comment_id, :id)
       arg(:actor_id, non_null(:id))
 

test/graphql/resolvers/comment_test.exs

@@ -3,9 +3,11 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
 
   import Mobilizon.Factory
 
+  alias Mobilizon.Events
+  alias Mobilizon.Events.{Event, EventOptions}
   alias Mobilizon.GraphQL.AbsintheHelpers
 
-  @comment %{text: "I love this event"}
+  @comment_text "I love this event"
 
   setup %{conn: conn} do
     user = insert(:user)
@@ -16,75 +18,104 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
   end
 
   describe "Comment Resolver" do
+    @create_comment_mutation """
+    mutation CreateComment($text: String!, $actorId: ID, $eventId: ID, $inReplyToCommentId: ID) {
+      createComment(text: $text, actorId: $actorId, eventId: $eventId, inReplyToCommentId: $inReplyToCommentId) {
+        id,
+        text,
+        uuid,
+        inReplyToComment {
+          id,
+          text
+        }
+      }
+    }
+    """
+
     test "create_comment/3 creates a comment", %{
       conn: conn,
       actor: actor,
       user: user,
       event: event
     } do
-      mutation = """
-          mutation {
-              createComment(
-                  text: "#{@comment.text}",
-                  actor_id: "#{actor.id}",
-                  event_id: "#{event.id}"
-              ) {
-                text,
-                uuid
-              }
-            }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> AbsintheHelpers.graphql_query(query: mutation, variables: %{})
+        |> AbsintheHelpers.graphql_query(
+          query: @create_comment_mutation,
+          variables: %{text: @comment_text, actorId: actor.id, eventId: event.id}
+        )
 
-      assert res["data"]["createComment"]["text"] == @comment.text
+      assert res["data"]["createComment"]["text"] == @comment_text
     end
 
-    test "create_comment/3 checks that user owns actor", %{conn: conn, user: user} do
+    test "create_comment/3 checks that user owns actor", %{conn: conn, user: user, event: event} do
       actor = insert(:actor)
 
-      mutation = """
-          mutation {
-              createComment(
-                  text: "#{@comment.text}",
-                  actor_id: "#{actor.id}"
-              ) {
-                text,
-                uuid
-              }
-            }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> AbsintheHelpers.graphql_query(query: mutation, variables: %{})
+        |> AbsintheHelpers.graphql_query(
+          query: @create_comment_mutation,
+          variables: %{text: @comment_text, actorId: actor.id, eventId: event.id}
+        )
 
       assert hd(res["errors"])["message"] ==
                "Profile is not owned by authenticated user"
     end
 
-    test "create_comment/3 requires that the user needs to be authenticated", %{conn: conn} do
+    test "create_comment/3 doesn't allow creating events if it's disabled", %{
-      actor = insert(:actor)
+      conn: conn,
-
+      actor: actor,
-      mutation = """
+      user: user,
-          mutation {
+      event: event
-              createComment(
+    } do
-                  text: "#{@comment.text}",
+      {:ok, %Event{options: %EventOptions{comment_moderation: :closed}}} =
-                  actor_id: "#{actor.id}"
+        Events.update_event(event, %{options: %{comment_moderation: :closed}})
-              ) {
-                text,
-                uuid
-              }
-            }
-      """
 
       res =
         conn
-        |> AbsintheHelpers.graphql_query(query: mutation, variables: %{})
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @create_comment_mutation,
+          variables: %{text: @comment_text, actorId: actor.id, eventId: event.id}
+        )
+
+      assert hd(res["errors"])["message"] ==
+               "You don't have permission to do this"
+    end
+
+    test "create_comment/3 allows creating events if it's disabled but we're the organizer", %{
+      conn: conn,
+      actor: actor,
+      user: user
+    } do
+      event = insert(:event, organizer_actor: actor, options: %{comment_moderation: :closed})
+
+      res =
+        conn
+        |> auth_conn(user)
+        |> AbsintheHelpers.graphql_query(
+          query: @create_comment_mutation,
+          variables: %{text: @comment_text, actorId: actor.id, eventId: event.id}
+        )
+
+      assert is_nil(res["errors"])
+      assert res["data"]["createComment"]["text"] == @comment_text
+    end
+
+    test "create_comment/3 requires that the user needs to be authenticated", %{
+      conn: conn,
+      event: event
+    } do
+      actor = insert(:actor)
+
+      res =
+        conn
+        |> AbsintheHelpers.graphql_query(
+          query: @create_comment_mutation,
+          variables: %{text: @comment_text, actorId: actor.id, eventId: event.id}
+        )
 
       assert hd(res["errors"])["message"] ==
                "You are not allowed to create a comment if not connected"
@@ -98,35 +129,24 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
     } do
       comment = insert(:comment)
 
-      mutation = """
-          mutation {
-              createComment(
-                  text: "#{@comment.text}",
-                  actor_id: "#{actor.id}",
-                  event_id: "#{event.id}",
-                  in_reply_to_comment_id: "#{comment.id}"
-              ) {
-                id,
-                text,
-                uuid,
-                in_reply_to_comment {
-                  id,
-                  text
-                }
-              }
-            }
-      """
-
       res =
         conn
         |> auth_conn(user)
-        |> AbsintheHelpers.graphql_query(query: mutation, variables: %{})
+        |> AbsintheHelpers.graphql_query(
+          query: @create_comment_mutation,
+          variables: %{
+            text: @comment_text,
+            actorId: actor.id,
+            eventId: event.id,
+            inReplyToCommentId: comment.id
+          }
+        )
 
-      assert res["errors"] == nil
+      assert is_nil(res["errors"])
-      assert res["data"]["createComment"]["text"] == @comment.text
+      assert res["data"]["createComment"]["text"] == @comment_text
       uuid = res["data"]["createComment"]["uuid"]
 
-      assert res["data"]["createComment"]["in_reply_to_comment"]["id"] ==
+      assert res["data"]["createComment"]["inReplyToComment"]["id"] ==
                to_string(comment.id)
 
       query = """
@@ -144,7 +164,7 @@ defmodule Mobilizon.GraphQL.Resolvers.CommentTest do
         |> AbsintheHelpers.graphql_query(query: query, variables: %{})
 
       assert res["errors"] == nil
-      assert res["data"]["thread"] == [%{"uuid" => uuid, "text" => @comment.text}]
+      assert res["data"]["thread"] == [%{"uuid" => uuid, "text" => @comment_text}]
     end
 
     @delete_comment """