Merge branch 'feature/delete-venet' into 'master'

Add ability to delete an event

See merge request framasoft/mobilizon!51
This commit is contained in:
Thomas Citharel 2019-01-26 21:39:55 +01:00
commit 47aa03b1f2
8 changed files with 98 additions and 4 deletions

View File

@ -36,7 +36,7 @@ defmodule Mobilizon.Actors.Member do
end end
end end
def is_administrator(%Member{role: 2} = member) do def is_administrator(%Member{role: 2}) do
{:is_admin, true} {:is_admin, true}
end end

View File

@ -145,12 +145,12 @@ defmodule Mobilizon.Actors.User do
{:ok, user} {:ok, user}
end end
def owns_actor(%User{default_actor_id: default_actor_id} = user, %Actor{id: actor_id}) def owns_actor(%User{default_actor_id: default_actor_id}, %Actor{id: actor_id})
when default_actor_id == actor_id do when default_actor_id == actor_id do
{:is_owned, true} {:is_owned, true}
end end
def owns_actor(%User{actors: actors} = user, actor_id) do def owns_actor(%User{actors: actors}, actor_id) do
case Enum.any?(actors, fn a -> a.id == actor_id end) do case Enum.any?(actors, fn a -> a.id == actor_id end) do
true -> {:is_owned, true} true -> {:is_owned, true}
_ -> {:is_owned, false} _ -> {:is_owned, false}

View File

@ -82,4 +82,13 @@ defmodule Mobilizon.Events.Event do
:uuid :uuid
]) ])
end end
def can_event_be_managed_by(%Event{organizer_actor_id: organizer_actor_id}, actor_id)
when organizer_actor_id == actor_id do
{:event_can_be_managed, true}
end
def can_event_be_managed_by(_event, _actor) do
{:event_can_be_managed, false}
end
end end

View File

@ -103,6 +103,16 @@ defmodule Mobilizon.Events do
""" """
def get_event!(id), do: Repo.get!(Event, id) def get_event!(id), do: Repo.get!(Event, id)
@doc """
Gets a single event.
"""
def get_event(id) do
case Repo.get(Event, id) do
nil -> {:error, :event_not_found}
event -> {:ok, event}
end
end
@doc """ @doc """
Gets an event by it's URL Gets an event by it's URL
""" """
@ -311,6 +321,15 @@ defmodule Mobilizon.Events do
Repo.delete(event) Repo.delete(event)
end end
@doc """
Deletes a Event.
Raises an exception if it fails.
"""
def delete_event!(%Event{} = event) do
Repo.delete!(event)
end
@doc """ @doc """
Returns an `%Ecto.Changeset{}` for tracking event changes. Returns an `%Ecto.Changeset{}` for tracking event changes.

View File

@ -5,6 +5,7 @@ defmodule MobilizonWeb.Resolvers.Event do
alias Mobilizon.Service.ActivityPub alias Mobilizon.Service.ActivityPub
alias Mobilizon.Activity alias Mobilizon.Activity
alias Mobilizon.Events.Event alias Mobilizon.Events.Event
alias Mobilizon.Actors.User
# We limit the max number of events that can be retrieved # We limit the max number of events that can be retrieved
@event_max_limit 100 @event_max_limit 100
@ -94,4 +95,31 @@ defmodule MobilizonWeb.Resolvers.Event do
def create_event(_parent, _args, _resolution) do def create_event(_parent, _args, _resolution) do
{:error, "You need to be logged-in to create events"} {:error, "You need to be logged-in to create events"}
end end
@doc """
Delete an event
"""
def delete_event(_parent, %{event_id: event_id, actor_id: actor_id}, %{
context: %{current_user: user}
}) do
with {:ok, %Event{} = event} <- Mobilizon.Events.get_event(event_id),
{:is_owned, true} <- User.owns_actor(user, actor_id),
{:event_can_be_managed, true} <- Event.can_event_be_managed_by(event, actor_id),
event <- Mobilizon.Events.delete_event!(event) do
{:ok, %{id: event.id}}
else
{:error, :event_not_found} ->
{:error, "Event not found"}
{:is_owned, false} ->
{:error, "Actor id is not owned by authenticated user"}
{:event_can_be_managed, false} ->
{:error, "You cannot delete this event"}
end
end
def delete_event(_parent, _args, _resolution) do
{:error, "You need to be logged-in to delete an event"}
end
end end

View File

@ -89,7 +89,7 @@ defmodule MobilizonWeb.Resolvers.Group do
{:ok, %{id: group.id}} {:ok, %{id: group.id}}
else else
{:error, :group_not_found} -> {:error, :group_not_found} ->
{:error, "Group with preferred username not found"} {:error, "Group not found"}
{:is_owned, false} -> {:is_owned, false} ->
{:error, "Actor id is not owned by authenticated user"} {:error, "Actor id is not owned by authenticated user"}

View File

@ -217,6 +217,14 @@ defmodule MobilizonWeb.Schema do
resolve(&Resolvers.Event.create_event/3) resolve(&Resolvers.Event.create_event/3)
end end
@desc "Delete an event"
field :delete_event, :deleted_object do
arg(:event_id, non_null(:integer))
arg(:actor_id, non_null(:integer))
resolve(&Resolvers.Event.delete_event/3)
end
@desc "Create a comment" @desc "Create a comment"
field :create_comment, type: :comment do field :create_comment, type: :comment do
arg(:text, non_null(:string)) arg(:text, non_null(:string))

View File

@ -306,5 +306,35 @@ defmodule MobilizonWeb.Resolvers.EventResolverTest do
assert json_response(res, 200)["errors"] |> hd |> Map.get("message") == assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
"Event with UUID #{event.uuid} not found" "Event with UUID #{event.uuid} not found"
end end
test "delete_event/3 deletes an event", %{conn: conn, user: user, actor: actor} do
event = insert(:event, organizer_actor: actor)
mutation = """
mutation {
deleteEvent(
actor_id: #{actor.id},
event_id: #{event.id}
) {
id
}
}
"""
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
assert json_response(res, 200)["errors"] == nil
assert json_response(res, 200)["data"]["deleteEvent"]["id"] == event.id
res =
conn
|> auth_conn(user)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
assert hd(json_response(res, 200)["errors"])["message"] =~ "not found"
end
end end
end end