From 883e98c3d3d280f5ef3490ea7c0007bbc817604c Mon Sep 17 00:00:00 2001 From: Untone Date: Wed, 1 May 2024 02:42:25 +0300 Subject: [PATCH] get-my-shout-debug --- resolvers/editor.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/resolvers/editor.py b/resolvers/editor.py index cf62f089..c1cf26c6 100644 --- a/resolvers/editor.py +++ b/resolvers/editor.py @@ -21,12 +21,12 @@ from services.search import search_service @query.field("get_my_shout") @login_required async def get_my_shout(_, info, shout_id: int): + user_id = info.context.get("user_id", "") + author_dict = info.context.get("author", {}) + author_id = author_dict.get("id") + if not user_id or not author_id: + return {"error": "unauthorized", "shout": None} with local_session() as session: - user_id = info.context.get("user_id", "") - author_dict = info.context.get("author", {}) - author_id = author_dict.get("id") - if not user_id: - return {"error": "unauthorized", "shout": None} shout = ( session.query(Shout) .filter(Shout.id == shout_id) @@ -41,7 +41,9 @@ async def get_my_shout(_, info, shout_id: int): return {"error": "no author found", "shout": None} roles = info.context.get("roles", []) is_editor = "editor" in roles + logger.debug('viewer is editor') is_author = filter(lambda x: x.id == int(author_id), [x for x in shout.authors]) + logger.debug('viewer is author') can_edit = is_editor or is_author if not can_edit: return {"error": "forbidden", "shout": None}