submissions: allow submitter special permission to comment on their posts

Previously only map council could comment.

pkg/service/audit_events.go

@@ -25,15 +25,24 @@ func (svc *Service) CreateMapfixAuditComment(ctx context.Context, req api.Create
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapfixReview
-	}
 
 	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
 
+	if !has_role {
+		// Submitter has special permission to comment on their mapfix
+		mapfix, err := svc.DB.Submissions().Get(ctx, params.MapfixID)
+		if err != nil {
+			return err
+		}
+
+		if mapfix.Submitter != userId {
+			return ErrPermissionDeniedNeedRoleMapfixReview
+		}
+	}
+
 	data := []byte{}
 	_, err = req.Read(data)
 	if err != nil {
@@ -146,15 +155,24 @@ func (svc *Service) CreateSubmissionAuditComment(ctx context.Context, req api.Cr
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDeniedNeedRoleSubmissionReview
-	}
 
 	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
 
+	if !has_role {
+		// Submitter has special permission to comment on their submission
+		submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+		if err != nil {
+			return err
+		}
+
+		if submission.Submitter != userId {
+			return ErrPermissionDeniedNeedRoleSubmissionReview
+		}
+	}
+
 	data := []byte{}
 	_, err = req.Read(data)
 	if err != nil {