From fa2d6115341e27ff1c5f1a844d937bcd760cdc0c Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Tue, 3 Jun 2025 17:11:53 -0700
Subject: [PATCH 1/2] submissions: allow submitter special permission to
 comment on their posts Previously only map council could comment.

---
 pkg/service/audit_events.go | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/pkg/service/audit_events.go b/pkg/service/audit_events.go
index 4f28773..df6bd93 100644
--- a/pkg/service/audit_events.go
+++ b/pkg/service/audit_events.go
@@ -25,15 +25,24 @@ func (svc *Service) CreateMapfixAuditComment(ctx context.Context, req api.Create
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDeniedNeedRoleMapfixReview
-	}
 
 	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
 
+	if !has_role {
+		// Submitter has special permission to comment on their mapfix
+		mapfix, err := svc.DB.Submissions().Get(ctx, params.MapfixID)
+		if err != nil {
+			return err
+		}
+
+		if mapfix.Submitter != userId {
+			return ErrPermissionDeniedNeedRoleMapfixReview
+		}
+	}
+
 	data := []byte{}
 	_, err = req.Read(data)
 	if err != nil {
@@ -146,15 +155,24 @@ func (svc *Service) CreateSubmissionAuditComment(ctx context.Context, req api.Cr
 	if err != nil {
 		return err
 	}
-	if !has_role {
-		return ErrPermissionDeniedNeedRoleSubmissionReview
-	}
 
 	userId, err := userInfo.GetUserID()
 	if err != nil {
 		return err
 	}
 
+	if !has_role {
+		// Submitter has special permission to comment on their submission
+		submission, err := svc.DB.Submissions().Get(ctx, params.SubmissionID)
+		if err != nil {
+			return err
+		}
+
+		if submission.Submitter != userId {
+			return ErrPermissionDeniedNeedRoleSubmissionReview
+		}
+	}
+
 	data := []byte{}
 	_, err = req.Read(data)
 	if err != nil {
-- 
2.49.1


From 0ada77421fd9b7133e4e29ded57e48d28abfacc6 Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Tue, 3 Jun 2025 17:17:59 -0700
Subject: [PATCH 2/2] fix bug

---
 pkg/service/audit_events.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/service/audit_events.go b/pkg/service/audit_events.go
index df6bd93..1dfffda 100644
--- a/pkg/service/audit_events.go
+++ b/pkg/service/audit_events.go
@@ -33,7 +33,7 @@ func (svc *Service) CreateMapfixAuditComment(ctx context.Context, req api.Create
 
 	if !has_role {
 		// Submitter has special permission to comment on their mapfix
-		mapfix, err := svc.DB.Submissions().Get(ctx, params.MapfixID)
+		mapfix, err := svc.DB.Mapfixes().Get(ctx, params.MapfixID)
 		if err != nil {
 			return err
 		}
-- 
2.49.1