From a463b99fa9fdeebe4dd4e53a06febdf280db6234 Mon Sep 17 00:00:00 2001 From: Finn Date: Tue, 5 Sep 2017 12:03:49 +0100 Subject: [PATCH] Stopped Orgs from buying for themselves & added to test --- lib/Pear/LocalLoop/Controller/Api/Upload.pm | 19 ++++++++++++++++--- t/api/upload.t | 15 +++++++++++++++ 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/lib/Pear/LocalLoop/Controller/Api/Upload.pm b/lib/Pear/LocalLoop/Controller/Api/Upload.pm index 8ebe48b..87a3fba 100644 --- a/lib/Pear/LocalLoop/Controller/Api/Upload.pm +++ b/lib/Pear/LocalLoop/Controller/Api/Upload.pm @@ -112,7 +112,10 @@ sub post_upload { if ( $type == 1 ) { # Validated Organisation - my $valid_org_rs = $c->schema->resultset('Organisation')->search({ pending => 0 }); + my $valid_org_rs = $c->schema->resultset('Organisation')->search({ + pending => 0, + entity_id => { "!=" => $user->entity_id }, + }); $validation->required('organisation_id')->number->in_resultset( 'id', $valid_org_rs ); return $c->api_validation_error if $validation->has_error; @@ -121,7 +124,11 @@ sub post_upload { } elsif ( $type == 2 ) { # Unvalidated Organisation - my $valid_org_rs = $c->schema->resultset('Organisation')->search({ submitted_by_id => $user->id, pending => 1 }); + my $valid_org_rs = $c->schema->resultset('Organisation')->search({ + submitted_by_id => $user->id, + pending => 1, + entity_id => { "!=" => $user->entity_id }, + }); $validation->required('organisation_id')->number->in_resultset( 'id', $valid_org_rs ); return $c->api_validation_error if $validation->has_error; @@ -198,6 +205,8 @@ sub post_search { my $c = shift; my $self = $c; + my $user = $c->stash->{api_user}; + my $validation = $c->validation; $validation->input( $c->stash->{api_json} ); @@ -211,13 +220,17 @@ sub post_search { my $search_stmt = [ 'LOWER("name") LIKE ?', '%' . lc $search_name . '%' ]; my $org_rs = $c->schema->resultset('Organisation'); - my $valid_orgs_rs = $org_rs->search({ pending => 0 })->search( + my $valid_orgs_rs = $org_rs->search({ + pending => 0, + entity_id => { "!=" => $user->entity_id }, + })->search( \$search_stmt, ); my $pending_orgs_rs = $org_rs->search({ pending => 1, submitted_by_id => $c->stash->{api_user}->id, + entity_id => { "!=" => $user->entity_id }, })->search( \$search_stmt, ); diff --git a/t/api/upload.t b/t/api/upload.t index 18f5b52..fb64136 100644 --- a/t/api/upload.t +++ b/t/api/upload.t @@ -464,4 +464,19 @@ $t->post_ok('/api/upload' => form => $upload ) ->json_like('/message', qr/Upload Successful/); is $schema->resultset('Transaction')->count, 6, "6 transaction"; +print "test 31 - organisation buy from same organisation\n"; +$json = { + transaction_value => 100000, + transaction_type => 1, + purchase_time => $test_purchase_time, + organisation_id => 2, + session_key => $session_key, +}; +$upload = {json => Mojo::JSON::encode_json($json), file => {file => './t/test.jpg'}}; +$t->post_ok('/api/upload' => form => $upload ) + ->status_is(400) + ->json_is('/success', Mojo::JSON->false) + ->json_like('/message', qr/organisation_id does not exist in the database/); +is $schema->resultset('Transaction')->count, 6, "6 transaction"; + done_testing();