Merge pull request #44 from Pear-Trading/finn/StopSameOrgPurchase

Stopped Orgs from buying for themselves & added to test
This commit is contained in:
Tom Bloor 2017-09-05 12:20:25 +01:00 committed by GitHub
commit cae2806ad2
2 changed files with 31 additions and 3 deletions

View file

@ -112,7 +112,10 @@ sub post_upload {
if ( $type == 1 ) { if ( $type == 1 ) {
# Validated Organisation # Validated Organisation
my $valid_org_rs = $c->schema->resultset('Organisation')->search({ pending => 0 }); my $valid_org_rs = $c->schema->resultset('Organisation')->search({
pending => 0,
entity_id => { "!=" => $user->entity_id },
});
$validation->required('organisation_id')->number->in_resultset( 'id', $valid_org_rs ); $validation->required('organisation_id')->number->in_resultset( 'id', $valid_org_rs );
return $c->api_validation_error if $validation->has_error; return $c->api_validation_error if $validation->has_error;
@ -121,7 +124,11 @@ sub post_upload {
} elsif ( $type == 2 ) { } elsif ( $type == 2 ) {
# Unvalidated Organisation # Unvalidated Organisation
my $valid_org_rs = $c->schema->resultset('Organisation')->search({ submitted_by_id => $user->id, pending => 1 }); my $valid_org_rs = $c->schema->resultset('Organisation')->search({
submitted_by_id => $user->id,
pending => 1,
entity_id => { "!=" => $user->entity_id },
});
$validation->required('organisation_id')->number->in_resultset( 'id', $valid_org_rs ); $validation->required('organisation_id')->number->in_resultset( 'id', $valid_org_rs );
return $c->api_validation_error if $validation->has_error; return $c->api_validation_error if $validation->has_error;
@ -198,6 +205,8 @@ sub post_search {
my $c = shift; my $c = shift;
my $self = $c; my $self = $c;
my $user = $c->stash->{api_user};
my $validation = $c->validation; my $validation = $c->validation;
$validation->input( $c->stash->{api_json} ); $validation->input( $c->stash->{api_json} );
@ -211,13 +220,17 @@ sub post_search {
my $search_stmt = [ 'LOWER("name") LIKE ?', '%' . lc $search_name . '%' ]; my $search_stmt = [ 'LOWER("name") LIKE ?', '%' . lc $search_name . '%' ];
my $org_rs = $c->schema->resultset('Organisation'); my $org_rs = $c->schema->resultset('Organisation');
my $valid_orgs_rs = $org_rs->search({ pending => 0 })->search( my $valid_orgs_rs = $org_rs->search({
pending => 0,
entity_id => { "!=" => $user->entity_id },
})->search(
\$search_stmt, \$search_stmt,
); );
my $pending_orgs_rs = $org_rs->search({ my $pending_orgs_rs = $org_rs->search({
pending => 1, pending => 1,
submitted_by_id => $c->stash->{api_user}->id, submitted_by_id => $c->stash->{api_user}->id,
entity_id => { "!=" => $user->entity_id },
})->search( })->search(
\$search_stmt, \$search_stmt,
); );

View file

@ -464,4 +464,19 @@ $t->post_ok('/api/upload' => form => $upload )
->json_like('/message', qr/Upload Successful/); ->json_like('/message', qr/Upload Successful/);
is $schema->resultset('Transaction')->count, 6, "6 transaction"; is $schema->resultset('Transaction')->count, 6, "6 transaction";
print "test 31 - organisation buy from same organisation\n";
$json = {
transaction_value => 100000,
transaction_type => 1,
purchase_time => $test_purchase_time,
organisation_id => 2,
session_key => $session_key,
};
$upload = {json => Mojo::JSON::encode_json($json), file => {file => './t/test.jpg'}};
$t->post_ok('/api/upload' => form => $upload )
->status_is(400)
->json_is('/success', Mojo::JSON->false)
->json_like('/message', qr/organisation_id does not exist in the database/);
is $schema->resultset('Transaction')->count, 6, "6 transaction";
done_testing(); done_testing();