From d8fa51d958c5d3374d31523c0875bd96bf75fcb2 Mon Sep 17 00:00:00 2001 From: Hrithik Sampson Date: Thu, 8 Aug 2024 14:13:54 +0530 Subject: [PATCH] feat: Dont allow owner of project to donate to his/her own project --- src/resolvers/donationResolver.test.ts | 75 ++++++++++++++++++++++++++ src/resolvers/donationResolver.ts | 4 ++ 2 files changed, 79 insertions(+) diff --git a/src/resolvers/donationResolver.test.ts b/src/resolvers/donationResolver.test.ts index 15faa2d43..8880e86c3 100644 --- a/src/resolvers/donationResolver.test.ts +++ b/src/resolvers/donationResolver.test.ts @@ -901,6 +901,81 @@ function donationsTestCases() { } function createDonationTestCases() { + it('should not create a donation if user donates to his/her own project', async () => { + const firstUser = await User.findOne({ + where: { id: SEED_DATA.FIRST_USER.id }, + }); + const project = await saveProjectDirectlyToDb( + createProjectData(), + firstUser!, + ); + const accessToken = await generateTestAccessToken(firstUser!.id); + const saveDonationResponse = await axios.post( + graphqlUrl, + { + query: createDonationMutation, + variables: { + projectId: project.id, + transactionNetworkId: NETWORK_IDS.XDAI, + transactionId: generateRandomEvmTxHash(), + nonce: 1, + amount: 10, + token: 'GIV', + }, + }, + { + headers: { + Authorization: `Bearer ${accessToken}`, + }, + }, + ); + assert.equal( + saveDonationResponse.data.errors[0].message, + "Donor can't donate to his/her own project.", + ); + }); + + it('should create a donation successfully if user creates a donation but is not the project creator', async () => { + const firstUser = await User.findOne({ + where: { id: SEED_DATA.FIRST_USER.id }, + }); + const secondUser = await User.findOne({ + where: { id: SEED_DATA.SECOND_USER.id }, + }); + const project = await saveProjectDirectlyToDb( + createProjectData(), + secondUser!, + ); + const accessToken = await generateTestAccessToken(firstUser!.id); + const saveDonationResponse = await axios.post( + graphqlUrl, + { + query: createDonationMutation, + variables: { + projectId: project.id, + transactionNetworkId: NETWORK_IDS.XDAI, + transactionId: generateRandomEvmTxHash(), + nonce: 1, + amount: 10, + token: 'GIV', + }, + }, + { + headers: { + Authorization: `Bearer ${accessToken}`, + }, + }, + ); + assert.isOk(saveDonationResponse.data.data.createDonation); + const donation = await Donation.findOne({ + where: { + id: saveDonationResponse.data.data.createDonation, + }, + }); + assert.isNotNull(donation); + assert.equal(donation?.projectId, project.id); + }); + it('do not save referrer wallet if user refers himself', async () => { const project = await saveProjectDirectlyToDb(createProjectData()); const referrerId = generateRandomString(); diff --git a/src/resolvers/donationResolver.ts b/src/resolvers/donationResolver.ts index 18b9b28dd..8afe83113 100644 --- a/src/resolvers/donationResolver.ts +++ b/src/resolvers/donationResolver.ts @@ -781,6 +781,10 @@ export class DonationResolver { ), ); } + const ownProject = project.adminUserId === donorUser.id; + if (ownProject) { + throw new Error("Donor can't donate to his/her own project."); + } const tokenInDb = await Token.findOne({ where: { networkId,