refactor: return an error when current user id does not match user id…

… for the order Signed-off-by: austin047 <fuhaustin@gmail.com>
loopbackio · Apr 10, 2019 · b26c70e · b26c70e
2 parents 765ddb8 + 91805dd
commit b26c70e
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/src/controllers/user-order.controller.ts b/src/controllers/user-order.controller.ts
@@ -3,8 +3,8 @@
 // This file is licensed under the MIT License.
 // License text available at https://opensource.org/licenses/MIT
 
-import {repository, Filter, Where, Count} from '@loopback/repository';
-import {UserRepository} from '../repositories';
+import { repository, Filter, Where, Count } from '@loopback/repository';
+import { UserRepository } from '../repositories';
 import {
   post,
   get,
@@ -14,15 +14,15 @@ import {
   requestBody,
   HttpErrors,
 } from '@loopback/rest';
-import {Order} from '../models';
-import {authenticate, UserProfile} from '@loopback/authentication';
-import {inject} from '@loopback/core';
+import { Order } from '../models';
+import { authenticate, UserProfile } from '@loopback/authentication';
+import { inject } from '@loopback/core';
 
 /**
  * Controller for User's Orders
  */
 export class UserOrderController {
-  constructor(@repository(UserRepository) protected userRepo: UserRepository) {}
+  constructor(@repository(UserRepository) protected userRepo: UserRepository) { }
 
   /**
    * Create or update the orders for a given user
@@ -33,7 +33,7 @@ export class UserOrderController {
     responses: {
       '200': {
         description: 'User.Order model instance',
-        content: {'application/json': {'x-ts-type': Order}},
+        content: { 'application/json': { 'x-ts-type': Order } },
       },
     },
   })
@@ -45,8 +45,8 @@ export class UserOrderController {
   ): Promise<Order> {
     if (currentUser.id !== order.userId) {
       throw new HttpErrors.BadRequest(
-        `User id does not match looged in user: ${userId} !== ${
-          currentUser.id
+        `User id does not match looged in user: ${currentUser.id} !== ${
+        order.userId
         }`,
       );
     }
@@ -66,7 +66,7 @@ export class UserOrderController {
         description: "Array of User's Orders",
         content: {
           'application/json': {
-            schema: {type: 'array', items: {'x-ts-type': Order}},
+            schema: { type: 'array', items: { 'x-ts-type': Order } },
           },
         },
       },
@@ -78,7 +78,7 @@ export class UserOrderController {
   ): Promise<Order[]> {
     const orders = await this.userRepo
       .orders(userId)
-      .find(filter, {strictObjectIDCoercion: true});
+      .find(filter, { strictObjectIDCoercion: true });
     return orders;
   }
 
@@ -106,7 +106,7 @@ export class UserOrderController {
   ): Promise<Count> {
     return await this.userRepo
       .orders(userId)
-      .patch(order, where, {strictObjectIDCoercion: true});
+      .patch(order, where, { strictObjectIDCoercion: true });
   }
 
   @del('/users/{userId}/orders', {
@@ -132,6 +132,6 @@ export class UserOrderController {
   ): Promise<Count> {
     return await this.userRepo
       .orders(userId)
-      .delete(where, {strictObjectIDCoercion: true});
+      .delete(where, { strictObjectIDCoercion: true });
   }
 }