#1448: merged with the develop branch

Author: callmejim1226

src/backend/src/routes/reimbursement-requests.routes.ts

@@ -25,7 +25,7 @@ reimbursementRequestsRouter.get('/reimbursements/current-user', ReimbursementReq
 reimbursementRequestsRouter.get('/reimbursements', ReimbursementRequestController.getAllReimbursements);
 
 reimbursementRequestsRouter.post(
-  '/edit-vendors',
+  '/:vendorId/vendors/edit',
   nonEmptyString(body('name')),
   validateInputs,
   ReimbursementRequestController.editVendor

src/backend/src/services/reimbursement-requests.services.ts

@@ -22,6 +22,7 @@ import {
 } from 'shared';
 import prisma from '../prisma/prisma';
 import {
+  isUserAdminOrOnFinance,
   createReimbursementProducts,
   isUserLeadOrHeadOfFinanceTeam,
   removeDeletedReceiptPictures,
@@ -771,21 +772,19 @@ export default class ReimbursementRequestService {
   /**
    * Edits the vendor name
    *
-   * @param name name to change of the vendor
-   * @param vendorId id of the vedor used to edit the name
-   * @param submitter the user who is downloading the receipt image
-   * @returns new vendor with a edited name
+   * @param name the new vendor name
+   * @param vendorId the requested vendor to be edited
+   * @param submitter the user editing the vendor name
+   * @returns the updated vendor
    */
   static async editVendors(name: string, vendorId: string, submitter: User) {
-    if (!isAdmin(submitter.role)) throw new AccessDeniedAdminOnlyException('only Admins can edit vendors');
+    await isUserAdminOrOnFinance(submitter);
 
-    const vendorExists = await prisma.vendor.findUnique({
+    const vendorUniqueName = await prisma.vendor.findUnique({
       where: { name }
     });
 
-    console.log(vendorExists);
-
-    if (!!vendorExists) throw new HttpException(400, 'vendor name already exists');
+    if (!!vendorUniqueName) throw new HttpException(400, 'vendor name already exists');
 
     const vendor = await prisma.vendor.update({
       where: { vendorId },

src/backend/src/utils/reimbursement-requests.utils.ts

@@ -9,6 +9,7 @@ import {
   ReimbursementProductCreateArgs,
   ReimbursementReceiptCreateArgs,
   ValidatedWbsReimbursementProductCreateArgs,
+  isAdmin,
   wbsPipe,
   WbsReimbursementProductCreateArgs
 } from 'shared';
@@ -366,6 +367,16 @@ export const isAuthUserHeadOfFinance = (user: Prisma.UserGetPayload<typeof authU
   return user.teamAsHead?.teamId === process.env.FINANCE_TEAM_ID;
 };
 
+export const isUserAdminOrOnFinance = async (submitter: User) => {
+  try {
+    await validateUserIsPartOfFinanceTeam(submitter);
+  } catch (error) {
+    if (!isAdmin(submitter.role)) {
+      throw new AccessDeniedException('Only Admins, Finance Team Leads, or Heads can edit vendors');
+    }
+  }
+};
+
 const isTeamIdInList = (teamId: string, teamsList: Team[]) => {
   return teamsList.map((team) => team.teamId).includes(teamId);
 };

src/backend/tests/reimbursement-requests.test.ts

@@ -761,13 +761,13 @@ describe('Reimbursement Requests', () => {
   });
 
   describe('Edit Vendor Tests', () => {
-    test('Throws error if user isnt an admin', async () => {
+    test('Throws error if user isnt an admin or lead/head of the finance', async () => {
       await expect(
         ReimbursementRequestService.editVendors('I Love Benny', GiveMeMyMoney.vendorId, wonderwoman)
-      ).rejects.toThrow(new AccessDeniedAdminOnlyException('only Admins can edit vendors'));
+      ).rejects.toThrow(new AccessDeniedException('Only Admins, Finance Team Leads, or Heads can edit vendors'));
     });
 
-    test('Vendor Name already exists', async () => {
+    test('Throws error if the vendor name already exists', async () => {
       vi.spyOn(prisma.vendor, 'findUnique').mockResolvedValue(PopEyes);
       await expect(ReimbursementRequestService.editVendors('CHICKEN', GiveMeMyMoney.vendorId, batman)).rejects.toThrow(
         new HttpException(400, 'vendor name already exists')
@@ -781,6 +781,7 @@ describe('Reimbursement Requests', () => {
       const vendor = await ReimbursementRequestService.editVendors('kfc', PopEyes.vendorId, batman);
 
       expect(vendor.name).toBe('kfc');
+      expect(prisma.vendor.update).toBeCalledTimes(1);
     });
   });
 });