1448: added finiance team heads ability to edit vendor names

Bennyzhu1 · Bennyzhu1 · commit 331470b1fc5a · 2023-11-21T23:40:28.000-05:00
diff --git a/src/backend/src/services/reimbursement-requests.services.ts b/src/backend/src/services/reimbursement-requests.services.ts
@@ -702,7 +702,12 @@ export default class ReimbursementRequestService {
    * @returns the updated vendor
    */
   static async editVendors(name: string, vendorId: string, submitter: User) {
-    if (!isHead(submitter.role)) throw new AccessDeniedAdminOnlyException('only Admins and Heads can edit vendors');
+    if (!isAdmin(submitter.role)) {
+      await validateUserIsPartOfFinanceTeam(submitter);
+
+      if (!isHead(submitter.role))
+        throw new AccessDeniedAdminOnlyException('only Admins and Finance Heads can edit vendors');
+    }
 
     const vendorUniqueName = await prisma.vendor.findUnique({
       where: { name }
diff --git a/src/backend/tests/reimbursement-requests.test.ts b/src/backend/tests/reimbursement-requests.test.ts
@@ -23,7 +23,16 @@ import {
   sharedGiveMeMyMoney,
   KFC
 } from './test-data/reimbursement-requests.test-data';
-import { alfred, batman, flash, sharedBatman, superman, wonderwoman, theVisitor } from './test-data/users.test-data';
+import {
+  alfred,
+  batman,
+  flash,
+  sharedBatman,
+  superman,
+  wonderwoman,
+  theVisitor,
+  alfredGuest
+} from './test-data/users.test-data';
 import reimbursementRequestQueryArgs from '../src/prisma-query-args/reimbursement-requests.query-args';
 import { Prisma, Reimbursement_Status_Type } from '@prisma/client';
 import {
@@ -628,10 +637,10 @@ describe('Reimbursement Requests', () => {
   });
 
   describe('Edit Vendor Tests', () => {
-    test('Throws error if user isnt an admin or head', async () => {
+    test('Throws error if user isnt an admin or lead/head of the finance', async () => {
       await expect(
         ReimbursementRequestService.editVendors('I Love Benny', GiveMeMyMoney.vendorId, wonderwoman)
-      ).rejects.toThrow(new AccessDeniedAdminOnlyException('only Admins and Heads can edit vendors'));
+      ).rejects.toThrow(new AccessDeniedException('You are not a member of the finance team!'));
     });
 
     test('Throws error if the vendor name already exists', async () => {
