#1448: added helper function for validating user rank to make things more consise

Bennyzhu1 · Bennyzhu1 · commit d4ef90946618 · 2023-11-23T16:04:37.000-05:00
diff --git a/src/backend/src/services/reimbursement-requests.services.ts b/src/backend/src/services/reimbursement-requests.services.ts
@@ -21,6 +21,7 @@ import {
 } from 'shared';
 import prisma from '../prisma/prisma';
 import {
+  isUserAdminOrOnFinance,
   removeDeletedReceiptPictures,
   updateReimbursementProducts,
   validateReimbursementProducts,
@@ -702,12 +703,7 @@ export default class ReimbursementRequestService {
    * @returns the updated vendor
    */
   static async editVendors(name: string, vendorId: string, submitter: User) {
-    if (!isAdmin(submitter.role)) {
-      await validateUserIsPartOfFinanceTeam(submitter);
-
-      if (!isHead(submitter.role))
-        throw new AccessDeniedAdminOnlyException('only Admins and Finance Heads can edit vendors');
-    }
+    await isUserAdminOrOnFinance(submitter);
 
     const vendorUniqueName = await prisma.vendor.findUnique({
       where: { name }
diff --git a/src/backend/src/utils/reimbursement-requests.utils.ts b/src/backend/src/utils/reimbursement-requests.utils.ts
@@ -3,7 +3,7 @@
  * See the LICENSE file in the repository root folder for details.
  */
 
-import { ReimbursementProductCreateArgs, ReimbursementReceiptCreateArgs, WbsNumber, wbsPipe } from 'shared';
+import { ReimbursementProductCreateArgs, ReimbursementReceiptCreateArgs, WbsNumber, isAdmin, wbsPipe } from 'shared';
 import prisma from '../prisma/prisma';
 import { AccessDeniedException, DeletedException, HttpException, NotFoundException } from './errors.utils';
 import { Prisma, Receipt, Reimbursement_Product, Team, User } from '@prisma/client';
@@ -233,3 +233,13 @@ export const isAuthUserHeadOfFinance = (user: Prisma.UserGetPayload<typeof authU
 const isTeamIdInList = (teamId: string, teamsList: Team[]) => {
   return teamsList.map((team) => team.teamId).includes(teamId);
 };
+
+export const isUserAdminOrOnFinance = async (submitter: User) => {
+  try {
+    await validateUserIsPartOfFinanceTeam(submitter);
+  } catch (error) {
+    if (!isAdmin(submitter.role)) {
+      throw new AccessDeniedException('Only Admins, Finance Team Leads, or Heads can edit vendors');
+    }
+  }
+};
diff --git a/src/backend/tests/reimbursement-requests.test.ts b/src/backend/tests/reimbursement-requests.test.ts
@@ -631,7 +631,7 @@ describe('Reimbursement Requests', () => {
     test('Throws error if user isnt an admin or lead/head of the finance', async () => {
       await expect(
         ReimbursementRequestService.editVendors('I Love Benny', GiveMeMyMoney.vendorId, wonderwoman)
-      ).rejects.toThrow(new AccessDeniedException('You are not a member of the finance team!'));
+      ).rejects.toThrow(new AccessDeniedException('Only Admins, Finance Team Leads, or Heads can edit vendors'));
     });
 
     test('Throws error if the vendor name already exists', async () => {
