krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 14:47:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

prevent buying market gear if class doesn't match (#10818)

Browse Source 
* prevent buying market gear if class doesn't match

* add test
This commit is contained in:
negue
2018-11-12 21:32:54 +01:00
committed by Matteo Pagliazzi
parent be95cd967a
commit eca7382545
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
test/api/v3/integration/user/buy/POST-user_buy_gear.test.js
View File

@@ -53,4 +53,15 @@ describe('POST /user/buy-gear/:key', () => {
message: 'You need to purchase a lower level gear before this one.', message: 'You need to purchase a lower level gear before this one.',
}); });
}); });
it('returns an error if tries to buy gear from a different class', async () => {
let key = 'armor_rogue_1';
return expect(user.post(`/user/buy-gear/${key}`))
.to.eventually.be.rejected.and.eql({
code: 401,
error: 'NotAuthorized',
message: 'You can\'t buy this item.',
});
});
}); });

9
website/common/script/ops/buy/buyMarketGear.js
View File

@@ -24,6 +24,15 @@ export class BuyMarketGearOperation extends AbstractGoldItemOperation {
return false; return false;
} }
canUserPurchase (user, item) {
super.canUserPurchase(user, item);
// check for different class gear
if (item.klass !== 'special' && item.klass !== user.stats.class) {
throw new NotAuthorized(this.i18n('cannotBuyItem'));
}
}
extractAndValidateParams (user, req) { extractAndValidateParams (user, req) {
let key = this.key = get(req, 'params.key'); let key = this.key = get(req, 'params.key');
if (!key) throw new BadRequest(errorMessage('missingKeyParam')); if (!key) throw new BadRequest(errorMessage('missingKeyParam'));