From 1ae5f0395c69b0b9694479464ab785735a913056 Mon Sep 17 00:00:00 2001
From: James C-D <51571627+jamescd18@users.noreply.github.com>
Date: Wed, 15 Jun 2022 10:36:01 -0400
Subject: [PATCH] #650 - add back-end check to prevent reviewing your own cr

---
 src/backend/functions/change-requests-review.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/backend/functions/change-requests-review.ts b/src/backend/functions/change-requests-review.ts
index 221138e7..68addb1e 100644
--- a/src/backend/functions/change-requests-review.ts
+++ b/src/backend/functions/change-requests-review.ts
@@ -33,9 +33,12 @@ export const reviewChangeRequest: Handler<FromSchema<typeof inputSchema>> = asyn
   if (reviewer.role === Role.GUEST || reviewer.role === Role.MEMBER) return buildNoAuthResponse();
 
   // ensure existence of change request
-  const foundCR = prisma.change_Request.findUnique({ where: { crId } });
+  const foundCR = await prisma.change_Request.findUnique({ where: { crId } });
   if (!foundCR) return buildNotFoundResponse('change request', `#${crId}`);
 
+  // verify that the user is not reviewing their own change request
+  if (reviewerId === foundCR.submitterId) return buildNoAuthResponse();
+
   // update change request
   const update = await prisma.change_Request.update({
     where: { crId },