Merge pull request #1763 from Giveth/fix/issue-743

fix: add createDraftDonation Test Cases to prevent Users from Donatin…

src/resolvers/draftDonationResolver.test.ts

@@ -31,6 +31,7 @@ import {
   DraftRecurringDonation,
 } from '../entities/draftRecurringDonation';
 import { ProjectAddress } from '../entities/projectAddress';
+import { i18n, translationErrorMessagesKeys } from '../utils/errorMessages';
 
 describe('createDraftDonation() test cases', createDraftDonationTestCases);
 describe(
@@ -83,6 +84,46 @@ function createDraftDonationTestCases() {
       toAddress: project.walletAddress,
     };
   });
+  it('should throw an error while creating draft donate to an invalid Project ID', async () => {
+    const saveDonationResponse = await axios.post(
+      graphqlUrl,
+      {
+        query: createDraftDonationMutation,
+        variables: { ...donationData, projectId: 1000000 },
+      },
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+        },
+      },
+    );
+    assert.equal(
+      saveDonationResponse.data.errors[0].message,
+      i18n.__(translationErrorMessagesKeys.PROJECT_NOT_FOUND),
+    );
+  });
+  it('should throw an error while creating draft donating to his/her own project', async () => {
+    const copyProjectSecondUser = await saveProjectDirectlyToDb(
+      createProjectData(),
+      user,
+    );
+    const saveDonationResponse = await axios.post(
+      graphqlUrl,
+      {
+        query: createDraftDonationMutation,
+        variables: { ...donationData, projectId: copyProjectSecondUser.id },
+      },
+      {
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+        },
+      },
+    );
+    assert.equal(
+      saveDonationResponse.data.errors[0].message,
+      "Donor can't create a draft to donate to his/her own project.",
+    );
+  });
   it('create simple draft donation', async () => {
     const saveDonationResponse = await axios.post(
       graphqlUrl,

src/resolvers/draftDonationResolver.ts

@@ -25,6 +25,7 @@ import {
   findRecurringDonationByProjectIdAndUserIdAndCurrency,
 } from '../repositories/recurringDonationRepository';
 import { RecurringDonation } from '../entities/recurringDonation';
+import { findProjectById } from '../repositories/projectRepository';
 
 const draftDonationEnabled = process.env.ENABLE_DRAFT_DONATION === 'true';
 const draftRecurringDonationEnabled =
@@ -84,6 +85,7 @@ export class DraftDonationResolver {
     try {
       const userId = ctx?.req?.user?.userId;
       const donorUser = await findUserById(userId);
+      const project = await findProjectById(projectId);
 
       if (!donorUser && !isQRDonation) {
         throw new Error(i18n.__(translationErrorMessagesKeys.UN_AUTHORIZED));
@@ -95,6 +97,18 @@ export class DraftDonationResolver {
         );
       }
 
+      if (!project)
+        throw new Error(
+          i18n.__(translationErrorMessagesKeys.PROJECT_NOT_FOUND),
+        );
+
+      const ownProject = project.adminUserId === donorUser?.id;
+      if (ownProject) {
+        throw new Error(
+          "Donor can't create a draft to donate to his/her own project.",
+        );
+      }
+
       const chainType = isQRDonation
         ? detectAddressChainType(toAddress)
         : detectAddressChainType(donorUser?.walletAddress ?? '');