From 04b96bac2fcb90c25611abd856673fcc5b998081 Mon Sep 17 00:00:00 2001
From: elweyn <heine.hannes@gmail.com>
Date: Tue, 6 Sep 2022 10:39:20 +0200
Subject: [PATCH 1/5] Throw error if moderator tries to answer his own
 contribution in adminCreateContributionMessage.

---
 backend/src/graphql/resolver/AdminResolver.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts
index f4656aec8..6ed56e082 100644
--- a/backend/src/graphql/resolver/AdminResolver.ts
+++ b/backend/src/graphql/resolver/AdminResolver.ts
@@ -717,6 +717,9 @@ export class AdminResolver {
       if (!contribution) {
         throw new Error('Contribution not found')
       }
+      if (contribution.userId === user.id) {
+        throw new Error('Can not answer on own contribution')
+      }
       contributionMessage.contributionId = contributionId
       contributionMessage.createdAt = new Date()
       contributionMessage.message = message

From ced14bd752e00adb6635a34893f89cbd383662bf Mon Sep 17 00:00:00 2001
From: elweyn <heine.hannes@gmail.com>
Date: Tue, 6 Sep 2022 10:59:32 +0200
Subject: [PATCH 2/5] Change error message Admin can not answer on own
 contribution.

---
 backend/src/graphql/resolver/AdminResolver.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/graphql/resolver/AdminResolver.ts b/backend/src/graphql/resolver/AdminResolver.ts
index 6ed56e082..65662e8eb 100644
--- a/backend/src/graphql/resolver/AdminResolver.ts
+++ b/backend/src/graphql/resolver/AdminResolver.ts
@@ -718,7 +718,7 @@ export class AdminResolver {
         throw new Error('Contribution not found')
       }
       if (contribution.userId === user.id) {
-        throw new Error('Can not answer on own contribution')
+        throw new Error('Admin can not answer on own contribution')
       }
       contributionMessage.contributionId = contributionId
       contributionMessage.createdAt = new Date()

From aa9d60c78c77d56c23461e45d107a1f7736ef672 Mon Sep 17 00:00:00 2001
From: elweyn <heine.hannes@gmail.com>
Date: Tue, 6 Sep 2022 11:07:23 +0200
Subject: [PATCH 3/5] Add test that admin can not call
 adminCreateContributionMessage on own contribution

---
 .../ContributionMessageResolver.test.ts       | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/backend/src/graphql/resolver/ContributionMessageResolver.test.ts b/backend/src/graphql/resolver/ContributionMessageResolver.test.ts
index 6c617acb4..c0e330750 100644
--- a/backend/src/graphql/resolver/ContributionMessageResolver.test.ts
+++ b/backend/src/graphql/resolver/ContributionMessageResolver.test.ts
@@ -93,6 +93,38 @@ describe('ContributionMessageResolver', () => {
             }),
           )
         })
+
+        it('throws error when contribution.userId equals user.id', async () => {
+          await query({
+            query: login,
+            variables: { email: 'peter@lustig.de', password: 'Aa12345_' },
+          })
+          const result2 = await mutate({
+            mutation: createContribution,
+            variables: {
+              amount: 100.0,
+              memo: 'Test env contribution',
+              creationDate: new Date().toString(),
+            },
+          })
+          await expect(
+            mutate({
+              mutation: adminCreateContributionMessage,
+              variables: {
+                contributionId: result2.data.createContribution.id,
+                message: 'Test',
+              },
+            }),
+          ).resolves.toEqual(
+            expect.objectContaining({
+              errors: [
+                new GraphQLError(
+                  'ContributionMessage was not successful: Error: Admin can not answer on own contribution',
+                ),
+              ],
+            }),
+          )
+        })
       })
 
       describe('valid input', () => {

From dfa97fd855157a14159f72e8be634dce51b4e7ae Mon Sep 17 00:00:00 2001
From: ogerly <fridolin@tutanota.com>
Date: Tue, 6 Sep 2022 11:00:29 +0200
Subject: [PATCH 4/5] moderator cannot answer himself

---
 .../components/Tables/OpenCreationsTable.vue  | 59 +++++++++++--------
 .../graphql/listUnconfirmedContributions.js   |  1 +
 2 files changed, 35 insertions(+), 25 deletions(-)

diff --git a/admin/src/components/Tables/OpenCreationsTable.vue b/admin/src/components/Tables/OpenCreationsTable.vue
index 86c5ecce6..af9947f85 100644
--- a/admin/src/components/Tables/OpenCreationsTable.vue
+++ b/admin/src/components/Tables/OpenCreationsTable.vue
@@ -12,33 +12,42 @@
         </b-button>
       </template>
       <template #cell(editCreation)="row">
-        <b-button
-          v-if="row.item.moderator"
-          variant="info"
-          size="md"
-          @click="rowToggleDetails(row, 0)"
-          class="mr-2"
-        >
-          <b-icon :icon="row.detailsShowing ? 'x' : 'pencil-square'" aria-label="Help"></b-icon>
-        </b-button>
-        <b-button v-else @click="rowToggleDetails(row, 0)">
-          <b-icon icon="chat-dots"></b-icon>
-          <b-icon
-            v-if="row.item.state === 'PENDING' && row.item.messageCount > 0"
-            icon="exclamation-circle-fill"
-            variant="warning"
-          ></b-icon>
-          <b-icon
-            v-if="row.item.state === 'IN_PROGRESS' && row.item.messageCount > 0"
-            icon="question-diamond"
-            variant="light"
-          ></b-icon>
-        </b-button>
+        <div v-if="$store.state.moderator.id !== row.item.userId">
+          <b-button
+            v-if="row.item.moderator"
+            variant="info"
+            size="md"
+            @click="rowToggleDetails(row, 0)"
+            class="mr-2"
+          >
+            <b-icon :icon="row.detailsShowing ? 'x' : 'pencil-square'" aria-label="Help"></b-icon>
+          </b-button>
+          <b-button v-else @click="rowToggleDetails(row, 0)">
+            <b-icon icon="chat-dots"></b-icon>
+            <b-icon
+              v-if="row.item.state === 'PENDING' && row.item.messageCount > 0"
+              icon="exclamation-circle-fill"
+              variant="warning"
+            ></b-icon>
+            <b-icon
+              v-if="row.item.state === 'IN_PROGRESS' && row.item.messageCount > 0"
+              icon="question-diamond"
+              variant="light"
+            ></b-icon>
+          </b-button>
+        </div>
       </template>
       <template #cell(confirm)="row">
-        <b-button variant="success" size="md" @click="$emit('show-overlay', row.item)" class="mr-2">
-          <b-icon icon="check" scale="2" variant=""></b-icon>
-        </b-button>
+        <div v-if="$store.state.moderator.id !== row.item.userId">
+          <b-button
+            variant="success"
+            size="md"
+            @click="$emit('show-overlay', row.item)"
+            class="mr-2"
+          >
+            <b-icon icon="check" scale="2" variant=""></b-icon>
+          </b-button>
+        </div>
       </template>
       <template #row-details="row">
         <row-details
diff --git a/admin/src/graphql/listUnconfirmedContributions.js b/admin/src/graphql/listUnconfirmedContributions.js
index dbaa52d81..1d7f9e21c 100644
--- a/admin/src/graphql/listUnconfirmedContributions.js
+++ b/admin/src/graphql/listUnconfirmedContributions.js
@@ -6,6 +6,7 @@ export const listUnconfirmedContributions = gql`
       id
       firstName
       lastName
+      userId
       email
       amount
       memo

From 3ec2fd8e0d17d111f72d23fdffc8d3a53e0863c0 Mon Sep 17 00:00:00 2001
From: ogerly <fridolin@tutanota.com>
Date: Tue, 6 Sep 2022 11:22:33 +0200
Subject: [PATCH 5/5] fix test

---
 admin/src/pages/CreationConfirm.spec.js | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/admin/src/pages/CreationConfirm.spec.js b/admin/src/pages/CreationConfirm.spec.js
index 352eba809..0ea1aeba2 100644
--- a/admin/src/pages/CreationConfirm.spec.js
+++ b/admin/src/pages/CreationConfirm.spec.js
@@ -14,21 +14,23 @@ const apolloQueryMock = jest.fn().mockResolvedValue({
         id: 1,
         firstName: 'Bibi',
         lastName: 'Bloxberg',
+        userId: 99,
         email: 'bibi@bloxberg.de',
         amount: 500,
         memo: 'Danke für alles',
         date: new Date(),
-        moderator: 2,
+        moderator: 1,
       },
       {
         id: 2,
         firstName: 'Räuber',
         lastName: 'Hotzenplotz',
+        userId: 100,
         email: 'raeuber@hotzenplotz.de',
         amount: 1000000,
         memo: 'Gut Ergattert',
         date: new Date(),
-        moderator: 2,
+        moderator: 1,
       },
     ],
   },
@@ -41,6 +43,15 @@ const mocks = {
   $d: jest.fn((d) => d),
   $store: {
     commit: storeCommitMock,
+    state: {
+      moderator: {
+        firstName: 'Peter',
+        lastName: 'Lustig',
+        isAdmin: '2022-08-30T07:41:31.000Z',
+        id: 263,
+        language: 'de',
+      },
+    },
   },
   $apollo: {
     query: apolloQueryMock,