find discounts within the same shop when applying?

reactioncommerce / reaction

Mailchimp Open Commerce is an API-first, headless commerce platform built using Node.js, React, GraphQL. Deployed via Docker and Kubernetes.

https://mailchimp.com/developer/open-commerce/

GNU General Public License v3.0

12.34k stars 2.17k forks source link

find discounts within the same shop when applying? #6487

Closed marcneander closed 1 year ago

marcneander commented 3 years ago

Hello!

Just reading through the code so disregard please if this is somehow guarded by other code but it seems to me that you can apply a discount code created in another shop as long as it is in the database.

https://github.com/reactioncommerce/api-plugin-discounts-codes/blob/trunk/src/mutations/applyDiscountCodeToCart.js#L55

Should probably be, no?

const discount = await Discounts.findOne({ code: discountCode, shopId });

marcneander commented 3 years ago

Same with https://github.com/reactioncommerce/api-plugin-discounts-codes/blob/trunk/src/mutations/applyDiscountCodeToCart.js#L42

edit: nvm on this one. Seems to be handled here https://github.com/reactioncommerce/api-plugin-discounts-codes/blob/trunk/src/mutations/applyDiscountCodeToCart.js#L47

brent-hoover commented 1 year ago

Closing as this bug is in the existing discount code implementation which will be deprecated/removed in Release 5