Skip to content

Commit

Permalink
Avoid reviewing non purchased product(s) (#1114)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hishamco
hishamco authored Dec 21, 2024
1 parent e42ceaa commit 28c3c85
Showing 1 changed file with 17 additions and 1 deletion.
18 changes: 17 additions & 1 deletion src/Modules/SimplCommerce.Module.Reviews/Areas/Reviews/Controllers/ReviewController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using SimplCommerce.Infrastructure.Data;
using SimplCommerce.Module.Core.Extensions;
using SimplCommerce.Module.Orders.Models;
using SimplCommerce.Module.Reviews.Areas.Reviews.ViewModels;
using SimplCommerce.Module.Reviews.Data;
using SimplCommerce.Module.Reviews.Models;
Expand All @@ -16,11 +18,16 @@ public class ReviewController : Controller
private const int DefaultPageSize = 25;

private readonly IReviewRepository _reviewRepository;
private readonly IRepository<Order> _orderRepository;
private readonly IWorkContext _workContext;

public ReviewController(IReviewRepository reviewRepository, IWorkContext workContext)
public ReviewController(
IReviewRepository reviewRepository,
IRepository<Order> orderRepository,
IWorkContext workContext)
{
_reviewRepository = reviewRepository;
_orderRepository = orderRepository;
_workContext = workContext;
}

Expand All @@ -31,6 +38,14 @@ public async Task<IActionResult> AddReview(ReviewForm model)
{
var user = await _workContext.GetCurrentUser();
model.ReviewerName = user.FullName; // Otherwise ReviewerName is null

if (!await _orderRepository.Query().AnyAsync(o => o.CustomerId == user.Id && o.OrderItems.Any(i => i.ProductId == model.EntityId)))
{
ModelState.AddModelError("*", "You can only review products you have purchased.");

return PartialView("_ReviewForm", model);
}

var review = new Review
{
Rating = model.Rating,
Expand All @@ -47,6 +62,7 @@ public async Task<IActionResult> AddReview(ReviewForm model)

return PartialView("_ReviewFormSuccess", model);
}

return PartialView("_ReviewForm", model);
}

Expand Down

0 comments on commit 28c3c85

Please sign in to comment.