shad0w/pelagia-portal
1
0
Fork 0
Code Issues 6 Pull requests Projects Releases 2 Packages Wiki Activity Actions

fix(my-orders): correct closed PO filters for manager and submitter

Browse source 
Managers and superusers were silently filtered to only their own
submitted POs because submitterId: userId was applied unconditionally.
Submitters were also shown MGR_APPROVED, SENT_FOR_PAYMENT,
PAID_DELIVERED and REJECTED orders alongside CLOSED ones.

Fix: managers/superusers see all CLOSED POs (no submitterId filter);
submitters see only their own CLOSED POs.

Fixes #6
This commit is contained in:
Claude (auto-fix) 2026-06-19 03:34:21 +05:30
parent b19ab695eb
commit a37ca068c2
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
App/app/(portal)/my-orders/page.tsx
View file

@ -15,11 +15,12 @@ export default async function MyOrdersPage() {
const { role, id: userId } = session.user;
if (!["TECHNICAL", "MANNING", "MANAGER", "SUPERUSER"].includes(role)) redirect("/dashboard");
const isManager = role === "MANAGER" || role === "SUPERUSER";
const closed = await db.purchaseOrder.findMany({
where: {
submitterId: userId,
status: { in: ["MGR_APPROVED", "SENT_FOR_PAYMENT", "PAID_DELIVERED", "CLOSED", "REJECTED"] },
},
where: isManager
? { status: "CLOSED" }
: { submitterId: userId, status: "CLOSED" },
orderBy: { updatedAt: "desc" },
include: {
vessel: { select: { name: true } },