From 3f0ef950c035cefbca13b126b44c8a5194eda071 Mon Sep 17 00:00:00 2001
From: Joslyn Manzi Karenzi <j.karenzi@alustudent.com>
Date: Fri, 26 Jul 2024 14:40:44 +0200
Subject: [PATCH] fix(orders): fix permissions issue on get-all orders (#165)

---
 src/controller/cartController.ts | 2 +-
 src/routes/checkoutRoutes.ts     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/controller/cartController.ts b/src/controller/cartController.ts
index 0022e36..84ecf00 100644
--- a/src/controller/cartController.ts
+++ b/src/controller/cartController.ts
@@ -282,7 +282,7 @@ export const deleteAllOrders = errorHandler(
 
 export const getAllOrders = errorHandler(
   async (req: Request, res: Response) => {
-    const orders = await orderRepository.find({ relations: ['orderDetails'] });
+    const orders = await orderRepository.find({ relations: ['orderDetails','orderDetails.product','orderDetails.product.vendor'] });
     return res.status(200).json({ orders });
   }
 );
diff --git a/src/routes/checkoutRoutes.ts b/src/routes/checkoutRoutes.ts
index 1f53532..5e058b4 100644
--- a/src/routes/checkoutRoutes.ts
+++ b/src/routes/checkoutRoutes.ts
@@ -10,7 +10,7 @@ import {
 } from '../controller/cartController';
 
 const checkoutRoutes = Router();
-checkoutRoutes.use(IsLoggedIn, checkRole(['Buyer', 'Admin']));
+checkoutRoutes.use(IsLoggedIn, checkRole(['Buyer','Vendor', 'Admin']));
 checkoutRoutes.route('/').post(checkout);
 checkoutRoutes.route('/removeall-order').delete(deleteAllOrders);
 checkoutRoutes.route('/getall-order').get(getAllOrders);