From 26e3c0d753dbafdb6dd4bce27beac4d417bac3f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20B=C3=BChl?= <matthias.buehl@sap.com>
Date: Mon, 27 Jan 2020 15:29:43 +0100
Subject: [PATCH] check autthorization in cat service

---
 packages/bookshop/srv/cat-service.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/bookshop/srv/cat-service.js b/packages/bookshop/srv/cat-service.js
index bd04c51e..97c8f514 100644
--- a/packages/bookshop/srv/cat-service.js
+++ b/packages/bookshop/srv/cat-service.js
@@ -4,6 +4,7 @@ const { Books } = cds.entities
 /** Service implementation for CatalogService */
 module.exports = cds.service.impl(function() {
   this.after ('READ', 'Books', each => each.stock > 111 && _addDiscount2(each,11))
+  this.before ('CREATE', 'Orders', _checkOrderCreateAuth)
   this.before ('CREATE', 'Orders', _reduceStock)
 })
 
@@ -24,3 +25,7 @@ async function _reduceStock (req) {
     )
   }))
 }
+/** Check authorization  */
+function _checkOrderCreateAuth (req) {
+  req.user.country === req.data.country || req.reject(403)
+}
\ No newline at end of file