|
const dataToUpdate = (body && Object.keys(body).length) |
|
? _.merge({}, org.toObject(), body) |
|
: reviewObject.new_review_data |
|
|
|
const requestingUserUUID = await userRepo.getUserUUID(req.ctx.user, req.ctx.org, { session }) |
|
|
|
const reviewObj = await reviewRepo.approveReviewOrgObject(UUID, req.ctx.user, { session }) |
In the
_.merge({}, org.toObject(), body) case, reviewObject.approver is, in effect, bound to the action of approving review data associated with the UUID passed to approveReviewOrgObject. However, the approver did not approve that data (or, in any way, agree that that data was legitimate); instead, they approved the
body data.
cve-services/src/controller/review-object.controller/review-object.controller.js
Lines 92 to 98 in 791d31f
In the
_.merge({}, org.toObject(), body)case, reviewObject.approver is, in effect, bound to the action of approving review data associated with the UUID passed to approveReviewOrgObject. However, the approver did not approve that data (or, in any way, agree that that data was legitimate); instead, they approved thebodydata.