docs: activity log — backend v2.8.77 (seller delivery 403 / uuid-ObjectId seam)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1307,4 +1307,18 @@ delivered/confirming → 5, seller_paid/completed → 6. Removed the unreliable
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
### 2026-06-04 — backend v2.8.77 — seller can't ship: delivery 403 (uuid↔ObjectId seam)
|
||||||
|
|
||||||
|
The selected seller got HTTP 403 on PUT /marketplace/purchase-requests/:id/delivery
|
||||||
|
(«تأیید ارسال کالا») for a paid shop request. The auth compared the seller's
|
||||||
|
session id (legacy ObjectId e0527…) against the selected offer's sellerId, which a
|
||||||
|
TEMPLATE-created offer stores as a PG uuid (669c0dac…) → never equal → 403. Added a
|
||||||
|
`sameUser(a,b)` helper that resolves both ids via the user repo (accepts either
|
||||||
|
format) and compares every id form (_id/id/pgId/legacyObjectId). Applied to
|
||||||
|
updateDeliveryInfo, verifyDeliveryCode, and the delivery-code-status buyer/seller
|
||||||
|
gate. (Buyer step labels already matched the web — no change.)
|
||||||
|
**Verification:** backend tsc clean.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
<!-- Add new entries above this line. Newest at top. -->
|
<!-- Add new entries above this line. Newest at top. -->
|
||||||
|
|||||||
Reference in New Issue
Block a user