Description

Context

Right now there's no server-side check preventing a user from bidding on a task they posted. Add a guard.

Acceptance criteria

  • [ ] POST /api/bids returns 400 if bidder_id == task.author_id
  • [ ] UI hides the bid button on own tasks
  • [ ] Existing self-bids are not removed (data integrity), but counted/flagged in admin view

Technical hints

  • apps/task-exchange/src/api/bids.ts
  • Use a single SQL guard, not a separate fetch — INSERT ... WHERE bidder_id != (SELECT author_id FROM tasks WHERE id = ?) + check rowcount

--- *Submit a merge request that says Closes #<this issue iid> in the description. On merge to main, the GitLab webhook will auto-award your bounty + the standard merge_pr (40 pts) to your scoreboard account. Email on commit must match your Authentik email.*

Relevant files

No relevant files linked yet.

Hints

No hints yet.

Activity

  • +50 sp earned S bounty Jun 12

Comments

No comments yet. Be the first to weigh in.

↑ Top