bug(delete) - fixed bug)

2025-09-17 02:41:46 +05:30
parent bce2fe7b38
commit 042e170362
5 changed files with 37 additions and 34 deletions
--- a/apps/Backend/src/routes/appointments.ts
+++ b/apps/Backend/src/routes/appointments.ts
@@ -357,10 +357,7 @@ router.put(
 );

 // Delete an appointment
-router.delete(
-  "/:id",
-
-  async (req: Request, res: Response): Promise<any> => {
+router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
  try {
    const appointmentIdParam = req.params.id;
    if (!appointmentIdParam) {
@@ -375,7 +372,10 @@ router.delete(
    }

    if (existingAppointment.userId !== req.user!.id) {
-        return res.status(403).json({ message: "Forbidden" });
+      return res.status(403).json({
+        message:
+          "Forbidden: Appointment belongs to a different user, you can't delete this.",
+      });
    }

    // Delete appointment
@@ -384,7 +384,6 @@ router.delete(
  } catch (error) {
    res.status(500).json({ message: "Failed to delete appointment" });
  }
-  }
-);
+});

 export default router;
--- a/apps/Backend/src/routes/claims.ts
+++ b/apps/Backend/src/routes/claims.ts
@@ -375,7 +375,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
    }

    if (existingClaim.userId !== req.user!.id) {
-      return res.status(403).json({ message: "Forbidden" });
+      return res.status(403).json({
+        message:
+          "Forbidden: Claim belongs to a different user, you can't delete this.",
+      });
    }

    await storage.deleteClaim(claimId);
--- a/apps/Backend/src/routes/insuranceCreds.ts
+++ b/apps/Backend/src/routes/insuranceCreds.ts
@@ -102,9 +102,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {

    // 2) Ownership check
    if (existing.userId !== userId) {
-      return res
-        .status(403)
-        .json({ message: "Forbidden: Not your credential" });
+      return res.status(403).json({
+        message:
+          "Forbidden: Credentials belongs to a different user, you can't delete this.",
+      });
    }

    // 3) Delete (storage method enforces userId + id)
--- a/apps/Frontend/src/components/payments/payments-recent-table.tsx
+++ b/apps/Frontend/src/components/payments/payments-recent-table.tsx
@@ -304,7 +304,7 @@ export default function PaymentsRecentTable({
    onError: (error) => {
      toast({
        title: "Error",
-        description: `Failed to delete payment: ${error.message})`,
+        description: `Failed to delete payment: ${error.message}`,
        variant: "destructive",
      });
    },
--- a/apps/Frontend/src/lib/queryClient.ts
+++ b/apps/Frontend/src/lib/queryClient.ts
@@ -4,7 +4,7 @@ const API_BASE_URL = import.meta.env.VITE_API_BASE_URL_BACKEND ?? "";

 async function throwIfResNotOk(res: Response) {
  if (!res.ok) {
-    if (res.status === 401 || res.status === 403) {
+    if (res.status === 401) {
      localStorage.removeItem("token");
      if (!window.location.pathname.startsWith("/auth")) {
        window.location.href = "/auth";