Gitead/DentalManagement2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

routes fixed - user based fixed done

Browse Source
This commit is contained in:
Potenz
2025-08-28 22:39:54 +05:30
parent 848e4362e5
commit 4c818d511b
4 changed files with 4 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
apps/Backend/src/routes/patients.ts
View File

@@ -150,12 +150,6 @@ router.get(
if (!patient) {
return res.status(404).json({ message: "Patient not found" });
}
// Ensure the patient belongs to the logged-in user
if (patient.userId !== req.user!.id) {
return res.status(403).json({ message: "Forbidden" });
}
res.json(patient);
} catch (error) {
res.status(500).json({ message: "Failed to retrieve patient" });
@@ -220,10 +214,6 @@ router.put(
return res.status(404).json({ message: "Patient not found" });
}
if (existingPatient.userId !== req.user!.id) {
return res.status(403).json({ message: "Forbidden" });
}
// Validate request body
const patientData = updatePatientSchema.parse(req.body);
@@ -282,12 +272,10 @@ router.delete(
}
if (existingPatient.userId !== req.user!.id) {
return res
.status(403)
.json({
message:
"Forbidden: Patient belongs to a different user, you can't delete this.",
});
return res.status(403).json({
message:
"Forbidden: Patient belongs to a different user, you can't delete this.",
});
}
// Delete patient
@@ -320,10 +308,6 @@ router.get(
return res.status(404).json({ message: "Patient not found" });
}
if (patient.userId !== req.user!.id) {
return res.status(403).json({ message: "Forbidden" });
}
const appointments = await storage.getAppointmentsByPatientId(patientId);
res.json(appointments);
} catch (error) {