bug(delete) - fixed bug)
This commit is contained in:
@@ -357,34 +357,33 @@ router.put(
|
||||
);
|
||||
|
||||
// Delete an appointment
|
||||
router.delete(
|
||||
"/:id",
|
||||
|
||||
async (req: Request, res: Response): Promise<any> => {
|
||||
try {
|
||||
const appointmentIdParam = req.params.id;
|
||||
if (!appointmentIdParam) {
|
||||
return res.status(400).json({ message: "Appointment ID is required" });
|
||||
}
|
||||
const appointmentId = parseInt(appointmentIdParam);
|
||||
|
||||
// Check if appointment exists and belongs to user
|
||||
const existingAppointment = await storage.getAppointment(appointmentId);
|
||||
if (!existingAppointment) {
|
||||
return res.status(404).json({ message: "Appointment not found" });
|
||||
}
|
||||
|
||||
if (existingAppointment.userId !== req.user!.id) {
|
||||
return res.status(403).json({ message: "Forbidden" });
|
||||
}
|
||||
|
||||
// Delete appointment
|
||||
await storage.deleteAppointment(appointmentId);
|
||||
res.status(204).send();
|
||||
} catch (error) {
|
||||
res.status(500).json({ message: "Failed to delete appointment" });
|
||||
router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
|
||||
try {
|
||||
const appointmentIdParam = req.params.id;
|
||||
if (!appointmentIdParam) {
|
||||
return res.status(400).json({ message: "Appointment ID is required" });
|
||||
}
|
||||
const appointmentId = parseInt(appointmentIdParam);
|
||||
|
||||
// Check if appointment exists and belongs to user
|
||||
const existingAppointment = await storage.getAppointment(appointmentId);
|
||||
if (!existingAppointment) {
|
||||
return res.status(404).json({ message: "Appointment not found" });
|
||||
}
|
||||
|
||||
if (existingAppointment.userId !== req.user!.id) {
|
||||
return res.status(403).json({
|
||||
message:
|
||||
"Forbidden: Appointment belongs to a different user, you can't delete this.",
|
||||
});
|
||||
}
|
||||
|
||||
// Delete appointment
|
||||
await storage.deleteAppointment(appointmentId);
|
||||
res.status(204).send();
|
||||
} catch (error) {
|
||||
res.status(500).json({ message: "Failed to delete appointment" });
|
||||
}
|
||||
);
|
||||
});
|
||||
|
||||
export default router;
|
||||
|
||||
@@ -375,7 +375,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
|
||||
}
|
||||
|
||||
if (existingClaim.userId !== req.user!.id) {
|
||||
return res.status(403).json({ message: "Forbidden" });
|
||||
return res.status(403).json({
|
||||
message:
|
||||
"Forbidden: Claim belongs to a different user, you can't delete this.",
|
||||
});
|
||||
}
|
||||
|
||||
await storage.deleteClaim(claimId);
|
||||
|
||||
@@ -102,9 +102,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
|
||||
|
||||
// 2) Ownership check
|
||||
if (existing.userId !== userId) {
|
||||
return res
|
||||
.status(403)
|
||||
.json({ message: "Forbidden: Not your credential" });
|
||||
return res.status(403).json({
|
||||
message:
|
||||
"Forbidden: Credentials belongs to a different user, you can't delete this.",
|
||||
});
|
||||
}
|
||||
|
||||
// 3) Delete (storage method enforces userId + id)
|
||||
|
||||
Reference in New Issue
Block a user