Gitead/DentalManagementElogin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug(delete) - fixed bug)

Browse Source
This commit is contained in:
Potenz
2025-09-17 02:41:46 +05:30
parent bce2fe7b38
commit 042e170362
5 changed files with 37 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
apps/Backend/src/routes/appointments.ts
View File

@@ -357,34 +357,33 @@ router.put(
);
// Delete an appointment
router.delete(
"/:id",
async (req: Request, res: Response): Promise<any> => {
try {
const appointmentIdParam = req.params.id;
if (!appointmentIdParam) {
return res.status(400).json({ message: "Appointment ID is required" });
}
const appointmentId = parseInt(appointmentIdParam);
// Check if appointment exists and belongs to user
const existingAppointment = await storage.getAppointment(appointmentId);
if (!existingAppointment) {
return res.status(404).json({ message: "Appointment not found" });
}
if (existingAppointment.userId !== req.user!.id) {
return res.status(403).json({ message: "Forbidden" });
}
// Delete appointment
await storage.deleteAppointment(appointmentId);
res.status(204).send();
} catch (error) {
res.status(500).json({ message: "Failed to delete appointment" });
router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
try {
const appointmentIdParam = req.params.id;
if (!appointmentIdParam) {
return res.status(400).json({ message: "Appointment ID is required" });
}
const appointmentId = parseInt(appointmentIdParam);
// Check if appointment exists and belongs to user
const existingAppointment = await storage.getAppointment(appointmentId);
if (!existingAppointment) {
return res.status(404).json({ message: "Appointment not found" });
}
if (existingAppointment.userId !== req.user!.id) {
return res.status(403).json({
message:
"Forbidden: Appointment belongs to a different user, you can't delete this.",
});
}
// Delete appointment
await storage.deleteAppointment(appointmentId);
res.status(204).send();
} catch (error) {
res.status(500).json({ message: "Failed to delete appointment" });
}
);
});
export default router;

5
apps/Backend/src/routes/claims.ts
View File

@@ -375,7 +375,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
}
if (existingClaim.userId !== req.user!.id) {
return res.status(403).json({ message: "Forbidden" });
return res.status(403).json({
message:
"Forbidden: Claim belongs to a different user, you can't delete this.",
});
}
await storage.deleteClaim(claimId);

7
apps/Backend/src/routes/insuranceCreds.ts
View File

@@ -102,9 +102,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
// 2) Ownership check
if (existing.userId !== userId) {
return res
.status(403)
.json({ message: "Forbidden: Not your credential" });
return res.status(403).json({
message:
"Forbidden: Credentials belongs to a different user, you can't delete this.",
});
}
// 3) Delete (storage method enforces userId + id)

2
apps/Frontend/src/components/payments/payments-recent-table.tsx
View File

@@ -304,7 +304,7 @@ export default function PaymentsRecentTable({
onError: (error) => {
toast({
title: "Error",
description: `Failed to delete payment: ${error.message})`,
description: `Failed to delete payment: ${error.message}`,
variant: "destructive",
});
},

4
apps/Frontend/src/lib/queryClient.ts
View File

@@ -4,7 +4,7 @@ const API_BASE_URL = import.meta.env.VITE_API_BASE_URL_BACKEND ?? "";
async function throwIfResNotOk(res: Response) {
if (!res.ok) {
if (res.status === 401 || res.status === 403) {
if (res.status === 401) {
localStorage.removeItem("token");
if (!window.location.pathname.startsWith("/auth")) {
window.location.href = "/auth";
@@ -87,7 +87,7 @@ export const queryClient = new QueryClient({
queryFn: getQueryFn({ on401: "throw" }),
refetchInterval: false,
refetchOnWindowFocus: false,
refetchOnMount: true,
refetchOnMount: true,
staleTime: 0,
retry: false,
},