Gitead/DentalManagementElogin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug(delete) - fixed bug)

Browse Source
This commit is contained in:
Potenz
2025-09-17 02:41:46 +05:30
parent bce2fe7b38
commit 042e170362
5 changed files with 37 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apps/Backend/src/routes/appointments.ts
View File

@@ -357,10 +357,7 @@ router.put(
); );
// Delete an appointment // Delete an appointment
router.delete( router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
"/:id",
async (req: Request, res: Response): Promise<any> => {
try { try {
const appointmentIdParam = req.params.id; const appointmentIdParam = req.params.id;
if (!appointmentIdParam) { if (!appointmentIdParam) {
@@ -375,7 +372,10 @@ router.delete(
} }
if (existingAppointment.userId !== req.user!.id) { if (existingAppointment.userId !== req.user!.id) {
return res.status(403).json({ message: "Forbidden" }); return res.status(403).json({
message:
"Forbidden: Appointment belongs to a different user, you can't delete this.",
});
} }
// Delete appointment // Delete appointment
@@ -384,7 +384,6 @@ router.delete(
} catch (error) { } catch (error) {
res.status(500).json({ message: "Failed to delete appointment" }); res.status(500).json({ message: "Failed to delete appointment" });
} }
} });
);
export default router; export default router;

5
apps/Backend/src/routes/claims.ts
View File

@@ -375,7 +375,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
} }
if (existingClaim.userId !== req.user!.id) { if (existingClaim.userId !== req.user!.id) {
return res.status(403).json({ message: "Forbidden" }); return res.status(403).json({
message:
"Forbidden: Claim belongs to a different user, you can't delete this.",
});
} }
await storage.deleteClaim(claimId); await storage.deleteClaim(claimId);

7
apps/Backend/src/routes/insuranceCreds.ts
View File

@@ -102,9 +102,10 @@ router.delete("/:id", async (req: Request, res: Response): Promise<any> => {
// 2) Ownership check // 2) Ownership check
if (existing.userId !== userId) { if (existing.userId !== userId) {
return res return res.status(403).json({
.status(403) message:
.json({ message: "Forbidden: Not your credential" }); "Forbidden: Credentials belongs to a different user, you can't delete this.",
});
} }
// 3) Delete (storage method enforces userId + id) // 3) Delete (storage method enforces userId + id)

2
apps/Frontend/src/components/payments/payments-recent-table.tsx
View File

@@ -304,7 +304,7 @@ export default function PaymentsRecentTable({
onError: (error) => { onError: (error) => {
toast({ toast({
title: "Error", title: "Error",
description: `Failed to delete payment: ${error.message})`, description: `Failed to delete payment: ${error.message}`,
variant: "destructive", variant: "destructive",
}); });
}, },

2
apps/Frontend/src/lib/queryClient.ts
View File

@@ -4,7 +4,7 @@ const API_BASE_URL = import.meta.env.VITE_API_BASE_URL_BACKEND ?? "";
async function throwIfResNotOk(res: Response) { async function throwIfResNotOk(res: Response) {
if (!res.ok) { if (!res.ok) {
if (res.status === 401 || res.status === 403) { if (res.status === 401) {
localStorage.removeItem("token"); localStorage.removeItem("token");
if (!window.location.pathname.startsWith("/auth")) { if (!window.location.pathname.startsWith("/auth")) {
window.location.href = "/auth"; window.location.href = "/auth";