Gitead/DentalManagementMHAprilgg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: restrict patient deletion to admin users only

Browse Source
This commit is contained in:
ff
2026-04-10 14:29:06 -04:00
parent b9edd6a5e6
commit 84991a0538
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/Backend/src/routes/patients.ts
View File

@@ -322,19 +322,19 @@ router.delete(
const patientId = parseInt(patientIdParam);
// Check if patient exists and belongs to user
// Only admin users can delete patients
if (req.user!.username !== "admin") {
return res.status(403).json({
message: "Forbidden: Only admin users can delete patients.",
});
}
// Check if patient exists
const existingPatient = await storage.getPatient(patientId);
if (!existingPatient) {
return res.status(404).json({ message: "Patient not found" });
}
if (existingPatient.userId !== req.user!.id) {
return res.status(403).json({
message:
"Forbidden: Patient belongs to a different user, you can't delete this.",
});
}
// Delete patient
await storage.deletePatient(patientId);
res.status(204).send();