Gitead/DentalManagementMHAprilgg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: restrict patient deletion to admin users only

Browse Source
This commit is contained in:
ff
2026-04-10 14:29:06 -04:00
parent b9edd6a5e6
commit 84991a0538
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/Backend/src/routes/patients.ts
View File

@@ -322,19 +322,19 @@ router.delete(
const patientId = parseInt(patientIdParam); const patientId = parseInt(patientIdParam);
// Check if patient exists and belongs to user // Only admin users can delete patients
if (req.user!.username !== "admin") {
return res.status(403).json({
message: "Forbidden: Only admin users can delete patients.",
});
}
// Check if patient exists
const existingPatient = await storage.getPatient(patientId); const existingPatient = await storage.getPatient(patientId);
if (!existingPatient) { if (!existingPatient) {
return res.status(404).json({ message: "Patient not found" }); return res.status(404).json({ message: "Patient not found" });
} }
if (existingPatient.userId !== req.user!.id) {
return res.status(403).json({
message:
"Forbidden: Patient belongs to a different user, you can't delete this.",
});
}
// Delete patient // Delete patient
await storage.deletePatient(patientId); await storage.deletePatient(patientId);
res.status(204).send(); res.status(204).send();

5
apps/Frontend/src/components/patients/patient-table.tsx
View File

@@ -89,6 +89,7 @@ export function PatientTable({
}: PatientTableProps) { }: PatientTableProps) {
const { toast } = useToast(); const { toast } = useToast();
const { user } = useAuth(); const { user } = useAuth();
const isAdmin = user?.username === "admin";
const [currentPatient, setCurrentPatient] = useState<Patient | undefined>( const [currentPatient, setCurrentPatient] = useState<Patient | undefined>(
undefined undefined
@@ -1075,13 +1076,13 @@ export function PatientTable({
<TableCell className="text-right"> <TableCell className="text-right">
<div className="flex justify-end"> <div className="flex justify-end">
{allowDelete && ( {allowDelete && isAdmin && (
<Button <Button
onClick={() => { onClick={() => {
handleDeletePatient(patient); handleDeletePatient(patient);
}} }}
className="text-red-600 hover:text-red-900" className="text-red-600 hover:text-red-900"
aria-label="Delete Staff" aria-label="Delete Patient"
variant="ghost" variant="ghost"
size="icon" size="icon"
title="Delete Patient" title="Delete Patient"