thowitz-work/tremor-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added correct auth to log and log-bulk api routes

Browse Source
This commit is contained in:
Tim Howitz 2025-06-06 18:08:52 +01:00
parent 01b312a14b
commit 4728e6ff05
4 changed files with 40 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/app/api/warehouse/log-bulk/route.ts
View File

@ -12,6 +12,25 @@ export async function POST(request: NextRequest) {
const { user } = authResult;
if (user.role !== "ADMIN" && user.role !== "SCIENTIST") {
return NextResponse.json({ error: "Not authorized" }, { status: 401 });
}
if (user.role === "SCIENTIST") {
const scientist = await prisma.scientist.findUnique({
where: {
userId: user.id,
},
include: {
subordinates: true,
},
});
if (!scientist || scientist.level !== "SENIOR") {
return NextResponse.json({ message: "Not authorised" }, { status: 401 });
}
}
if (!palletNote || !warehouseLocation) {
return NextResponse.json({ error: "Missing fields" }, { status: 400 });
}

24
src/app/api/warehouse/log/route.ts
View File

@ -10,7 +10,6 @@ export async function POST(request: NextRequest) {
const name = formData.get("name") as string;
const type = formData.get("type") as string;
const description = formData.get("description") as string;
const location = formData.get("location") as string;
const earthquakeCode = formData.get("earthquakeCode") as string;
const warehouseLocation = formData.get("warehouseLocation") as string;
const image = formData.get("image") as File | null;
@ -20,10 +19,29 @@ export async function POST(request: NextRequest) {
const { user } = authResult;
if (!name || !type || !description || !location || !earthquakeCode || !warehouseLocation) {
if (!name || !type || !description || !earthquakeCode || !warehouseLocation) {
return NextResponse.json({ error: "Missing fields" }, { status: 400 });
}
if (user.role !== "ADMIN" && user.role !== "SCIENTIST") {
return NextResponse.json({ error: "Not authorized" }, { status: 401 });
}
if (user.role === "SCIENTIST") {
const scientist = await prisma.scientist.findUnique({
where: {
userId: user.id,
},
include: {
subordinates: true,
},
});
if (!scientist || scientist.level !== "SENIOR") {
return NextResponse.json({ message: "Not authorised" }, { status: 401 });
}
}
const linkedEarthquake = await prisma.earthquake.findUnique({ where: { code: earthquakeCode } });
if (!linkedEarthquake) {
@ -35,7 +53,7 @@ export async function POST(request: NextRequest) {
const buffer = Buffer.from(await image.arrayBuffer());
const extension = image.type === "image/jpeg" ? "jpg" : "png";
imageName = `${name}-${new Date().toLocaleDateString("en-GB")}.${extension}`;
const imagePath = join(process.cwd(), "public", "uploads", imageName);
const imagePath = join(process.cwd(), "public", imageName);
await writeFile(imagePath, buffer);
}

1
src/components/AuthModal.tsx
View File

@ -10,7 +10,6 @@ interface AuthModalProps {
}
export default function AuthModal({ isOpen, onClose }: AuthModalProps) {
// todo add login successful message
const [isLogin, setIsLogin] = useState<boolean>(true);
const modalRef = useRef<HTMLDivElement>(null);
const [isFailed, setIsFailed] = useState<boolean>(false);

2
src/components/EarthquakeSearchModal.tsx
View File

@ -23,8 +23,6 @@ const COLUMNS = [
{ label: "Date", key: "date" },
];
// todo modify slightly
export default function EarthquakeSearchModal({
open,
onClose,