Added correct auth to log and log-bulk api routes

2025-06-06 18:08:52 +01:00 · 2025-06-06 18:08:52 +01:00 · 4728e6ff05
commit 4728e6ff05
parent 01b312a14b
4 changed files with 40 additions and 6 deletions
--- a/src/app/api/warehouse/log-bulk/route.ts
+++ b/src/app/api/warehouse/log-bulk/route.ts
@ -12,6 +12,25 @@ export async function POST(request: NextRequest) {
 		const { user } = authResult;
 		if (user.role !== "ADMIN" && user.role !== "SCIENTIST") {
 			return NextResponse.json({ error: "Not authorized" }, { status: 401 });
 		}
 		if (user.role === "SCIENTIST") {
 			const scientist = await prisma.scientist.findUnique({
 				where: {
 					userId: user.id,
 				},
 				include: {
 					subordinates: true,
 				},
 			});
 			if (!scientist || scientist.level !== "SENIOR") {
 				return NextResponse.json({ message: "Not authorised" }, { status: 401 });
 			}
 		}
 		if (!palletNote || !warehouseLocation) {
 			return NextResponse.json({ error: "Missing fields" }, { status: 400 });
 		}
--- a/src/app/api/warehouse/log/route.ts
+++ b/src/app/api/warehouse/log/route.ts
@ -10,7 +10,6 @@ export async function POST(request: NextRequest) {
 		const name = formData.get("name") as string;
 		const type = formData.get("type") as string;
 		const description = formData.get("description") as string;
 		const location = formData.get("location") as string;
 		const earthquakeCode = formData.get("earthquakeCode") as string;
 		const warehouseLocation = formData.get("warehouseLocation") as string;
 		const image = formData.get("image") as File | null;
@ -20,10 +19,29 @@ export async function POST(request: NextRequest) {
 		const { user } = authResult;
-		if (!name || !type || !description || !location || !earthquakeCode || !warehouseLocation) {
+		if (!name || !type || !description || !earthquakeCode || !warehouseLocation) {
 			return NextResponse.json({ error: "Missing fields" }, { status: 400 });
 		}
 		if (user.role !== "ADMIN" && user.role !== "SCIENTIST") {
 			return NextResponse.json({ error: "Not authorized" }, { status: 401 });
 		}
 		if (user.role === "SCIENTIST") {
 			const scientist = await prisma.scientist.findUnique({
 				where: {
 					userId: user.id,
 				},
 				include: {
 					subordinates: true,
 				},
 			});
 			if (!scientist || scientist.level !== "SENIOR") {
 				return NextResponse.json({ message: "Not authorised" }, { status: 401 });
 			}
 		}
 		const linkedEarthquake = await prisma.earthquake.findUnique({ where: { code: earthquakeCode } });
 		if (!linkedEarthquake) {
@ -35,7 +53,7 @@ export async function POST(request: NextRequest) {
 			const buffer = Buffer.from(await image.arrayBuffer());
 			const extension = image.type === "image/jpeg" ? "jpg" : "png";
 			imageName = `${name}-${new Date().toLocaleDateString("en-GB")}.${extension}`;
-			const imagePath = join(process.cwd(), "public", "uploads", imageName);
+			const imagePath = join(process.cwd(), "public", imageName);
 			await writeFile(imagePath, buffer);
 		}
--- a/src/components/AuthModal.tsx
+++ b/src/components/AuthModal.tsx
@ -10,7 +10,6 @@ interface AuthModalProps {
 }
 export default function AuthModal({ isOpen, onClose }: AuthModalProps) {
 	// todo add login successful message
 	const [isLogin, setIsLogin] = useState<boolean>(true);
 	const modalRef = useRef<HTMLDivElement>(null);
 	const [isFailed, setIsFailed] = useState<boolean>(false);
--- a/src/components/EarthquakeSearchModal.tsx
+++ b/src/components/EarthquakeSearchModal.tsx
@ -23,8 +23,6 @@ const COLUMNS = [
 	{ label: "Date", key: "date" },
 ];
 // todo modify slightly
 export default function EarthquakeSearchModal({
 	open,
 	onClose,