makearmy/makearmy-app
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

fix to populate results in my-settings

Browse source
This commit is contained in:
makearmy 2025-10-02 22:25:26 -04:00
parent 9c7cfb3aaa
commit 59d2d98a8c
2 changed files with 85 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

48
app/api/my-settings/delete/route.ts Normal file
View file

@ -0,0 +1,48 @@
import { NextResponse } from "next/server";
import { requireBearer } from "@/app/api/_lib/auth";
import { dxGET, directusAdminFetch } from "@/lib/directus";
export const runtime = "nodejs";
/**
* Deletes a settings row by submission_id, but only if the caller owns it.
* Body: { collection: "settings_co2gal" | "settings_co2gan" | "settings_fiber" | "settings_uv", submission_id: string|number }
*/
export async function POST(req: Request) {
try {
const { collection, submission_id } = await req.json();
if (
!collection ||
!["settings_co2gal", "settings_co2gan", "settings_fiber", "settings_uv"].includes(collection) ||
(submission_id === undefined || submission_id === null || String(submission_id) === "")
) {
return NextResponse.json({ error: "Invalid request" }, { status: 400 });
}
// Who is calling?
const bearer = requireBearer(req);
const me = await dxGET<any>("/users/me?fields=id", bearer);
const meId = me?.data?.id ?? me?.id;
if (!meId) return NextResponse.json({ error: "Unable to resolve user" }, { status: 401 });
// Find the item by submission_id using admin token (we cannot read id with user perms)
const q = `/items/${collection}?filter[submission_id][_eq]=${encodeURIComponent(
String(submission_id)
)}&fields=id,owner.id&limit=1`;
const found = await directusAdminFetch<any>(q);
const row = Array.isArray(found?.data) ? found.data[0] : null;
if (!row?.id) return NextResponse.json({ error: "Not found" }, { status: 404 });
const ownerId = row?.owner?.id ?? row?.owner;
if (String(ownerId) !== String(meId)) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
// Delete via admin
await directusAdminFetch(`/items/${collection}/${row.id}`, { method: "DELETE" });
return NextResponse.json({ ok: true });
} catch (e: any) {
return NextResponse.json({ error: e?.message || "Unknown error" }, { status: 500 });
}
}