summer2026/quicklanch-server
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

🔧 refactor(plan): update imports to use .js extensions and secure delete route with admin auth

Browse Source
This commit is contained in:
abumahid
2026-04-26 19:10:56 +06:00
parent f886c392aa 107b94bc97
commit 2d54031c33
6 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
prisma/schema/profile.schema.prisma
+2 -1
View File
@@ -2,7 +2,6 @@ model Profile {
id String @id @default(uuid())
accountId String @unique
account Account @relation(fields: [accountId], references: [id], onDelete: Cascade)
shopName String
shopLogo String?
contactNumber String?
@@ -11,3 +10,5 @@ model Profile {
shopCategory String?
}
src/app/modules/order/order.service.ts
+4
View File
@@ -161,6 +161,10 @@ const update_order_into_db = async (req: Request) => {
const delete_order_from_db = async (req: Request) => {
// define your own login here
const { id } = req.params as { id: string };
const user = req.user;
if (user?.role !== "ADMIN") {
throw new AppError("You are not authorized to perform this action", 403);
}
const result = await prisma.order.delete({ where: { id } });
return result;
};
src/app/modules/order/order.swagger.ts
+6 -2
View File
@@ -3,7 +3,11 @@ export const orderSwaggerDocs = {
post: {
tags: ["order"],
summary: "Create new order",
description: "",
description: ` INITIATED
CONFIRMED
ONGOING
DELIVERED
CANCELLED`,
requestBody: {
required: true,
content: {
@@ -116,7 +120,7 @@ export const orderSwaggerDocs = {
},
patch: {
tags: ["order"],
summary: "Update order",
summary: "Update order -(Admin route)",
description: "",
parameters: [
{
src/app/modules/plan/plan.route.ts
+5 -4
View File
@@ -1,5 +1,5 @@
import { Router } from "express";
import { Router } from "express";
import auth from "../../middlewares/auth.js";
import RequestValidator from "../../middlewares/request_validator.js";
import { plan_controller } from "./plan.controller.js";
import { plan_validations } from "./plan.validation.js";
@@ -10,15 +10,16 @@ router.get("/", plan_controller.get_all_plan);
router.post(
"/",
RequestValidator(plan_validations.create_plan),
auth("ADMIN"),
plan_controller.create_plan,
);
router.get("/:id", plan_controller.get_single_plan);
router.patch(
"/:id",
RequestValidator(plan_validations.update_plan),
auth("ADMIN"),
plan_controller.update_plan,
);
router.delete("/:id", plan_controller.delete_plan);
router.delete("/:id", auth("ADMIN"), plan_controller.delete_plan);
export default router;
src/app/modules/plan/plan.service.ts
+1 -1
View File
@@ -22,7 +22,7 @@ const get_single_plan_from_db = async (req: Request) => {
const create_plan_into_db = async (req: Request) => {
// define your own login here
const user = req.user
const user = req?.user
if (user?.role !== "ADMIN") {
throw new AppError("You dont have permission to create plan information.!!!", 401)
}
src/app/modules/profile/profile.service.ts
+1
View File
@@ -7,6 +7,7 @@ const update_profile_into_db = async (req: Request) => {
const user = req?.user as JwtPayloadType;
const payload = req?.body;
const file = req?.file;
console.log(payload);
// check file and upload to cloud
if (file) {
const cloudRes = await uploadCloud(file);