🔧 refactor(plan): update imports to use .js extensions and secure delete route with admin auth

prisma/schema/profile.schema.prisma

@@ -2,7 +2,6 @@ model Profile {
     id        String  @id @default(uuid())
     accountId String  @unique
     account   Account @relation(fields: [accountId], references: [id], onDelete: Cascade)
-
     shopName        String
     shopLogo        String?
     contactNumber   String?
@@ -11,3 +10,5 @@ model Profile {
     shopCategory    String?
 
 }
+
+

src/app/modules/order/order.service.ts

@@ -161,6 +161,10 @@ const update_order_into_db = async (req: Request) => {
 const delete_order_from_db = async (req: Request) => {
   // define your own login here
   const { id } = req.params as { id: string };
+  const user = req.user;
+  if (user?.role !== "ADMIN") {
+    throw new AppError("You are not authorized to perform this action", 403);
+  }
   const result = await prisma.order.delete({ where: { id } });
   return result;
 };

src/app/modules/order/order.swagger.ts

@@ -3,7 +3,11 @@ export const orderSwaggerDocs = {
     post: {
       tags: ["order"],
       summary: "Create  new order",
-      description: "",
+      description: ` INITIATED
+    CONFIRMED
+    ONGOING
+    DELIVERED
+    CANCELLED`,
       requestBody: {
         required: true,
         content: {
@@ -116,7 +120,7 @@ export const orderSwaggerDocs = {
     },
     patch: {
       tags: ["order"],
-      summary: "Update order",
+      summary: "Update order -(Admin route)",
       description: "",
       parameters: [
         {

src/app/modules/plan/plan.route.ts

@@ -1,5 +1,5 @@
-
 import { Router } from "express";
+import auth from "../../middlewares/auth.js";
 import RequestValidator from "../../middlewares/request_validator.js";
 import { plan_controller } from "./plan.controller.js";
 import { plan_validations } from "./plan.validation.js";
@@ -10,15 +10,16 @@ router.get("/", plan_controller.get_all_plan);
 router.post(
   "/",
   RequestValidator(plan_validations.create_plan),
+  auth("ADMIN"),
   plan_controller.create_plan,
 );
 router.get("/:id", plan_controller.get_single_plan);
 router.patch(
   "/:id",
   RequestValidator(plan_validations.update_plan),
+  auth("ADMIN"),
   plan_controller.update_plan,
 );
-router.delete("/:id", plan_controller.delete_plan);
+router.delete("/:id", auth("ADMIN"), plan_controller.delete_plan);
 
 export default router;
-    

src/app/modules/plan/plan.service.ts

@@ -22,7 +22,7 @@ const get_single_plan_from_db = async (req: Request) => {
 
 const create_plan_into_db = async (req: Request) => {
   // define your own login here
-  const user = req.user
+  const user = req?.user
   if (user?.role !== "ADMIN") {
     throw new AppError("You don’t have permission to create plan information.!!!", 401)
   }

src/app/modules/profile/profile.service.ts

@@ -7,6 +7,7 @@ const update_profile_into_db = async (req: Request) => {
   const user = req?.user as JwtPayloadType;
   const payload = req?.body;
   const file = req?.file;
+  console.log(payload);
   // check file and upload to cloud
   if (file) {
     const cloudRes = await uploadCloud(file);