added userID check

lovelgeorge99 · lovelgeorge99 · commit 4642eba48380 · 2025-04-03T10:23:25.000-04:00
diff --git a/src/poll/poll.controller.ts b/src/poll/poll.controller.ts
@@ -49,8 +49,9 @@ export class PollController {
 
   @Delete(':id')
   async deletePoll(@Param('id') id: number, @Res() res: Response) {
+    const userId = 1; // need to implement Auth
     try {
-      const poll = await this.pollService.deletePoll(Number(id));
+      const poll = await this.pollService.deletePoll(userId, Number(id));
 
       return res.status(200).json({ message: 'Poll deleted', poll: poll });
     } catch (error) {
diff --git a/src/poll/poll.service.ts b/src/poll/poll.service.ts
@@ -135,13 +135,17 @@ export class PollService {
     }
   }
 
-  async deletePoll(pollId: number) {
+  async deletePoll(userId: number, pollId: number) {
     const poll = await this.databaseService.poll.findUnique({
       where: { pollId },
     });
+
     if (!poll) {
       throw new Error('Poll not found');
     }
+    if (poll.authorUserId !== userId) {
+      throw new Error('User Not Authorized');
+    }
 
     return this.databaseService.$transaction(async (tx) => {
       const deleted = await tx.poll.delete({

Original file line number	Diff line number	Diff line change
`@@ -135,13 +135,17 @@ export class PollService {`
`135`	`135`	`}`
`136`	`136`	`}`
`137`	`137`
`138`		`- async deletePoll(pollId: number) {`
	`138`	`+ async deletePoll(userId: number, pollId: number) {`
`139`	`139`	`const poll = await this.databaseService.poll.findUnique({`
`140`	`140`	`where: { pollId },`
`141`	`141`	`});`
	`142`	`+`
`142`	`143`	`if (!poll) {`
`143`	`144`	`throw new Error('Poll not found');`
`144`	`145`	`}`
	`146`	`+ if (poll.authorUserId !== userId) {`
	`147`	`+ throw new Error('User Not Authorized');`
	`148`	`+ }`
`145`	`149`
`146`	`150`	`return this.databaseService.$transaction(async (tx) => {`
`147`	`151`	`const deleted = await tx.poll.delete({`