added user check on delete poll

lovelgeorge99 · lovelgeorge99 · commit 83d5f7ebbb43 · 2025-04-08T21:35:43.000-04:00
diff --git a/src/poll/Poll.dto.ts b/src/poll/Poll.dto.ts
@@ -86,3 +86,9 @@ export class GetPollsDto {
   @IsEnum(['asc', 'desc'])
   sortOrder?: 'asc' | 'desc';
 }
+
+export class DeletePollDto {
+  @IsString()
+  @IsNotEmpty()
+  worldID: string;
+}
diff --git a/src/poll/poll.controller.ts b/src/poll/poll.controller.ts
@@ -10,10 +10,11 @@ import {
   Delete,
   UsePipes,
   ValidationPipe,
+  BadRequestException,
 } from '@nestjs/common';
 import { Response } from 'express';
 import { PollService } from './poll.service';
-import { CreatePollDto, GetPollsDto } from './Poll.dto';
+import { CreatePollDto, DeletePollDto, GetPollsDto } from './Poll.dto';
 
 @Controller('poll')
 export class PollController {
@@ -35,15 +36,10 @@ export class PollController {
     try {
       const polls = await this.pollService.getPolls(query);
       return res.status(200).json(polls);
-    } catch (error) {
-      if (error.message === 'User not found') {
-        return res.status(404).json({ message: error.message });
-      } else if (error.message === 'worldId Not Provided') {
-        return res.status(404).json({ message: error.message });
-      }
-      return res
-        .status(500)
-        .json({ message: 'Internal server error', error: error.message });
+    } catch (error: unknown) {
+      const errorMessage =
+        error instanceof Error ? error.message : 'An unexpected error occurred';
+      throw new BadRequestException(errorMessage);
     }
   }
 
@@ -64,16 +60,19 @@ export class PollController {
   }
 
   @Delete(':id')
-  async deletePoll(@Param('id') id: number, @Res() res: Response) {
-    const userId = 1; // need to implement Auth
+  async deletePoll(
+    @Param('id') id: number,
+    @Body() query: DeletePollDto,
+    @Res() res: Response,
+  ) {
     try {
-      const poll = await this.pollService.deletePoll(userId, Number(id));
+      const poll = await this.pollService.deletePoll(Number(id), query);
 
       return res.status(200).json({ message: 'Poll deleted', poll: poll });
-    } catch (error) {
-      return res
-        .status(500)
-        .json({ message: 'Internal server error', error: error.message });
+    } catch (error: unknown) {
+      const errorMessage =
+        error instanceof Error ? error.message : 'An unexpected error occurred';
+      throw new BadRequestException(errorMessage);
     }
   }
 }
diff --git a/src/poll/poll.service.ts b/src/poll/poll.service.ts
@@ -1,7 +1,7 @@
 import { BadRequestException, Injectable } from '@nestjs/common';
 import { ActionType, Prisma } from '@prisma/client';
 import { DatabaseService } from 'src/database/database.service';
-import { CreatePollDto, GetPollsDto } from './Poll.dto';
+import { CreatePollDto, DeletePollDto, GetPollsDto } from './Poll.dto';
 
 @Injectable()
 export class PollService {
@@ -152,15 +152,24 @@ export class PollService {
     return { user, poll, isActive };
   }
 
-  async deletePoll(userId: number, pollId: number) {
+  async deletePoll(pollId: number, query: DeletePollDto) {
+    const user = await this.databaseService.user.findUnique({
+      where: { worldID: query.worldID },
+      select: { id: true },
+    });
+
+    if (!user) {
+      throw new Error('User not found');
+    }
+
     const poll = await this.databaseService.poll.findUnique({
       where: { pollId },
     });
 
     if (!poll) {
       throw new Error('Poll not found');
     }
-    if (poll.authorUserId !== userId) {
+    if (poll.authorUserId !== user.id) {
       throw new Error('User Not Authorized');
     }
 
