Jan/RFP_Finanzen
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix period editing and harden app with Next.js security upgrade
All checks were successful
CI / Build (push) Successful in 1m10s
Details
CI / Deploy (push) Successful in 1m11s
Details

Browse Source
This commit is contained in:
Jan Hanewinkel
2026-04-20 00:02:46 +02:00
parent 5a8b0871a0
commit f947908f0e
14 changed files with 2595 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/app/api/users/[id]/route.ts
View File

@@ -49,12 +49,13 @@ function serializeManagedUser(user: {
}
type Context = {
params: {
params: Promise<{
id: string;
};
}>;
};
export async function PATCH(request: Request, { params }: Context) {
const { id } = await params;
const viewer = await getCurrentViewer();
if (!viewer) {
@@ -73,7 +74,7 @@ export async function PATCH(request: Request, { params }: Context) {
}
const user = await prisma.user.findUnique({
where: { id: params.id }
where: { id }
});
if (!user) {
@@ -113,7 +114,7 @@ export async function PATCH(request: Request, { params }: Context) {
const previousSnapshot = snapshotUser(user);
const updatedUser = await prisma.user.update({
where: { id: params.id },
where: { id },
data: {
role: parsed.data.role,
workingGroupId,
@@ -163,6 +164,7 @@ export async function PATCH(request: Request, { params }: Context) {
}
export async function DELETE(_: Request, { params }: Context) {
const { id } = await params;
const viewer = await getCurrentViewer();
if (!viewer) {
@@ -173,12 +175,12 @@ export async function DELETE(_: Request, { params }: Context) {
return NextResponse.json({ error: "Nur Vorstand oder Finanz-AG dürfen Nutzer löschen." }, { status: 403 });
}
if (viewer.id === params.id) {
if (viewer.id === id) {
return NextResponse.json({ error: "Du kannst dein eigenes Konto hier nicht löschen." }, { status: 400 });
}
const user = await prisma.user.findUnique({
where: { id: params.id },
where: { id },
include: {
_count: {
select: {
@@ -211,7 +213,7 @@ export async function DELETE(_: Request, { params }: Context) {
}
await prisma.user.delete({
where: { id: params.id }
where: { id }
});
await createAuditLog(prisma, {