admin/logbuch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.6.3: 403-Fehler bei Einträgen ohne created_by (NULL) beheben

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Reinhard X. Fürst
2026-05-11 20:55:52 +02:00
parent ab9be7b96f
commit 3d3346de76
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/api/logbuch/[id]/route.ts
+4 -2
View File
@@ -18,7 +18,8 @@ export async function PUT(request: NextRequest, { params }: { params: Promise<{
} }
const isAdmin = session.role?.includes('admin'); const isAdmin = session.role?.includes('admin');
const isCreator = existingRows[0].created_by === session.beoId; const createdBy = existingRows[0].created_by;
const isCreator = createdBy === null || createdBy === session.beoId;
if (!isAdmin && !isCreator) { if (!isAdmin && !isCreator) {
return NextResponse.json({ error: 'Keine Berechtigung zum Ändern dieses Eintrags' }, { status: 403 }); return NextResponse.json({ error: 'Keine Berechtigung zum Ändern dieses Eintrags' }, { status: 403 });
@@ -90,7 +91,8 @@ export async function DELETE(_request: NextRequest, { params }: { params: Promis
} }
const isAdmin = session.role?.includes('admin'); const isAdmin = session.role?.includes('admin');
const isCreator = existingRows[0].created_by === session.beoId; const createdBy = existingRows[0].created_by;
const isCreator = createdBy === null || createdBy === session.beoId;
if (!isAdmin && !isCreator) { if (!isAdmin && !isCreator) {
return NextResponse.json({ error: 'Keine Berechtigung zum Löschen dieses Eintrags' }, { status: 403 }); return NextResponse.json({ error: 'Keine Berechtigung zum Löschen dieses Eintrags' }, { status: 403 });
package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"name": "logbuch", "name": "logbuch",
"version": "1.6.2", "version": "1.6.3",
"private": true, "private": true,
"scripts": { "scripts": {
"dev": "next dev", "dev": "next dev",