groombook/app
Archived
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(waitlist): address QA review comments - auth fixes and pgEnum type

Browse Source 
- Add 401 when DELETE /waitlist/:id has no session (auth bypass fix)
- Add auth to PATCH /waitlist/:id (was zero auth)
- Add RBAC guard for /waitlist/* routes
- Fix migration to use proper ENUM type instead of TEXT
- Add unit tests for auth scenarios

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Scrubs McBarkley
2026-03-24 22:19:16 +00:00
committed by Flea Flicker
parent 232827ad29
commit 09cbf00157
4 changed files with 344 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/db/migrations/0015_waitlist.sql
+3 -1
View File
@@ -1,3 +1,5 @@
CREATE TYPE waitlist_status AS ENUM ('active', 'notified', 'expired', 'cancelled');
CREATE TABLE waitlist_entries (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
client_id UUID NOT NULL REFERENCES clients(id) ON DELETE CASCADE,
@@ -5,7 +7,7 @@ CREATE TABLE waitlist_entries (
service_id UUID NOT NULL REFERENCES services(id) ON DELETE CASCADE,
preferred_date DATE NOT NULL,
preferred_time TIME NOT NULL,
status TEXT NOT NULL DEFAULT 'active',
status waitlist_status NOT NULL DEFAULT 'active',
notified_at TIMESTAMPTZ,
expires_at TIMESTAMPTZ,
created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),