Implement submission protections

2025-12-21 22:51:12 -05:00 · 2025-10-17 17:12:06 +00:00
parent 5fe16e51b4
commit 62c8b7f2c3
4 changed files with 166 additions and 32 deletions
--- a/src/lib/entitySubmissionHelpers.ts
+++ b/src/lib/entitySubmissionHelpers.ts
@@ -1097,24 +1097,7 @@ export async function submitTimelineEvent(
  };

  // Create the main submission record
-  const { data: submission, error: submissionError } = await supabase
-    .from('content_submissions')
-    .insert({
-      user_id: userId,
-      submission_type: 'milestone',
-      content,
-      status: 'pending',
-      approval_mode: 'full',
-    })
-    .select()
-    .single();
-
-  if (submissionError || !submission) {
-    console.error('Failed to create timeline event submission:', submissionError);
-    throw new Error('Failed to submit timeline event for review');
-  }
-
-  // Create submission item with actual data
+  // Use atomic RPC function to create submission + items in transaction
  const itemData: Record<string, any> = {
    entity_type: entityType,
    entity_id: entityId,
@@ -1129,28 +1112,32 @@ export async function submitTimelineEvent(
    to_entity_id: data.to_entity_id,
    from_location_id: data.from_location_id,
    to_location_id: data.to_location_id,
-    is_public: true, // All timeline events are public
+    is_public: true,
  };

-  const { error: itemError } = await supabase
-    .from('submission_items')
-    .insert({
-      submission_id: submission.id,
-      item_type: 'milestone',
-      action_type: 'create',
-      item_data: itemData as unknown as Json,
-      status: 'pending',
-      order_index: 0,
+  const items = [{
+    item_type: 'milestone',
+    action_type: 'create',
+    item_data: itemData,
+    order_index: 0,
+  }];
+
+  const { data: submissionId, error } = await supabase
+    .rpc('create_submission_with_items', {
+      p_user_id: userId,
+      p_submission_type: 'milestone',
+      p_content: content,
+      p_items: items as any,
    });

-  if (itemError) {
-    console.error('Failed to create timeline event item:', itemError);
-    throw new Error('Failed to submit timeline event item for review');
+  if (error || !submissionId) {
+    console.error('Failed to create timeline event submission:', error);
+    throw new Error('Failed to submit timeline event for review');
  }

  return {
    submitted: true,
-    submissionId: submission.id,
+    submissionId: submissionId,
  };
 }