pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-24 17:51:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Block photo uploads on entity edits

Browse Source
This commit is contained in:
gpt-engineer-app[bot]
2025-11-02 20:39:22 +00:00
parent bb951e637f
commit bccaebc6d6
5 changed files with 106 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

149
src/lib/entitySubmissionHelpers.ts
View File

@@ -531,26 +531,15 @@ export async function submitParkUpdate(
if (fetchError) throw new Error(`Failed to fetch park: ${fetchError.message}`);
if (!existingPark) throw new Error('Park not found');
// Upload any pending local images first
let processedImages = data.images;
if (data.images?.uploaded && data.images.uploaded.length > 0) {
try {
const uploadedImages = await uploadPendingImages(data.images.uploaded);
processedImages = {
...data.images,
uploaded: uploadedImages
};
} catch (error: unknown) {
const errorMessage = getErrorMessage(error);
logger.error('Park image upload failed', {
action: 'park_update',
parkId,
error: errorMessage
});
throw new Error(`Failed to upload images: ${errorMessage}`);
}
// CRITICAL: Block new photo uploads on edits
// Photos can only be submitted during creation or via the photo gallery
if (data.images?.uploaded && data.images.uploaded.some(img => img.isLocal)) {
throw new Error('Photo uploads are not allowed during edits. Please use the photo gallery to submit additional photos.');
}
// Only allow banner/card reassignments from existing photos
let processedImages = data.images;
// Create the main submission record
const { data: submissionData, error: submissionError } = await supabase
.from('content_submissions')
@@ -825,26 +814,15 @@ export async function submitRideUpdate(
if (fetchError) throw new Error(`Failed to fetch ride: ${fetchError.message}`);
if (!existingRide) throw new Error('Ride not found');
// Upload any pending local images first
let processedImages = data.images;
if (data.images?.uploaded && data.images.uploaded.length > 0) {
try {
const uploadedImages = await uploadPendingImages(data.images.uploaded);
processedImages = {
...data.images,
uploaded: uploadedImages
};
} catch (error: unknown) {
const errorMessage = getErrorMessage(error);
logger.error('Ride image upload failed', {
action: 'ride_update',
rideId,
error: errorMessage
});
throw new Error(`Failed to upload images: ${errorMessage}`);
}
// CRITICAL: Block new photo uploads on edits
// Photos can only be submitted during creation or via the photo gallery
if (data.images?.uploaded && data.images.uploaded.some(img => img.isLocal)) {
throw new Error('Photo uploads are not allowed during edits. Please use the photo gallery to submit additional photos.');
}
// Only allow banner/card reassignments from existing photos
let processedImages = data.images;
// Create the main submission record
const { data: submissionData, error: submissionError } = await supabase
.from('content_submissions')
@@ -1002,26 +980,13 @@ export async function submitRideModelUpdate(
if (fetchError) throw new Error(`Failed to fetch ride model: ${fetchError.message}`);
if (!existingModel) throw new Error('Ride model not found');
// Upload any pending local images first
let processedImages = data.images;
if (data.images?.uploaded && data.images.uploaded.length > 0) {
try {
const uploadedImages = await uploadPendingImages(data.images.uploaded);
processedImages = {
...data.images,
uploaded: uploadedImages
};
} catch (error: unknown) {
const errorMessage = getErrorMessage(error);
logger.error('Ride model image upload failed', {
action: 'ride_model_update',
rideModelId,
error: errorMessage
});
throw new Error(`Failed to upload images: ${errorMessage}`);
}
// CRITICAL: Block new photo uploads on edits
if (data.images?.uploaded && data.images.uploaded.some(img => img.isLocal)) {
throw new Error('Photo uploads are not allowed during edits. Please use the photo gallery to submit additional photos.');
}
let processedImages = data.images;
// Create the main submission record
const { data: submissionData, error: submissionError } = await supabase
.from('content_submissions')
@@ -1132,22 +1097,13 @@ export async function submitManufacturerUpdate(
if (fetchError) throw new Error(`Failed to fetch manufacturer: ${fetchError.message}`);
if (!existingCompany) throw new Error('Manufacturer not found');
let processedImages = data.images;
if (data.images?.uploaded && data.images.uploaded.length > 0) {
try {
const uploadedImages = await uploadPendingImages(data.images.uploaded);
processedImages = { ...data.images, uploaded: uploadedImages };
} catch (error: unknown) {
const errorMessage = getErrorMessage(error);
logger.error('Company image upload failed', {
action: 'manufacturer_update',
companyId,
error: errorMessage
});
throw new Error(`Failed to upload images: ${errorMessage}`);
}
// CRITICAL: Block new photo uploads on edits
if (data.images?.uploaded && data.images.uploaded.some(img => img.isLocal)) {
throw new Error('Photo uploads are not allowed during edits. Please use the photo gallery to submit additional photos.');
}
let processedImages = data.images;
const { data: submissionData, error: submissionError } = await supabase
.from('content_submissions')
.insert({
@@ -1249,22 +1205,13 @@ export async function submitDesignerUpdate(
if (fetchError) throw new Error(`Failed to fetch designer: ${fetchError.message}`);
if (!existingCompany) throw new Error('Designer not found');
let processedImages = data.images;
if (data.images?.uploaded && data.images.uploaded.length > 0) {
try {
const uploadedImages = await uploadPendingImages(data.images.uploaded);
processedImages = { ...data.images, uploaded: uploadedImages };
} catch (error: unknown) {
const errorMessage = getErrorMessage(error);
logger.error('Company image upload failed', {
action: 'designer_update',
companyId,
error: errorMessage
});
throw new Error(`Failed to upload images: ${errorMessage}`);
}
// CRITICAL: Block new photo uploads on edits
if (data.images?.uploaded && data.images.uploaded.some(img => img.isLocal)) {
throw new Error('Photo uploads are not allowed during edits. Please use the photo gallery to submit additional photos.');
}
let processedImages = data.images;
const { data: submissionData, error: submissionError } = await supabase
.from('content_submissions')
.insert({
@@ -1366,22 +1313,13 @@ export async function submitOperatorUpdate(
if (fetchError) throw new Error(`Failed to fetch operator: ${fetchError.message}`);
if (!existingCompany) throw new Error('Operator not found');
let processedImages = data.images;
if (data.images?.uploaded && data.images.uploaded.length > 0) {
try {
const uploadedImages = await uploadPendingImages(data.images.uploaded);
processedImages = { ...data.images, uploaded: uploadedImages };
} catch (error: unknown) {
const errorMessage = getErrorMessage(error);
logger.error('Company image upload failed', {
action: 'operator_update',
companyId,
error: errorMessage
});
throw new Error(`Failed to upload images: ${errorMessage}`);
}
// CRITICAL: Block new photo uploads on edits
if (data.images?.uploaded && data.images.uploaded.some(img => img.isLocal)) {
throw new Error('Photo uploads are not allowed during edits. Please use the photo gallery to submit additional photos.');
}
let processedImages = data.images;
const { data: submissionData, error: submissionError } = await supabase
.from('content_submissions')
.insert({
@@ -1483,22 +1421,13 @@ export async function submitPropertyOwnerUpdate(
if (fetchError) throw new Error(`Failed to fetch property owner: ${fetchError.message}`);
if (!existingCompany) throw new Error('Property owner not found');
let processedImages = data.images;
if (data.images?.uploaded && data.images.uploaded.length > 0) {
try {
const uploadedImages = await uploadPendingImages(data.images.uploaded);
processedImages = { ...data.images, uploaded: uploadedImages };
} catch (error: unknown) {
const errorMessage = getErrorMessage(error);
logger.error('Company image upload failed', {
action: 'property_owner_update',
companyId,
error: errorMessage
});
throw new Error(`Failed to upload images: ${errorMessage}`);
}
// CRITICAL: Block new photo uploads on edits
if (data.images?.uploaded && data.images.uploaded.some(img => img.isLocal)) {
throw new Error('Photo uploads are not allowed during edits. Please use the photo gallery to submit additional photos.');
}
let processedImages = data.images;
const { data: submissionData, error: submissionError } = await supabase
.from('content_submissions')
.insert({