diff --git a/supabase/functions/process-selective-approval/index.ts b/supabase/functions/process-selective-approval/index.ts index 3c809e4a..63902224 100644 --- a/supabase/functions/process-selective-approval/index.ts +++ b/supabase/functions/process-selective-approval/index.ts @@ -12,6 +12,37 @@ interface ApprovalRequest { submissionId: string; } +// Allowed database fields for each entity type +const RIDE_FIELDS = [ + 'name', 'slug', 'description', 'park_id', 'ride_model_id', + 'manufacturer_id', 'designer_id', 'category', 'status', + 'opening_date', 'closing_date', 'height_requirement', 'age_requirement', + 'capacity_per_hour', 'duration_seconds', 'max_speed_kmh', + 'max_height_meters', 'length_meters', 'inversions', + 'ride_sub_type', 'coaster_type', 'seating_type', 'intensity_level', + 'drop_height_meters', 'max_g_force', 'image_url', + 'banner_image_url', 'banner_image_id', 'card_image_url', 'card_image_id' +]; + +const PARK_FIELDS = [ + 'name', 'slug', 'description', 'park_type', 'status', + 'opening_date', 'closing_date', 'location_id', 'operator_id', + 'property_owner_id', 'website_url', 'phone', 'email', + 'banner_image_url', 'banner_image_id', 'card_image_url', 'card_image_id' +]; + +const COMPANY_FIELDS = [ + 'name', 'slug', 'description', 'company_type', 'person_type', + 'founded_year', 'headquarters_location', 'website_url', 'logo_url', + 'banner_image_url', 'banner_image_id', 'card_image_url', 'card_image_id' +]; + +const RIDE_MODEL_FIELDS = [ + 'name', 'slug', 'description', 'category', 'ride_type', + 'manufacturer_id', 'banner_image_url', 'banner_image_id', + 'card_image_url', 'card_image_id' +]; + serve(async (req) => { if (req.method === 'OPTIONS') { return new Response(null, { headers: corsHeaders }); @@ -209,6 +240,16 @@ function sanitizeDateFields(data: any): any { return sanitized; } +function filterDatabaseFields(data: any, allowedFields: string[]): any { + const filtered: any = {}; + for (const field of allowedFields) { + if (field in data && data[field] !== undefined) { + filtered[field] = data[field]; + } + } + return filtered; +} + async function createPark(supabase: any, data: any): Promise { // Transform images object if present if (data.images) { @@ -239,9 +280,10 @@ async function createPark(supabase: any, data: any): Promise { delete data.park_id; // Remove ID from update data const sanitizedData = sanitizeDateFields(data); + const filteredData = filterDatabaseFields(sanitizedData, PARK_FIELDS); const { error } = await supabase .from('parks') - .update(sanitizedData) + .update(filteredData) .eq('id', parkId); if (error) throw new Error(`Failed to update park: ${error.message}`); @@ -249,9 +291,10 @@ async function createPark(supabase: any, data: any): Promise { } else { console.log('Creating new park'); const sanitizedData = sanitizeDateFields(data); + const filteredData = filterDatabaseFields(sanitizedData, PARK_FIELDS); const { data: park, error } = await supabase .from('parks') - .insert(sanitizedData) + .insert(filteredData) .select('id') .single(); @@ -290,9 +333,10 @@ async function createRide(supabase: any, data: any): Promise { delete data.ride_id; // Remove ID from update data const sanitizedData = sanitizeDateFields(data); + const filteredData = filterDatabaseFields(sanitizedData, RIDE_FIELDS); const { error } = await supabase .from('rides') - .update(sanitizedData) + .update(filteredData) .eq('id', rideId); if (error) throw new Error(`Failed to update ride: ${error.message}`); @@ -313,9 +357,10 @@ async function createRide(supabase: any, data: any): Promise { } else { console.log('Creating new ride'); const sanitizedData = sanitizeDateFields(data); + const filteredData = filterDatabaseFields(sanitizedData, RIDE_FIELDS); const { data: ride, error } = await supabase .from('rides') - .insert(sanitizedData) + .insert(filteredData) .select('id') .single(); @@ -368,10 +413,11 @@ async function createCompany(supabase: any, data: any, companyType: string): Pro const updateData = sanitizeDateFields({ ...data, company_type: companyType }); delete updateData.company_id; delete updateData.id; // Remove ID from update data + const filteredData = filterDatabaseFields(updateData, COMPANY_FIELDS); const { error } = await supabase .from('companies') - .update(updateData) + .update(filteredData) .eq('id', companyId); if (error) throw new Error(`Failed to update company: ${error.message}`); @@ -379,9 +425,10 @@ async function createCompany(supabase: any, data: any, companyType: string): Pro } else { console.log('Creating new company'); const companyData = sanitizeDateFields({ ...data, company_type: companyType }); + const filteredData = filterDatabaseFields(companyData, COMPANY_FIELDS); const { data: company, error } = await supabase .from('companies') - .insert(companyData) + .insert(filteredData) .select('id') .single(); @@ -391,9 +438,11 @@ async function createCompany(supabase: any, data: any, companyType: string): Pro } async function createRideModel(supabase: any, data: any): Promise { + const sanitizedData = sanitizeDateFields(data); + const filteredData = filterDatabaseFields(sanitizedData, RIDE_MODEL_FIELDS); const { data: model, error } = await supabase .from('ride_models') - .insert(data) + .insert(filteredData) .select('id') .single();