Matt
3c9310f81c
Adds assertResidentialModuleEnabled(ctx.portId) as the first statement in every residential v1 handler (24 handlers across 13 files), mirroring the Tenancies pattern. Previously the disabled-module state was enforced only in the page layout, so a disabled module still accepted API writes (including partner-forward emails on residential interest creation). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
44 lines
1.5 KiB
TypeScript
44 lines
1.5 KiB
TypeScript
import { NextResponse } from 'next/server';
|
|
|
|
import { withAuth, withPermission } from '@/lib/api/helpers';
|
|
import { parseBody } from '@/lib/api/route-helpers';
|
|
import { createNoteSchema } from '@/lib/validators/notes';
|
|
import * as notesService from '@/lib/services/notes.service';
|
|
import { assertResidentialModuleEnabled } from '@/lib/services/residential-module.service';
|
|
import { errorResponse, NotFoundError } from '@/lib/errors';
|
|
|
|
export const GET = withAuth(
|
|
withPermission('residential_interests', 'view', async (_req, ctx, params) => {
|
|
try {
|
|
await assertResidentialModuleEnabled(ctx.portId);
|
|
const id = params.id;
|
|
if (!id) throw new NotFoundError('Residential interest');
|
|
const notes = await notesService.listForEntity(ctx.portId, 'residential_interests', id);
|
|
return NextResponse.json({ data: notes });
|
|
} catch (error) {
|
|
return errorResponse(error);
|
|
}
|
|
}),
|
|
);
|
|
|
|
export const POST = withAuth(
|
|
withPermission('residential_interests', 'edit', async (req, ctx, params) => {
|
|
try {
|
|
await assertResidentialModuleEnabled(ctx.portId);
|
|
const id = params.id;
|
|
if (!id) throw new NotFoundError('Residential interest');
|
|
const body = await parseBody(req, createNoteSchema);
|
|
const note = await notesService.create(
|
|
ctx.portId,
|
|
'residential_interests',
|
|
id,
|
|
ctx.userId,
|
|
body,
|
|
);
|
|
return NextResponse.json({ data: note }, { status: 201 });
|
|
} catch (error) {
|
|
return errorResponse(error);
|
|
}
|
|
}),
|
|
);
|