diff --git a/Endpoints/SuggestEndpoints.cs b/Endpoints/SuggestEndpoints.cs index bfe483c..90da3b0 100644 --- a/Endpoints/SuggestEndpoints.cs +++ b/Endpoints/SuggestEndpoints.cs @@ -98,15 +98,19 @@ public static class SuggestEndpoints return Results.Created($"/api/suggestions/{suggestion.Id}", new { suggestion.Id }); }); - app.MapDelete("/api/suggestions/{id:int}", async (int id, HttpContext ctx, AppDbContext db) => + app.MapDelete("/api/suggestions/{id:int}", async (int id, HttpContext ctx, AppDbContext db, IConfiguration config) => { - var phase = await EndpointHelpers.GetPhase(db); - if (phase != Phase.Suggest) - return EndpointHelpers.PhaseMismatch(Phase.Suggest, phase); - var player = await EndpointHelpers.GetAuthenticatedPlayer(ctx, db); if (player is null) return Results.Unauthorized(); - var suggestion = await db.Suggestions.FirstOrDefaultAsync(s => s.Id == id && s.PlayerId == player.Id); + var isAdmin = await EndpointHelpers.IsAdmin(ctx, db, config); + + var phase = await EndpointHelpers.GetPhase(db); + if (!isAdmin && phase != Phase.Suggest) + return EndpointHelpers.PhaseMismatch(Phase.Suggest, phase); + + var suggestion = isAdmin + ? await db.Suggestions.FirstOrDefaultAsync(s => s.Id == id) + : await db.Suggestions.FirstOrDefaultAsync(s => s.Id == id && s.PlayerId == player.Id); if (suggestion == null) return Results.NotFound(new { error = "Suggestion not found." }); diff --git a/wwwroot/app.js b/wwwroot/app.js index 8fe2c98..1819ae8 100644 --- a/wwwroot/app.js +++ b/wwwroot/app.js @@ -155,7 +155,8 @@ function renderAllSuggestions() { if (!list) return; list.innerHTML = ""; const allowEdit = !!state.me?.isAdmin; - state.allSuggestions.forEach((s) => list.appendChild(buildCard(s, { showAuthor: true, allowEdit }))); + const allowDelete = !!state.me?.isAdmin && (state.phase === "Reveal" || state.phase === "Suggest"); + state.allSuggestions.forEach((s) => list.appendChild(buildCard(s, { showAuthor: true, allowEdit, allowDelete }))); } function renderVotes() {