mirror of
https://github.com/jcreek/LivingDexTracker.git
synced 2026-07-13 11:03:44 +00:00
fix(#64): Address PR comments
This commit is contained in:
@@ -11,12 +11,27 @@ SECURITY DEFINER
|
||||
SET search_path = public, pg_temp
|
||||
LANGUAGE plpgsql
|
||||
AS $$
|
||||
DECLARE
|
||||
v_user_id UUID;
|
||||
BEGIN
|
||||
-- Validate that entry_ids is not empty to avoid accidental deletion
|
||||
IF p_entry_ids IS NULL OR array_length(p_entry_ids, 1) IS NULL THEN
|
||||
RAISE EXCEPTION 'entry_ids cannot be null or empty';
|
||||
END IF;
|
||||
|
||||
-- Verify that the caller owns the target pokedex
|
||||
SELECT "userId" INTO v_user_id
|
||||
FROM pokedexes
|
||||
WHERE id = p_pokedex_id;
|
||||
|
||||
IF v_user_id IS NULL THEN
|
||||
RAISE EXCEPTION 'pokedex not found';
|
||||
END IF;
|
||||
|
||||
IF v_user_id != auth.uid() THEN
|
||||
RAISE EXCEPTION 'not authorized: you do not own this pokedex';
|
||||
END IF;
|
||||
|
||||
-- Delete old mappings and insert new mappings in a single transaction
|
||||
-- This ensures atomicity - either both operations succeed or both fail
|
||||
DELETE FROM pokedex_entries_mapping
|
||||
|
||||
Reference in New Issue
Block a user