Lars/mitai-jinkendo
1
0
Fork 0
Code Issues 23 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix: Auth-Token für Prompt-Bearbeitung fehlte
All checks were successful
Deploy Development / deploy (push) Successful in 53s
Details
Build Test / lint-backend (push) Successful in 0s
Details
Build Test / build-frontend (push) Successful in 13s
Details

Browse Source 
KRITISCHER BUG behoben:
- savePrompt() und Aktivieren/Deaktivieren sendeten KEIN Auth-Token
- Backend require_admin() warf deshalb 401 Unauthorized
- Prompt-Bearbeitung funktionierte überhaupt nicht (auch für Admins)

Fix:
- X-Auth-Token Header zu beiden fetch()-Calls hinzugefügt
- Token aus localStorage wie in anderen Admin-Funktionen

Rechtesystem BESTÄTIGT korrekt:
 Backend: nur require_admin() darf Prompts ändern
 DB: ai_prompts hat KEINE profile_id → universell
 Frontend: Tab "Prompts" nur für isAdmin sichtbar

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Lars 2026-03-19 06:36:37 +01:00
parent 518e417b1d
commit 4886f00826
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
frontend/src/pages/Analysis.jsx
View File

@ -150,8 +150,11 @@ export default function Analysis() {
}
const savePrompt = async (promptId, data) => {
const token = localStorage.getItem('bodytrack_token')||''
await fetch(`/api/prompts/${promptId}`, {
method:'PUT', headers:{'Content-Type':'application/json'}, body:JSON.stringify(data)
method:'PUT',
headers:{'Content-Type':'application/json', 'X-Auth-Token': token},
body:JSON.stringify(data)
})
setEditing(null); await loadAll()
}
@ -356,9 +359,14 @@ export default function Analysis() {
{p.description && <div style={{fontSize:12,color:'var(--text3)',marginTop:1}}>{p.description}</div>}
</div>
<button className="btn btn-secondary" style={{padding:'5px 8px',fontSize:12}}
onClick={()=>fetch(`/api/prompts/${p.id}`,{method:'PUT',
headers:{'Content-Type':'application/json'},
body:JSON.stringify({active:p.active?0:1})}).then(loadAll)}>
onClick={()=>{
const token = localStorage.getItem('bodytrack_token')||''
fetch(`/api/prompts/${p.id}`,{
method:'PUT',
headers:{'Content-Type':'application/json','X-Auth-Token':token},
body:JSON.stringify({active:p.active?0:1})
}).then(loadAll)
}}>
{p.active?'Deaktiv.':'Aktiv.'}
</button>
<button className="btn btn-secondary" style={{padding:'5px 8px'}}