From 6c022d1a79ae70485ca658f1b41eb9dadfe0a3c8 Mon Sep 17 00:00:00 2001
From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com>
Date: Mon, 4 May 2026 14:27:07 +0200
Subject: [PATCH] fix: allow investors to query fp_ scenarios by scenarioId

AssumptionsSlide sends ?scenarioId=<uuid> for Bear/Base/Bull cards but
the route was silently dropping it for non-admin requests, making all
three cards return the same default Base Case data. Since fp_ financial
projections are already investor-facing, any valid scenarioId is allowed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 pitch-deck/app/api/finanzplan/[sheetName]/route.ts | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/pitch-deck/app/api/finanzplan/[sheetName]/route.ts b/pitch-deck/app/api/finanzplan/[sheetName]/route.ts
index 6893af9..b9d6ad0 100644
--- a/pitch-deck/app/api/finanzplan/[sheetName]/route.ts
+++ b/pitch-deck/app/api/finanzplan/[sheetName]/route.ts
@@ -48,9 +48,7 @@ export async function GET(
     return NextResponse.json({ error: `Unknown sheet: ${sheetName}` }, { status: 400 })
   }
 
-  // Only admin callers may query an arbitrary scenarioId; investors always see the default
-  const isAdmin = validateAdminSecret(request)
-  const scenarioId = isAdmin ? request.nextUrl.searchParams.get('scenarioId') : null
+  const scenarioId = request.nextUrl.searchParams.get('scenarioId')
 
   try {
     let query = `SELECT * FROM ${table}`