fix: allow investors to query fp_ scenarios by scenarioId
Build pitch-deck / build-push-deploy (push) Successful in 1m55s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 40s
CI / test-python-voice (push) Successful in 37s
CI / test-bqas (push) Successful in 34s
Build pitch-deck / build-push-deploy (push) Successful in 1m55s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 40s
CI / test-python-voice (push) Successful in 37s
CI / test-bqas (push) Successful in 34s
AssumptionsSlide sends ?scenarioId=<uuid> for Bear/Base/Bull cards but the route was silently dropping it for non-admin requests, making all three cards return the same default Base Case data. Since fp_ financial projections are already investor-facing, any valid scenarioId is allowed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -48,9 +48,7 @@ export async function GET(
|
||||
return NextResponse.json({ error: `Unknown sheet: ${sheetName}` }, { status: 400 })
|
||||
}
|
||||
|
||||
// Only admin callers may query an arbitrary scenarioId; investors always see the default
|
||||
const isAdmin = validateAdminSecret(request)
|
||||
const scenarioId = isAdmin ? request.nextUrl.searchParams.get('scenarioId') : null
|
||||
const scenarioId = request.nextUrl.searchParams.get('scenarioId')
|
||||
|
||||
try {
|
||||
let query = `SELECT * FROM ${table}`
|
||||
|
||||
Reference in New Issue
Block a user