fix: allow investors to query fp_ scenarios by scenarioId
Build pitch-deck / build-push-deploy (push) Successful in 1m55s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 40s
CI / test-python-voice (push) Successful in 37s
CI / test-bqas (push) Successful in 34s
Build pitch-deck / build-push-deploy (push) Successful in 1m55s
CI / go-lint (push) Has been skipped
CI / python-lint (push) Has been skipped
CI / nodejs-lint (push) Has been skipped
CI / test-go-consent (push) Successful in 40s
CI / test-python-voice (push) Successful in 37s
CI / test-bqas (push) Successful in 34s
AssumptionsSlide sends ?scenarioId=<uuid> for Bear/Base/Bull cards but the route was silently dropping it for non-admin requests, making all three cards return the same default Base Case data. Since fp_ financial projections are already investor-facing, any valid scenarioId is allowed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
@@ -48,9 +48,7 @@ export async function GET(
|
|||||||
return NextResponse.json({ error: `Unknown sheet: ${sheetName}` }, { status: 400 })
|
return NextResponse.json({ error: `Unknown sheet: ${sheetName}` }, { status: 400 })
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only admin callers may query an arbitrary scenarioId; investors always see the default
|
const scenarioId = request.nextUrl.searchParams.get('scenarioId')
|
||||||
const isAdmin = validateAdminSecret(request)
|
|
||||||
const scenarioId = isAdmin ? request.nextUrl.searchParams.get('scenarioId') : null
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
let query = `SELECT * FROM ${table}`
|
let query = `SELECT * FROM ${table}`
|
||||||
|
|||||||
Reference in New Issue
Block a user