From 97e84aaf09e05a5120329574e5bf998c55134d33 Mon Sep 17 00:00:00 2001
From: Markus Brueckner <namenlos@geekbetrieb.de>
Date: Mon, 13 Jan 2025 21:33:24 +0100
Subject: [PATCH] prevent anonymous deletion of surveys

---
 src/routes/(app)/survey/[surveyId]/+server.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/routes/(app)/survey/[surveyId]/+server.ts b/src/routes/(app)/survey/[surveyId]/+server.ts
index 9da4182..747761a 100644
--- a/src/routes/(app)/survey/[surveyId]/+server.ts
+++ b/src/routes/(app)/survey/[surveyId]/+server.ts
@@ -4,7 +4,11 @@ import { surveysTable } from "../../../../db/schema";
 import { eq } from "drizzle-orm";
 
 
-export const DELETE: RequestHandler = async ({ params }) => {
+export const DELETE: RequestHandler = async ({ params, locals }) => {
+    if (!locals.userId) {
+        return new Response(null, { status: 403 });
+    }
+
     const surveyId = parseInt(params.surveyId ?? '');
 
     if (isNaN(surveyId)) {