From d05776ad3a868a441886366a353c451aab85cee0 Mon Sep 17 00:00:00 2001
From: Chi Cong Tran <chi-cong.tran@polizei.niedersachsen.de>
Date: Fri, 6 Jun 2025 11:42:37 +0200
Subject: [PATCH] fix permission code check

---
 src/routes/(angemeldet)/upload/+page.svelte  | 39 +++++++++-----------
 src/routes/(angemeldet)/view/+page.server.js | 19 +---------
 2 files changed, 19 insertions(+), 39 deletions(-)

diff --git a/src/routes/(angemeldet)/upload/+page.svelte b/src/routes/(angemeldet)/upload/+page.svelte
index b639246..b898c10 100644
--- a/src/routes/(angemeldet)/upload/+page.svelte
+++ b/src/routes/(angemeldet)/upload/+page.svelte
@@ -158,42 +158,37 @@
 		}
 	}
 
-	///(angemeldet)/view return true or false
+	// `/(angemeldet)/view` return true or false
 	async function case_exists(case_no) {
-		// ping `` with caseNumber in POST body
+
+		if (case_no == '') {
+			zuganscode = zugangscode_old;
+		}
+
+		// ping `/view` with caseNumber in POST body
 		let url = '/view';
+
 		let data = new FormData();
 		data.append('caseNumber', case_no);
 
-		console.log('--- case exist_func', case_no)
-
 		// fetch code in parallel
-		const code = get_code(case_no);
+		const code = await get_code(case_no);
+		if (code != -1) {
+			zugangscode = code;
+			case_existing = true;
+			return true
+		}
 
 		const response = await fetch(url, { method: 'POST', body: data });
 
 		const res_json = await response.json();
-		console.log(`+++ ${res_json.data}`)
 		const status = res_json.status;
 
-		// aktualisiere Zugangscode mit
-		if (status == 303) {
-			case_existing = true;
-
-			const res = await code;
-
-
-			if (res != -1) {
-				// Code vorhanden
-				zugangscode = res;
-			}
-
-			return true;
+		if (status != 303) {
+			case_existing = false;
+			zugangscode = zugangscode_old;
 		}
 
-		case_existing = false;
-		zugangscode = zugangscode_old;
-
 		return false;
 	}
 
diff --git a/src/routes/(angemeldet)/view/+page.server.js b/src/routes/(angemeldet)/view/+page.server.js
index a8bd2aa..04579b1 100644
--- a/src/routes/(angemeldet)/view/+page.server.js
+++ b/src/routes/(angemeldet)/view/+page.server.js
@@ -32,11 +32,10 @@ export const actions = {
 		// Jetzt prüfen, ob Code vorhanden ist und
 		// dem eingegebenen Code entspricht
 
-//Nur Abfrage,wenn user_token nicht false ist
-		if(user_token){
-			const token = await codex(caseNumber);
+		const token = await codex(caseNumber);
 		console.log(`xxx ${token}, ${user_token}`);
 
+		// token vorhanden, check ob gleich sind
 		if (token && token != user_token) {
 			console.log(`ooo token check`);
 			return fail(400, {
@@ -45,20 +44,6 @@ export const actions = {
 				error: { token: 'Der Token ist falsch.' }
 			});
 		}
-		}
-
-		// if (token != -1 && user_token != token) {
-		// 	console.log('ooo Fehler');
-		// 	redirect(303, `/view`);
-		// }
-		// if (token != -1 && user_token != token) {
-		// 	console.log('ooo Fehler');
-		// 	return fail(400, {
-		// 		success: false,
-		// 		caseNumber,
-		// 		error: { token: 'Der Zugangscode ist falsch.' }
-		// 	});
-		// }
 
 		redirect(303, `/list/${caseNumber}`);
 	}