From fb22e09c0b216629cda4035deecca1805e9b8843 Mon Sep 17 00:00:00 2001
From: Jukka Lampikoski <jukka@lampikoski.com>
Date: Wed, 11 Mar 2026 14:14:01 +0200
Subject: [PATCH] Korjaa isAdmin() -> isCompanyAdmin() todo-endpointeissa
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

isAdmin() ei ollut olemassa, oikea funktio on isCompanyAdmin().
Aiheutti PHP fatal errorin ja tyhjän vastauksen.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 api.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/api.php b/api.php
index c7942b7..ddcd610 100644
--- a/api.php
+++ b/api.php
@@ -2241,7 +2241,7 @@ switch ($action) {
             requireAdmin();
         } elseif (!$isNew) {
             $existing = dbLoadTodo($input['id']);
-            if ($existing && $existing['created_by'] !== currentUser() && !isAdmin()) {
+            if ($existing && $existing['created_by'] !== currentUser() && !isCompanyAdmin()) {
                 http_response_code(403);
                 echo json_encode(['error' => 'Voit muokata vain omia ehdotuksiasi']);
                 break;
@@ -2303,12 +2303,12 @@ switch ($action) {
                 break;
             }
             $type = $rows[0]['type'];
-            if ($type === 'feature_request' && !isAdmin()) {
+            if ($type === 'feature_request' && !isCompanyAdmin()) {
                 http_response_code(403);
                 echo json_encode(['error' => 'Vain admin voi muuttaa ehdotuksen statusta']);
                 break;
             }
-            if ($type === 'task' && !isAdmin()) {
+            if ($type === 'task' && !isCompanyAdmin()) {
                 http_response_code(403);
                 echo json_encode(['error' => 'Vain admin voi muuttaa tehtävän statusta']);
                 break;
@@ -2374,7 +2374,7 @@ switch ($action) {
         $commentId = $input['id'] ?? '';
         // Tarkista onko oma kommentti tai admin
         $rows = _dbFetchAll("SELECT author FROM todo_comments WHERE id = ?", [$commentId]);
-        if (!empty($rows) && ($rows[0]['author'] === currentUser() || isAdmin())) {
+        if (!empty($rows) && ($rows[0]['author'] === currentUser() || isCompanyAdmin())) {
             dbDeleteTodoComment($commentId);
             echo json_encode(['success' => true]);
         } else {
@@ -2414,7 +2414,7 @@ switch ($action) {
         $input = json_decode(file_get_contents('php://input'), true);
         $entryId = $input['id'] ?? '';
         $rows = _dbFetchAll("SELECT user FROM todo_time_entries WHERE id = ?", [$entryId]);
-        if (!empty($rows) && ($rows[0]['user'] === currentUser() || isAdmin())) {
+        if (!empty($rows) && ($rows[0]['user'] === currentUser() || isCompanyAdmin())) {
             dbDeleteTodoTimeEntry($entryId);
             echo json_encode(['success' => true]);
         } else {