Add from user rm aproved/denied plates/rut

backend/src/index.js

@@ -94,16 +94,49 @@ app.put('/api/plates/:id/approve', authenticateToken, isAdmin, async (req, res)
 });
 
 // Admin: Delete Plate (Optional but good to have)
-app.delete('/api/plates/:id', authenticateToken, isAdmin, async (req, res) => {
+// Delete Plate (Admin or Owner)
+app.delete('/api/plates/:id', authenticateToken, async (req, res) => {
   const { id } = req.params;
   try {
+    const plate = await prisma.plate.findUnique({ where: { id: parseInt(id) } });
+    if (!plate) return res.status(404).json({ error: 'Plate not found' });
+
+    // Check permissions
+    if (req.user.role !== 'ADMIN' && plate.addedById !== req.user.id) {
+      return res.status(403).json({ error: 'Unauthorized' });
+    }
+
     await prisma.plate.delete({ where: { id: parseInt(id) } });
+
+    io.emit('plate_deleted', { id: parseInt(id) });
+
     res.json({ message: 'Plate deleted' });
   } catch (err) {
     res.status(500).json({ error: err.message });
   }
 });
 
+// Delete Person (Admin or Owner)
+app.delete('/api/people/:id', authenticateToken, async (req, res) => {
+  const { id } = req.params;
+  try {
+    const person = await prisma.person.findUnique({ where: { id: parseInt(id) } });
+    if (!person) return res.status(404).json({ error: 'Person not found' });
+
+    if (req.user.role !== 'ADMIN' && person.addedById !== req.user.id) {
+      return res.status(403).json({ error: 'Unauthorized' });
+    }
+
+    await prisma.person.delete({ where: { id: parseInt(id) } });
+
+    io.emit('person_deleted', { id: parseInt(id) });
+
+    res.json({ message: 'Person deleted' });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
 // History Endpoint
 app.get('/api/history', async (req, res) => {
   const { date } = req.query; // Format: YYYY-MM-DD