fix(security): block deletion of categories and product types in use

Return 409 Conflict if any products reference the entity being deleted,
preventing accidental data corruption from orphaned foreign keys.

app/src/app/api/admin/categories/route.ts

@@ -72,6 +72,14 @@ export async function DELETE(request: NextRequest) {
   const id = searchParams.get('id')
   if (!id) return NextResponse.json({ error: 'ID required' }, { status: 400 })
 
+  const productCount = await prisma.productCategory.count({ where: { categoryId: id } })
+  if (productCount > 0) {
+    return NextResponse.json(
+      { error: `Cannot delete: ${productCount} product(s) use this category` },
+      { status: 409 }
+    )
+  }
+
   await prisma.category.delete({ where: { id } })
 
   return NextResponse.json({ success: true })

app/src/app/api/admin/product-types/route.ts

@@ -73,6 +73,14 @@ export async function DELETE(request: NextRequest) {
   const id = searchParams.get('id')
   if (!id) return NextResponse.json({ error: 'ID required' }, { status: 400 })
 
+  const productCount = await prisma.product.count({ where: { typeId: id } })
+  if (productCount > 0) {
+    return NextResponse.json(
+      { error: `Cannot delete: ${productCount} product(s) use this product type` },
+      { status: 409 }
+    )
+  }
+
   await prisma.productType.delete({ where: { id } })
 
   return NextResponse.json({ success: true })