fix: remove user_id query requirement from notifications count/read-all

app/api/routers/misc.py

@@ -193,11 +193,11 @@ def list_notifications(unread_only: bool = False, limit: int = 50, db: Session =
 
 
 @router.get("/notifications/count", tags=["Notifications"])
-def notification_count(user_id: int, db: Session = Depends(get_db)):
+def notification_count(db: Session = Depends(get_db), current_user: models.User = Depends(get_current_user_or_apikey)):
     count = db.query(NotificationModel).filter(
-        NotificationModel.user_id == user_id, NotificationModel.is_read == False
+        NotificationModel.user_id == current_user.id, NotificationModel.is_read == False
     ).count()
-    return {"user_id": user_id, "unread": count}
+    return {"user_id": current_user.id, "count": count, "unread": count}
 
 
 @router.post("/notifications/{notification_id}/read", tags=["Notifications"])
@@ -205,18 +205,20 @@ def mark_read(notification_id: int, db: Session = Depends(get_db), current_user:
     n = db.query(NotificationModel).filter(NotificationModel.id == notification_id).first()
     if not n:
         raise HTTPException(status_code=404, detail="Notification not found")
+    if n.user_id != current_user.id and not current_user.is_admin:
+        raise HTTPException(status_code=403, detail="Forbidden")
     n.is_read = True
     db.commit()
     return {"status": "read"}
 
 
 @router.post("/notifications/read-all", tags=["Notifications"])
-def mark_all_read(user_id: int, db: Session = Depends(get_db)):
+def mark_all_read(db: Session = Depends(get_db), current_user: models.User = Depends(get_current_user_or_apikey)):
     db.query(NotificationModel).filter(
-        NotificationModel.user_id == user_id, NotificationModel.is_read == False
+        NotificationModel.user_id == current_user.id, NotificationModel.is_read == False
     ).update({"is_read": True})
     db.commit()
-    return {"status": "all_read"}
+    return {"status": "all_read", "user_id": current_user.id}
 
 
 # ============ Work Logs ============