fix: prevent public access to inactive doctors

backend/src/controllers/doctor.controller.js

@@ -93,9 +93,13 @@ export const getAllDoctors = async (req, res) => {
 export const getDoctorByDoctorId = async (req, res) => {
 	try {
 		const { doctorId } = req.params;
+		const { admin } = req.query;
 
-		const doctor = await prisma.doctor.findUnique({
+		const doctor = await prisma.doctor.findFirst({
-			where: { doctorId },
+			where: {
+				doctorId,
+				...(admin === 'true' ? {} : { isActive: true }),
+			},
 			include: {
 				seo: true,
 				specializations: true,
@@ -124,6 +128,7 @@ export const getDoctorByDoctorId = async (req, res) => {
 			qualification: doctor.qualification,
 			experience: doctor.experience,
 			professionalSummary: doctor.professionalSummary,
+			isActive: doctor.isActive,
 			seo: {
 				seoTitle: doctor.seo?.seoTitle ?? '',
 				metaDescription: doctor.seo?.metaDescription ?? '',
@@ -648,9 +653,13 @@ export const getDoctorTimings = async (req, res) => {
 export const getDoctorTimingById = async (req, res) => {
 	try {
 		const { doctorId } = req.params;
+		const { admin } = req.query;
 
-		const doctor = await prisma.doctor.findUnique({
+		const doctor = await prisma.doctor.findFirst({
-			where: { doctorId },
+			where: {
+				doctorId,
+				...(admin === 'true' ? {} : { isActive: true }),
+			},
 			include: {
 				departments: {
 					include: {