aboutsummaryrefslogtreecommitdiff
path: root/customer/controller.go
diff options
context:
space:
mode:
authorVidhu Kant Sharma <vidhukant@vidhukant.com>2023-09-03 16:18:20 +0530
committerVidhu Kant Sharma <vidhukant@vidhukant.com>2023-09-03 16:18:20 +0530
commit776522d8741752832981b17ec81deb11a298ef57 (patch)
treef7c0654f2b3dbc475c2a32daa5c623eec0ffce4a /customer/controller.go
parent95dfc551f7eaaf6e8ebdefce1b733951354ac40d (diff)
different customers for different users
Diffstat (limited to 'customer/controller.go')
-rw-r--r--customer/controller.go48
1 files changed, 47 insertions, 1 deletions
diff --git a/customer/controller.go b/customer/controller.go
index 9381c45..ae6101f 100644
--- a/customer/controller.go
+++ b/customer/controller.go
@@ -31,6 +31,15 @@ func handleGetSingleCustomer (ctx *gin.Context) {
return
}
+ uId, ok := ctx.Get("UserID")
+ if !ok {
+ ctx.Error(e.ErrUnauthorized)
+ ctx.Abort()
+ return
+ }
+
+ userId := uId.(uint)
+
var customer Customer
err = getCustomer(&customer, uint(id))
@@ -40,6 +49,12 @@ func handleGetSingleCustomer (ctx *gin.Context) {
return
}
+ if customer.UserID != userId {
+ ctx.Error(e.ErrForbidden)
+ ctx.Abort()
+ return
+ }
+
ctx.JSON(http.StatusOK, gin.H{
"message": "success",
"data": customer,
@@ -49,7 +64,16 @@ func handleGetSingleCustomer (ctx *gin.Context) {
func handleGetCustomers (ctx *gin.Context) {
var customers []Customer
- err := getCustomers(&customers)
+ uId, ok := ctx.Get("UserID")
+ if !ok {
+ ctx.Error(e.ErrUnauthorized)
+ ctx.Abort()
+ return
+ }
+
+ userId := uId.(uint)
+
+ err := getCustomers(&customers, userId)
if err != nil {
ctx.Error(err)
ctx.Abort()
@@ -66,6 +90,17 @@ func handleSaveCustomer (ctx *gin.Context) {
var customer Customer
ctx.Bind(&customer)
+ uId, ok := ctx.Get("UserID")
+ if !ok {
+ ctx.Error(e.ErrUnauthorized)
+ ctx.Abort()
+ return
+ }
+
+ userId := uId.(uint)
+ customer.UserID = userId
+ customer.Contact.UserID = userId
+
err := customer.upsert()
if err != nil {
ctx.Error(err)
@@ -89,6 +124,17 @@ func handleDelCustomer (ctx *gin.Context) {
var customer Customer
customer.ID = uint(id)
+ uId, ok := ctx.Get("UserID")
+ if !ok {
+ ctx.Error(e.ErrUnauthorized)
+ ctx.Abort()
+ return
+ }
+
+ userId := uId.(uint)
+ customer.UserID = userId
+
+ // TODO: if userid and customer's user id don't match, dont delete
err = customer.del()
if err != nil {
ctx.Error(err)