properly editing customer detailsv0.13.0

author: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2025-10-10 19:27:42 +0530
committer: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2025-10-10 19:27:42 +0530
commit: d55d43bb4ac0b3114c54a4dd5a1e53c76a3df3a2 (patch)
tree: f80cb7ab32f46df4101833daec66381937b64b1b /customer/controller.go
parent: a3884ebb05564951164f4c880d573950299ba85e (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/customer/controller.go b/customer/controller.go
index 2bacd02..f2704bd 100644
--- a/customer/controller.go
+++ b/customer/controller.go
@@ -98,7 +98,17 @@ func handleSaveCustomer (ctx *gin.Context) {
 	}
 
 	userId := uId.(uint)
-	customer.UserID = userId
+	customer.UserID = userId // necessary even when editing, just in case if UserID was ommitted in the request
+
+	if customer.ID != 0 {
+		// if customer is being edited, check ownership
+		err := checkCustomerOwnership(customer.ID, userId)
+	  if err != nil {
+	  	ctx.Error(err)
+	  	ctx.Abort()
+	  	return
+	  }
+  }
 
 	err := customer.upsert()
 	if err != nil {
author	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2025-10-10 19:27:42 +0530
committer	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2025-10-10 19:27:42 +0530
commit	d55d43bb4ac0b3114c54a4dd5a1e53c76a3df3a2 (patch)
tree	f80cb7ab32f46df4101833daec66381937b64b1b /customer/controller.go
parent	a3884ebb05564951164f4c880d573950299ba85e (diff)