removed per-user itemsv0.17.0

author: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2025-10-11 20:55:48 +0530
committer: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2025-10-11 20:55:48 +0530
commit: bc154857fb5569d7c1fa9785cc891cb927a6a156 (patch)
tree: 590c9f6a00a1b97b2ee45cfa5a767558089affe0 /customer
parent: 8a47978ca17d2f251d67d12b0e34fa26bb1e4ace (diff)
4 files changed, 5 insertions, 102 deletions
diff --git a/customer/controller.go b/customer/controller.go
index f2704bd..83423da 100644
--- a/customer/controller.go
+++ b/customer/controller.go
@@ -31,17 +31,7 @@ func handleGetSingleCustomer (ctx *gin.Context) {
 		return
 	}
 
-	uId, ok := ctx.Get("UserID")
-	if !ok {
-		ctx.Error(e.ErrUnauthorized)
-		ctx.Abort()
-		return
-	}
-
-	userId := uId.(uint)
-
 	var customer Customer
-
 	err = getCustomer(&customer, uint(id))
 	if err != nil {
 		ctx.Error(err)
@@ -49,14 +39,7 @@ func handleGetSingleCustomer (ctx *gin.Context) {
 		return
 	}
 
-	if customer.UserID != userId {
-		ctx.Error(e.ErrForbidden)
-		ctx.Abort()
-		return
-	}
-
 	ctx.JSON(http.StatusOK, gin.H{
-		"message": "success",
 		"data": customer,
 	})
 }
@@ -64,16 +47,7 @@ func handleGetSingleCustomer (ctx *gin.Context) {
 func handleGetCustomers (ctx *gin.Context) {
 	var customers []Customer
 
-	uId, ok := ctx.Get("UserID")
-	if !ok {
-		ctx.Error(e.ErrUnauthorized)
-		ctx.Abort()
-		return
-	}
-
-	userId := uId.(uint)
-
-	err := getCustomers(&customers, userId)
+	err := getCustomers(&customers)
 	if err != nil {
 		ctx.Error(err)
 		ctx.Abort()
@@ -81,7 +55,6 @@ func handleGetCustomers (ctx *gin.Context) {
 	}
 
 	ctx.JSON(http.StatusOK, gin.H{
-		"message": "success",
 		"data": customers,
 	})
 }
@@ -90,26 +63,6 @@ func handleSaveCustomer (ctx *gin.Context) {
 	var customer Customer
 	ctx.Bind(&customer)
 
-	uId, ok := ctx.Get("UserID")
-	if !ok {
-		ctx.Error(e.ErrUnauthorized)
-		ctx.Abort()
-		return
-	}
-
-	userId := uId.(uint)
-	customer.UserID = userId // necessary even when editing, just in case if UserID was ommitted in the request
-
-	if customer.ID != 0 {
-		// if customer is being edited, check ownership
-		err := checkCustomerOwnership(customer.ID, userId)
-	  if err != nil {
-	  	ctx.Error(err)
-	  	ctx.Abort()
-	  	return
-	  }
-  }
-
 	err := customer.upsert()
 	if err != nil {
 		ctx.Error(err)
@@ -118,7 +71,6 @@ func handleSaveCustomer (ctx *gin.Context) {
 	}
 
 	ctx.JSON(http.StatusOK, gin.H{
-		"message": "success",
 		"data": customer,
 	})
 }
@@ -133,23 +85,6 @@ func handleDelCustomer (ctx *gin.Context) {
 	var customer Customer
 	customer.ID = uint(id)
 
-	uId, ok := ctx.Get("UserID")
-	if !ok {
-		ctx.Error(e.ErrUnauthorized)
-		ctx.Abort()
-		return
-	}
-
-	userId := uId.(uint)
-	customer.UserID = userId
-
-	err = checkCustomerOwnership(customer.ID, customer.UserID)
-	if err != nil {
-		ctx.Error(err)
-		ctx.Abort()
-		return
-	}
-
 	err = customer.del()
 	if err != nil {
 		ctx.Error(err)
@@ -157,7 +92,5 @@ func handleDelCustomer (ctx *gin.Context) {
 		return
 	}
 
-	ctx.JSON(http.StatusOK, gin.H{
-		"message": "success",
-	})
+	ctx.JSON(http.StatusOK, nil)
 }
diff --git a/customer/customer.go b/customer/customer.go
index 2303ae8..25c4645 100644
--- a/customer/customer.go
+++ b/customer/customer.go
@@ -21,7 +21,6 @@ import (
 	"gorm.io/gorm"
 	d "vidhukant.com/openbills/db"
   u "vidhukant.com/openbills/util"
-	"vidhukant.com/openbills/user"
 )
 
 var db *gorm.DB
@@ -45,8 +44,6 @@ type CustomerShippingAddress struct {
 
 type Customer struct {
 	gorm.Model
-	UserID            uint      `json:"-"`
-	User              user.User `json:"-"`
 	FirmName          string
 	Gstin             string
 	ContactName       string
diff --git a/customer/service.go b/customer/service.go
index 8cd2bde..a0ed4dc 100644
--- a/customer/service.go
+++ b/customer/service.go
@@ -37,8 +37,8 @@ func getCustomer(customer *Customer, id uint) error {
 	return nil
 }
 
-func getCustomers(customers *[]Customer, userId uint) error {
-	res := db.Where("user_id = ?", userId).Find(&customers)
+func getCustomers(customers *[]Customer) error {
+	res := db.Find(&customers)
 
 	// TODO: handle potential errors
 	if res.Error != nil {
@@ -60,14 +60,13 @@ func (c *Customer) upsert() error {
 }
 
 func (c *Customer) del() error {
-	res := db.Where("id = ? and user_id = ?", c.ID, c.UserID).Delete(c)
+	res := db.Where("id = ?", c.ID).Delete(c)
 
 	// TODO: handle potential errors
 	if res.Error != nil {
 		return res.Error
 	}
 
-	// returns 404 if either row doesn't exist or if the user doesn't own it
 	if res.RowsAffected == 0 {
 		return e.ErrNotFound
 	}
diff --git a/customer/validators.go b/customer/validators.go
index b8c2a14..5693116 100644
--- a/customer/validators.go
+++ b/customer/validators.go
@@ -62,29 +62,3 @@ func (c *Customer) validate() error {
 
 	return nil
 }
-
-func checkCustomerOwnership(customerId, userId uint) error {
-	var customer Customer
-	err := db.
-		Select("id", "user_id").
-		Where("id = ?", customerId).
-		Find(&customer).
-		Error
-
-	// TODO: handle potential errors
-	if err != nil {
-		return err
-  }
-
-	// customer doesn't exist
-	if customer.ID == 0 {
-		return errors.ErrNotFound
-	}
-
-	// user doesn't own this customer
-	if customer.UserID != userId {
-		return errors.ErrForbidden
-	}
-
-	return nil
-}
author	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2025-10-11 20:55:48 +0530
committer	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2025-10-11 20:55:48 +0530
commit	bc154857fb5569d7c1fa9785cc891cb927a6a156 (patch)
tree	590c9f6a00a1b97b2ee45cfa5a767558089affe0 /customer
parent	8a47978ca17d2f251d67d12b0e34fa26bb1e4ace (diff)