checking user while adding and removing invoice items

1 files changed, 61 insertions, 0 deletions

diff --git a/invoice/controller.go b/invoice/controller.go
index 354ae21..02bbaf5 100644
--- a/invoice/controller.go
+++ b/invoice/controller.go
@@ -28,6 +28,7 @@ func handleGetSingleInvoice (ctx *gin.Context) {
 	id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
 	if err != nil {
 		ctx.Error(e.ErrInvalidID)
+		ctx.Abort()
 		return
 	}
 
@@ -117,6 +118,7 @@ func handleDelInvoice (ctx *gin.Context) {
 	id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
 	if err != nil {
 		ctx.Error(e.ErrInvalidID)
+		ctx.Abort()
 		return
 	}
 
@@ -156,14 +158,31 @@ func addItem (ctx *gin.Context) {
 	id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
 	if err != nil {
 		ctx.Error(e.ErrInvalidID)
+		ctx.Abort()
+		return
+	}
+
+	uId, ok := ctx.Get("UserID")
+	if !ok {
+		ctx.Error(e.ErrUnauthorized)
+		ctx.Abort()
 		return
 	}
 
+	userId := uId.(uint)
+
 	var item InvoiceItem
 	ctx.Bind(&item)
 
 	item.InvoiceID = uint(id)
 
+	err = checkInvoiceOwnership(item.InvoiceID, userId)
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
 	err = item.upsert()
 	if err != nil {
 		ctx.Error(err)
@@ -176,3 +195,45 @@ func addItem (ctx *gin.Context) {
 		"data": item,
 	})
 }
+
+func removeItem (ctx *gin.Context) {
+	id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
+	if err != nil {
+		ctx.Error(e.ErrInvalidID)
+		ctx.Abort()
+		return
+	}
+
+	uId, ok := ctx.Get("UserID")
+	if !ok {
+		ctx.Error(e.ErrUnauthorized)
+		ctx.Abort()
+		return
+	}
+
+	userId := uId.(uint)
+
+	var item InvoiceItem
+	item.ID = uint(id)
+
+	invoiceId, err := getItemInvoice(item.ID, userId)
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
+	item.InvoiceID = invoiceId
+
+	err = item.del()
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
+	ctx.JSON(http.StatusOK, gin.H{
+		"message": "success",
+		"data": item,
+	})
+}