aboutsummaryrefslogtreecommitdiff
path: root/item/controller.go
diff options
context:
space:
mode:
authorVidhu Kant Sharma <vidhukant@vidhukant.com>2023-09-03 20:31:56 +0530
committerVidhu Kant Sharma <vidhukant@vidhukant.com>2023-09-03 20:31:56 +0530
commit076dcc7633fd0537c0255a98a31a59ca6f5d9de4 (patch)
treea18c772e7a2e96959368e39bebe04d9f50168f69 /item/controller.go
parent520ed8f6387e0744a21a52912418e3acb08d18a5 (diff)
user can only access data generated by the same user now
Diffstat (limited to 'item/controller.go')
-rw-r--r--item/controller.go15
1 files changed, 15 insertions, 0 deletions
diff --git a/item/controller.go b/item/controller.go
index cf9683d..9993688 100644
--- a/item/controller.go
+++ b/item/controller.go
@@ -116,6 +116,7 @@ func handleDelBrand (ctx *gin.Context) {
var brand Brand
brand.ID = uint(id)
+
uId, ok := ctx.Get("UserID")
if !ok {
ctx.Error(e.ErrUnauthorized)
@@ -126,6 +127,13 @@ func handleDelBrand (ctx *gin.Context) {
userId := uId.(uint)
brand.UserID = userId
+ err = checkBrandOwnership(brand.ID, brand.UserID)
+ if err != nil {
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
+
err = brand.del()
if err != nil {
ctx.Error(err)
@@ -210,6 +218,13 @@ func handleDelItem (ctx *gin.Context) {
userId := uId.(uint)
item.UserID = userId
+ err = checkItemOwnership(item.ID, item.UserID)
+ if err != nil {
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
+
err = item.del()
if err != nil {
ctx.Error(err)