user can only access data generated by the same user now

author: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2023-09-03 20:31:56 +0530
committer: Vidhu Kant Sharma <vidhukant@vidhukant.com> 2023-09-03 20:31:56 +0530
commit: 076dcc7633fd0537c0255a98a31a59ca6f5d9de4 (patch)
tree: a18c772e7a2e96959368e39bebe04d9f50168f69 /item/controller.go
parent: 520ed8f6387e0744a21a52912418e3acb08d18a5 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/item/controller.go b/item/controller.go
index cf9683d..9993688 100644
--- a/item/controller.go
+++ b/item/controller.go
@@ -116,6 +116,7 @@ func handleDelBrand (ctx *gin.Context) {
 	var brand Brand
 	brand.ID = uint(id)
 
+
 	uId, ok := ctx.Get("UserID")
 	if !ok {
 		ctx.Error(e.ErrUnauthorized)
@@ -126,6 +127,13 @@ func handleDelBrand (ctx *gin.Context) {
 	userId := uId.(uint)
 	brand.UserID = userId
 
+	err = checkBrandOwnership(brand.ID, brand.UserID)
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
 	err = brand.del()
 	if err != nil {
 		ctx.Error(err)
@@ -210,6 +218,13 @@ func handleDelItem (ctx *gin.Context) {
 	userId := uId.(uint)
 	item.UserID = userId
 
+	err = checkItemOwnership(item.ID, item.UserID)
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
 	err = item.del()
 	if err != nil {
 		ctx.Error(err)
author	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2023-09-03 20:31:56 +0530
committer	Vidhu Kant Sharma <vidhukant@vidhukant.com>	2023-09-03 20:31:56 +0530
commit	076dcc7633fd0537c0255a98a31a59ca6f5d9de4 (patch)
tree	a18c772e7a2e96959368e39bebe04d9f50168f69 /item/controller.go
parent	520ed8f6387e0744a21a52912418e3acb08d18a5 (diff)