aboutsummaryrefslogtreecommitdiff
path: root/item/validators.go
diff options
context:
space:
mode:
authorVidhu Kant Sharma <vidhukant@vidhukant.com>2023-09-03 20:31:56 +0530
committerVidhu Kant Sharma <vidhukant@vidhukant.com>2023-09-03 20:31:56 +0530
commit076dcc7633fd0537c0255a98a31a59ca6f5d9de4 (patch)
treea18c772e7a2e96959368e39bebe04d9f50168f69 /item/validators.go
parent520ed8f6387e0744a21a52912418e3acb08d18a5 (diff)
user can only access data generated by the same user now
Diffstat (limited to 'item/validators.go')
-rw-r--r--item/validators.go72
1 files changed, 52 insertions, 20 deletions
diff --git a/item/validators.go b/item/validators.go
index 996a5d7..e931843 100644
--- a/item/validators.go
+++ b/item/validators.go
@@ -51,26 +51,6 @@ func (b *Brand) validate() error {
return nil
}
-func checkIfBrandExists(id, userId uint) error {
- // check if brand id is valid and is owned by user
- var count int64
- err := db.Model(&Brand{}).
- Select("id").
- Where("id = ? and user_id = ?", id, userId).
- Count(&count).
- Error
-
- if err != nil {
- return err
- }
-
- if count == 0 {
- return errors.ErrBrandNotFound
- }
-
- return nil
-}
-
func (i *SavedItem) validate() error {
// trim whitespaces
i.Name = strings.TrimSpace(i.Name)
@@ -109,3 +89,55 @@ func (i *SavedItem) validate() error {
return nil
}
+
+func checkBrandOwnership(brandId, userId uint) error {
+ var brand Brand
+ err := db.
+ Select("id", "user_id").
+ Where("id = ?", brandId).
+ Find(&brand).
+ Error
+
+ // TODO: handle potential errors
+ if err != nil {
+ return err
+ }
+
+ // brand doesn't exist
+ if brand.ID == 0 {
+ return errors.ErrBrandNotFound
+ }
+
+ // user doesn't own this brand
+ if brand.UserID != userId {
+ return errors.ErrForbidden
+ }
+
+ return nil
+}
+
+func checkItemOwnership(itemId, userId uint) error {
+ var item SavedItem
+ err := db.
+ Select("id", "user_id").
+ Where("id = ?", itemId).
+ Find(&item).
+ Error
+
+ // TODO: handle potential errors
+ if err != nil {
+ return err
+ }
+
+ // item doesn't exist
+ if item.ID == 0 {
+ return errors.ErrNotFound
+ }
+
+ // user doesn't own this item
+ if item.UserID != userId {
+ return errors.ErrForbidden
+ }
+
+ return nil
+}