diff options
Diffstat (limited to 'customer/controller.go')
| -rw-r--r-- | customer/controller.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/customer/controller.go b/customer/controller.go index 2bacd02..f2704bd 100644 --- a/customer/controller.go +++ b/customer/controller.go @@ -98,7 +98,17 @@ func handleSaveCustomer (ctx *gin.Context) { } userId := uId.(uint) - customer.UserID = userId + customer.UserID = userId // necessary even when editing, just in case if UserID was ommitted in the request + + if customer.ID != 0 { + // if customer is being edited, check ownership + err := checkCustomerOwnership(customer.ID, userId) + if err != nil { + ctx.Error(err) + ctx.Abort() + return + } + } err := customer.upsert() if err != nil { |