diff options
Diffstat (limited to 'customer')
| -rw-r--r-- | customer/controller.go | 71 | ||||
| -rw-r--r-- | customer/customer.go | 3 | ||||
| -rw-r--r-- | customer/service.go | 7 | ||||
| -rw-r--r-- | customer/validators.go | 26 |
4 files changed, 5 insertions, 102 deletions
diff --git a/customer/controller.go b/customer/controller.go index f2704bd..83423da 100644 --- a/customer/controller.go +++ b/customer/controller.go @@ -31,17 +31,7 @@ func handleGetSingleCustomer (ctx *gin.Context) { return } - uId, ok := ctx.Get("UserID") - if !ok { - ctx.Error(e.ErrUnauthorized) - ctx.Abort() - return - } - - userId := uId.(uint) - var customer Customer - err = getCustomer(&customer, uint(id)) if err != nil { ctx.Error(err) @@ -49,14 +39,7 @@ func handleGetSingleCustomer (ctx *gin.Context) { return } - if customer.UserID != userId { - ctx.Error(e.ErrForbidden) - ctx.Abort() - return - } - ctx.JSON(http.StatusOK, gin.H{ - "message": "success", "data": customer, }) } @@ -64,16 +47,7 @@ func handleGetSingleCustomer (ctx *gin.Context) { func handleGetCustomers (ctx *gin.Context) { var customers []Customer - uId, ok := ctx.Get("UserID") - if !ok { - ctx.Error(e.ErrUnauthorized) - ctx.Abort() - return - } - - userId := uId.(uint) - - err := getCustomers(&customers, userId) + err := getCustomers(&customers) if err != nil { ctx.Error(err) ctx.Abort() @@ -81,7 +55,6 @@ func handleGetCustomers (ctx *gin.Context) { } ctx.JSON(http.StatusOK, gin.H{ - "message": "success", "data": customers, }) } @@ -90,26 +63,6 @@ func handleSaveCustomer (ctx *gin.Context) { var customer Customer ctx.Bind(&customer) - uId, ok := ctx.Get("UserID") - if !ok { - ctx.Error(e.ErrUnauthorized) - ctx.Abort() - return - } - - userId := uId.(uint) - customer.UserID = userId // necessary even when editing, just in case if UserID was ommitted in the request - - if customer.ID != 0 { - // if customer is being edited, check ownership - err := checkCustomerOwnership(customer.ID, userId) - if err != nil { - ctx.Error(err) - ctx.Abort() - return - } - } - err := customer.upsert() if err != nil { ctx.Error(err) @@ -118,7 +71,6 @@ func handleSaveCustomer (ctx *gin.Context) { } ctx.JSON(http.StatusOK, gin.H{ - "message": "success", "data": customer, }) } @@ -133,23 +85,6 @@ func handleDelCustomer (ctx *gin.Context) { var customer Customer customer.ID = uint(id) - uId, ok := ctx.Get("UserID") - if !ok { - ctx.Error(e.ErrUnauthorized) - ctx.Abort() - return - } - - userId := uId.(uint) - customer.UserID = userId - - err = checkCustomerOwnership(customer.ID, customer.UserID) - if err != nil { - ctx.Error(err) - ctx.Abort() - return - } - err = customer.del() if err != nil { ctx.Error(err) @@ -157,7 +92,5 @@ func handleDelCustomer (ctx *gin.Context) { return } - ctx.JSON(http.StatusOK, gin.H{ - "message": "success", - }) + ctx.JSON(http.StatusOK, nil) } diff --git a/customer/customer.go b/customer/customer.go index 2303ae8..25c4645 100644 --- a/customer/customer.go +++ b/customer/customer.go @@ -21,7 +21,6 @@ import ( "gorm.io/gorm" d "vidhukant.com/openbills/db" u "vidhukant.com/openbills/util" - "vidhukant.com/openbills/user" ) var db *gorm.DB @@ -45,8 +44,6 @@ type CustomerShippingAddress struct { type Customer struct { gorm.Model - UserID uint `json:"-"` - User user.User `json:"-"` FirmName string Gstin string ContactName string diff --git a/customer/service.go b/customer/service.go index 8cd2bde..a0ed4dc 100644 --- a/customer/service.go +++ b/customer/service.go @@ -37,8 +37,8 @@ func getCustomer(customer *Customer, id uint) error { return nil } -func getCustomers(customers *[]Customer, userId uint) error { - res := db.Where("user_id = ?", userId).Find(&customers) +func getCustomers(customers *[]Customer) error { + res := db.Find(&customers) // TODO: handle potential errors if res.Error != nil { @@ -60,14 +60,13 @@ func (c *Customer) upsert() error { } func (c *Customer) del() error { - res := db.Where("id = ? and user_id = ?", c.ID, c.UserID).Delete(c) + res := db.Where("id = ?", c.ID).Delete(c) // TODO: handle potential errors if res.Error != nil { return res.Error } - // returns 404 if either row doesn't exist or if the user doesn't own it if res.RowsAffected == 0 { return e.ErrNotFound } diff --git a/customer/validators.go b/customer/validators.go index b8c2a14..5693116 100644 --- a/customer/validators.go +++ b/customer/validators.go @@ -62,29 +62,3 @@ func (c *Customer) validate() error { return nil } - -func checkCustomerOwnership(customerId, userId uint) error { - var customer Customer - err := db. - Select("id", "user_id"). - Where("id = ?", customerId). - Find(&customer). - Error - - // TODO: handle potential errors - if err != nil { - return err - } - - // customer doesn't exist - if customer.ID == 0 { - return errors.ErrNotFound - } - - // user doesn't own this customer - if customer.UserID != userId { - return errors.ErrForbidden - } - - return nil -} |