aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/invoice/controller.go
diff options
context:
space:
mode:
Diffstat (limited to 'invoice/controller.go')
-rw-r--r--invoice/controller.go229
1 files changed, 22 insertions, 207 deletions
diff --git a/invoice/controller.go b/invoice/controller.go
index ad6df3e..b03ec22 100644
--- a/invoice/controller.go
+++ b/invoice/controller.go
@@ -32,17 +32,7 @@ func handleGetSingleInvoice (ctx *gin.Context) {
return
}
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
var invoice Invoice
-
err = getInvoice(&invoice, uint(id))
if err != nil {
ctx.Error(err)
@@ -50,85 +40,36 @@ func handleGetSingleInvoice (ctx *gin.Context) {
return
}
- if invoice.UserID != userId {
- ctx.Error(e.ErrForbidden)
- ctx.Abort()
- return
- }
-
ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
"data": invoice,
})
}
-func handleGetInvoices (ctx *gin.Context) {
- var invoices []Invoice
-
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
- err := getInvoices(&invoices, userId, false)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
- ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
- "data": invoices,
- })
-}
-
-func handleGetDrafts (ctx *gin.Context) {
- var invoices []Invoice
-
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
+func handleGetInvoices(getDrafts bool) func(*gin.Context) {
+ return func(ctx *gin.Context) {
+ var invoices []Invoice
- userId := uId.(uint)
+ err := getInvoices(&invoices, getDrafts)
+ if err != nil {
+ ctx.Error(err)
+ ctx.Abort()
+ return
+ }
- err := getInvoices(&invoices, userId, true)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
+ ctx.JSON(http.StatusOK, gin.H{
+ "data": invoices,
+ })
}
-
- ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
- "data": invoices,
- })
}
func handleSaveInvoice (ctx *gin.Context) {
var invoice Invoice
ctx.Bind(&invoice)
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
- invoice.UserID = userId
-
// if invoice number is 0, generate one!
+ // (maybe the client didn't give us one)
if invoice.InvoiceNumber == 0 {
- n, err := getNewInvoiceNumber(invoice.UserID)
+ n, err := getNewInvoiceNumber()
if err != nil {
ctx.Error(err)
@@ -147,12 +88,12 @@ func handleSaveInvoice (ctx *gin.Context) {
}
ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
"data": invoice,
})
}
func handleDelInvoice (ctx *gin.Context) {
+ // TODO: only drafts can be deleted, non-drafts should be "cancelled"
id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
if err != nil {
ctx.Error(e.ErrInvalidID)
@@ -163,23 +104,6 @@ func handleDelInvoice (ctx *gin.Context) {
var invoice Invoice
invoice.ID = uint(id)
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
- invoice.UserID = userId
-
- err = checkInvoiceOwnership(invoice.ID, invoice.UserID)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
err = invoice.del()
if err != nil {
ctx.Error(err)
@@ -187,9 +111,7 @@ func handleDelInvoice (ctx *gin.Context) {
return
}
- ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
- })
+ ctx.JSON(http.StatusOK, nil)
}
// get items belonging to a certain invoice
@@ -201,22 +123,6 @@ func handleGetInvoiceItems (ctx *gin.Context) {
return
}
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
- err = checkInvoiceOwnership(uint(id), userId)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
var items []InvoiceItem
err = getInvoiceItems(&items, uint(id))
if err != nil {
@@ -226,12 +132,12 @@ func handleGetInvoiceItems (ctx *gin.Context) {
}
ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
"data": items,
})
}
func addItem (ctx *gin.Context) {
+ // TODO: only drafts can be edited
id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
if err != nil {
ctx.Error(e.ErrInvalidID)
@@ -239,27 +145,11 @@ func addItem (ctx *gin.Context) {
return
}
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
var item InvoiceItem
ctx.Bind(&item)
item.InvoiceID = uint(id)
- err = checkInvoiceOwnership(item.InvoiceID, userId)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
err = item.upsert()
if err != nil {
ctx.Error(err)
@@ -267,13 +157,11 @@ func addItem (ctx *gin.Context) {
return
}
- ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
- "data": item,
- })
+ ctx.JSON(http.StatusOK, nil)
}
func removeItem (ctx *gin.Context) {
+ // TODO: only drafts can be edited
id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
if err != nil {
ctx.Error(e.ErrInvalidID)
@@ -281,27 +169,9 @@ func removeItem (ctx *gin.Context) {
return
}
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
var item InvoiceItem
item.ID = uint(id)
- invoiceId, err := getItemInvoice(item.ID, userId)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
- item.InvoiceID = invoiceId
-
err = item.del()
if err != nil {
ctx.Error(err)
@@ -309,10 +179,7 @@ func removeItem (ctx *gin.Context) {
return
}
- ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
- "data": item,
- })
+ ctx.JSON(http.StatusOK, nil)
}
// get custom fields belonging to a certain invoice
@@ -324,22 +191,6 @@ func handleGetInvoiceCustomFields (ctx *gin.Context) {
return
}
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
- err = checkInvoiceOwnership(uint(id), userId)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
var cf []CustomField
err = getInvoiceCustomFields(&cf, uint(id))
if err != nil {
@@ -349,12 +200,12 @@ func handleGetInvoiceCustomFields (ctx *gin.Context) {
}
ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
"data": cf,
})
}
func addCustomField (ctx *gin.Context) {
+ // TODO: only drafts can be edited
id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
if err != nil {
ctx.Error(e.ErrInvalidID)
@@ -362,27 +213,10 @@ func addCustomField (ctx *gin.Context) {
return
}
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
var cf CustomField
ctx.Bind(&cf)
-
cf.InvoiceID = uint(id)
- err = checkInvoiceOwnership(cf.InvoiceID, userId)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
err = cf.upsert()
if err != nil {
ctx.Error(err)
@@ -391,12 +225,12 @@ func addCustomField (ctx *gin.Context) {
}
ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
"data": cf,
})
}
func removeCustomField (ctx *gin.Context) {
+ // TODO: only drafts can be edited
id, err := strconv.ParseUint(ctx.Param("id"), 10, 64)
if err != nil {
ctx.Error(e.ErrInvalidID)
@@ -404,27 +238,9 @@ func removeCustomField (ctx *gin.Context) {
return
}
- uId, ok := ctx.Get("UserID")
- if !ok {
- ctx.Error(e.ErrUnauthorized)
- ctx.Abort()
- return
- }
-
- userId := uId.(uint)
-
var cf CustomField
cf.ID = uint(id)
- invoiceId, err := getCustomFieldInvoice(cf.ID, userId)
- if err != nil {
- ctx.Error(err)
- ctx.Abort()
- return
- }
-
- cf.InvoiceID = invoiceId
-
err = cf.del()
if err != nil {
ctx.Error(err)
@@ -433,7 +249,6 @@ func removeCustomField (ctx *gin.Context) {
}
ctx.JSON(http.StatusOK, gin.H{
- "message": "success",
"data": cf,
})
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-12 20:36:49 +0000