From d55d43bb4ac0b3114c54a4dd5a1e53c76a3df3a2 Mon Sep 17 00:00:00 2001
From: Vidhu Kant Sharma <vidhukant@vidhukant.com>
Date: Fri, 10 Oct 2025 19:27:42 +0530
Subject: properly editing customer details

---
 customer/controller.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'customer/controller.go')

diff --git a/customer/controller.go b/customer/controller.go
index 2bacd02..f2704bd 100644
--- a/customer/controller.go
+++ b/customer/controller.go
@@ -98,7 +98,17 @@ func handleSaveCustomer (ctx *gin.Context) {
 	}
 
 	userId := uId.(uint)
-	customer.UserID = userId
+	customer.UserID = userId // necessary even when editing, just in case if UserID was ommitted in the request
+
+	if customer.ID != 0 {
+		// if customer is being edited, check ownership
+		err := checkCustomerOwnership(customer.ID, userId)
+	  if err != nil {
+	  	ctx.Error(err)
+	  	ctx.Abort()
+	  	return
+	  }
+  }
 
 	err := customer.upsert()
 	if err != nil {
-- 
cgit v1.2.3