From 48845b9e703756471a98f8b1f1edaa2313763df4 Mon Sep 17 00:00:00 2001 From: Vidhu Kant Sharma Date: Mon, 9 Oct 2023 22:11:16 +0530 Subject: checking user while adding and removing invoice items --- invoice/controller.go | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) (limited to 'invoice/controller.go') diff --git a/invoice/controller.go b/invoice/controller.go index 354ae21..02bbaf5 100644 --- a/invoice/controller.go +++ b/invoice/controller.go @@ -28,6 +28,7 @@ func handleGetSingleInvoice (ctx *gin.Context) { id, err := strconv.ParseUint(ctx.Param("id"), 10, 64) if err != nil { ctx.Error(e.ErrInvalidID) + ctx.Abort() return } @@ -117,6 +118,7 @@ func handleDelInvoice (ctx *gin.Context) { id, err := strconv.ParseUint(ctx.Param("id"), 10, 64) if err != nil { ctx.Error(e.ErrInvalidID) + ctx.Abort() return } @@ -156,14 +158,31 @@ func addItem (ctx *gin.Context) { id, err := strconv.ParseUint(ctx.Param("id"), 10, 64) if err != nil { ctx.Error(e.ErrInvalidID) + ctx.Abort() + return + } + + uId, ok := ctx.Get("UserID") + if !ok { + ctx.Error(e.ErrUnauthorized) + ctx.Abort() return } + userId := uId.(uint) + var item InvoiceItem ctx.Bind(&item) item.InvoiceID = uint(id) + err = checkInvoiceOwnership(item.InvoiceID, userId) + if err != nil { + ctx.Error(err) + ctx.Abort() + return + } + err = item.upsert() if err != nil { ctx.Error(err) @@ -176,3 +195,45 @@ func addItem (ctx *gin.Context) { "data": item, }) } + +func removeItem (ctx *gin.Context) { + id, err := strconv.ParseUint(ctx.Param("id"), 10, 64) + if err != nil { + ctx.Error(e.ErrInvalidID) + ctx.Abort() + return + } + + uId, ok := ctx.Get("UserID") + if !ok { + ctx.Error(e.ErrUnauthorized) + ctx.Abort() + return + } + + userId := uId.(uint) + + var item InvoiceItem + item.ID = uint(id) + + invoiceId, err := getItemInvoice(item.ID, userId) + if err != nil { + ctx.Error(err) + ctx.Abort() + return + } + + item.InvoiceID = invoiceId + + err = item.del() + if err != nil { + ctx.Error(err) + ctx.Abort() + return + } + + ctx.JSON(http.StatusOK, gin.H{ + "message": "success", + "data": item, + }) +} -- cgit v1.2.3