From 076dcc7633fd0537c0255a98a31a59ca6f5d9de4 Mon Sep 17 00:00:00 2001
From: Vidhu Kant Sharma <vidhukant@vidhukant.com>
Date: Sun, 3 Sep 2023 20:31:56 +0530
Subject: user can only access data generated by the same user now

---
 item/controller.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'item/controller.go')

diff --git a/item/controller.go b/item/controller.go
index cf9683d..9993688 100644
--- a/item/controller.go
+++ b/item/controller.go
@@ -116,6 +116,7 @@ func handleDelBrand (ctx *gin.Context) {
 	var brand Brand
 	brand.ID = uint(id)
 
+
 	uId, ok := ctx.Get("UserID")
 	if !ok {
 		ctx.Error(e.ErrUnauthorized)
@@ -126,6 +127,13 @@ func handleDelBrand (ctx *gin.Context) {
 	userId := uId.(uint)
 	brand.UserID = userId
 
+	err = checkBrandOwnership(brand.ID, brand.UserID)
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
 	err = brand.del()
 	if err != nil {
 		ctx.Error(err)
@@ -210,6 +218,13 @@ func handleDelItem (ctx *gin.Context) {
 	userId := uId.(uint)
 	item.UserID = userId
 
+	err = checkItemOwnership(item.ID, item.UserID)
+	if err != nil {
+		ctx.Error(err)
+		ctx.Abort()
+		return
+	}
+
 	err = item.del()
 	if err != nil {
 		ctx.Error(err)
-- 
cgit v1.2.3