From 076dcc7633fd0537c0255a98a31a59ca6f5d9de4 Mon Sep 17 00:00:00 2001
From: Vidhu Kant Sharma <vidhukant@vidhukant.com>
Date: Sun, 3 Sep 2023 20:31:56 +0530
Subject: user can only access data generated by the same user now

---
 item/hooks.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'item/hooks.go')

diff --git a/item/hooks.go b/item/hooks.go
index 558a8cb..5a27114 100644
--- a/item/hooks.go
+++ b/item/hooks.go
@@ -25,7 +25,8 @@ import (
 func (i *SavedItem) BeforeSave(tx *gorm.DB) error {
 	var err error
 
-	err = checkIfBrandExists(i.BrandID, i.UserID)
+	// also checks if brand actually exists
+	err = checkBrandOwnership(i.BrandID, i.UserID)
 	if err != nil {
 		return err
 	}
@@ -53,5 +54,8 @@ func (b *Brand) BeforeDelete(tx *gorm.DB) error {
 		return errors.ErrNoWhereCondition
 	}
 
+	// delete all items
+	db.Where("brand_id = ? and user_id = ?", b.ID, b.UserID).Delete(&SavedItem{})
+
 	return nil
 }
-- 
cgit v1.2.3