From 076dcc7633fd0537c0255a98a31a59ca6f5d9de4 Mon Sep 17 00:00:00 2001 From: Vidhu Kant Sharma Date: Sun, 3 Sep 2023 20:31:56 +0530 Subject: user can only access data generated by the same user now --- item/service.go | 27 ++++++++------------------- 1 file changed, 8 insertions(+), 19 deletions(-) (limited to 'item/service.go') diff --git a/item/service.go b/item/service.go index fb03adc..80faff0 100644 --- a/item/service.go +++ b/item/service.go @@ -19,26 +19,15 @@ package item import ( "vidhukant.com/openbills/errors" - e "vidhukant.com/openbills/errors" ) func getBrandItems(items *[]SavedItem, id, userId uint) error { - // check if brand id is valid and is owned by user - var count int64 - err := db.Model(&Brand{}). - Select("id"). - Where("id = ? and user_id = ?", id, userId). - Count(&count). - Error - + err := checkBrandOwnership(id, userId) if err != nil { return err - } - - if count == 0 { - return errors.ErrBrandNotFound } + // get items res := db.Model(&SavedItem{}).Where("brand_id = ?", id).Find(&items) // TODO: handle potential errors @@ -48,7 +37,7 @@ func getBrandItems(items *[]SavedItem, id, userId uint) error { // returns 404 if either row doesn't exist or if the user doesn't own it if res.RowsAffected == 0 { - return e.ErrEmptyResponse + return errors.ErrEmptyResponse } return nil @@ -63,7 +52,7 @@ func getBrands(brands *[]Brand, userId uint) error { } if res.RowsAffected == 0 { - return e.ErrEmptyResponse + return errors.ErrEmptyResponse } return nil @@ -75,8 +64,8 @@ func (b *Brand) upsert() error { return res.Error } -// TODO: delete all items upon brand deletion func (b *Brand) del() error { + // delete brand res := db.Where("id = ? and user_id = ?", b.ID, b.UserID).Delete(b) // TODO: handle potential errors @@ -86,7 +75,7 @@ func (b *Brand) del() error { // returns 404 if either row doesn't exist or if the user doesn't own it if res.RowsAffected == 0 { - return e.ErrNotFound + return errors.ErrNotFound } return nil @@ -101,7 +90,7 @@ func getItems(items *[]SavedItem, userId uint) error { } if res.RowsAffected == 0 { - return e.ErrEmptyResponse + return errors.ErrEmptyResponse } return nil @@ -123,7 +112,7 @@ func (i *SavedItem) del() error { // returns 404 if either row doesn't exist or if the user doesn't own it if res.RowsAffected == 0 { - return e.ErrNotFound + return errors.ErrNotFound } return nil -- cgit v1.2.3