Added check to only let a user delete his own list
This commit is contained in:
konrad
@ -16,7 +16,7 @@ func DeleteListItemByIDtemByID(c echo.Context) error {
|
||||
return c.JSON(http.StatusBadRequest, models.Message{"Invalid ID."})
|
||||
}
|
||||
|
||||
// Check if the user has the right to delete that list
|
||||
// Check if the user has the right to delete that list item
|
||||
user, err := models.GetCurrentUser(c)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
|
||||
|
||||
@ -16,10 +16,24 @@ func DeleteListByID(c echo.Context) error {
|
||||
return c.JSON(http.StatusBadRequest, models.Message{"Invalid ID."})
|
||||
}
|
||||
|
||||
err = models.DeleteListByID(itemID)
|
||||
// Check if the user has the right to delete that list
|
||||
user, err := models.GetCurrentUser(c)
|
||||
if err != nil {
|
||||
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
|
||||
}
|
||||
|
||||
err = models.DeleteListByID(itemID, &user)
|
||||
if err != nil {
|
||||
if models.IsErrNeedToBeListOwner(err) {
|
||||
return c.JSON(http.StatusForbidden, models.Message{"You need to be the list owner to delete a list."})
|
||||
}
|
||||
|
||||
if models.IsErrListDoesNotExist(err) {
|
||||
return c.JSON(http.StatusNotFound, models.Message{"This list does not exist."})
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
|
||||
}
|
||||
|
||||
return c.JSON(http.StatusOK, models.Message{"The list was deleted with success."})
|
||||
}
|
||||
Reference in New Issue
Block a user