Added check to only let a user delete his own list

2018-06-12 18:35:36 +02:00
parent 5ba9d76328
commit be18247682
5 changed files with 56 additions and 9 deletions
--- a/routes/api/v1/item_delete.go
+++ b/routes/api/v1/item_delete.go
@ -16,10 +16,20 @@ func DeleteListItemByIDtemByID(c echo.Context) error {
 		return c.JSON(http.StatusBadRequest, models.Message{"Invalid ID."})
 	}

-	err = models.DeleteListItemByIDtemByID(itemID)
+	// Check if the user has the right to delete that list
+	user, err := models.GetCurrentUser(c)
 	if err != nil {
 		return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
 	}

+	err = models.DeleteListItemByID(itemID, &user)
+	if err != nil {
+		if models.IsErrListItemDoesNotExist(err) {
+			return c.JSON(http.StatusNotFound, models.Message{"List item does not exist."})
+		}
+
+		return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
+	}
+
 	return c.JSON(http.StatusOK, models.Message{"The item was deleted with success."})
 }
--- a/routes/api/v1/lists_list.go
+++ b/routes/api/v1/lists_list.go
@ -16,11 +16,6 @@ func GetListsByUser(c echo.Context) error {

 	allLists, err := models.GetListsByUser(&currentUser)
 	if err != nil {
-
-		if models.IsErrListDoesNotExist(err) {
-
-		}
-
 		return c.JSON(http.StatusInternalServerError, models.Message{"Could not get lists."})
 	}