diff --git a/models/error.go b/models/error.go index 2cd00232..b14655bb 100644 --- a/models/error.go +++ b/models/error.go @@ -192,3 +192,18 @@ func (err ErrListItemDoesNotExist) Error() string { return fmt.Sprintf("List item does not exist. [ID: %d]", err.ID) } +// ErrNeedToBeItemOwner represents an error, where the user is not the owner of that item (used i.e. when deleting a list) +type ErrNeedToBeItemOwner struct { + ItemID int64 + UserID int64 +} + +// IsErrNeedToBeItemOwner checks if an error is a ErrNeedToBeItemOwner. +func IsErrNeedToBeItemOwner(err error) bool { + _, ok := err.(ErrNeedToBeItemOwner) + return ok +} + +func (err ErrNeedToBeItemOwner) Error() string { + return fmt.Sprintf("You need to be item owner to do that [ItemID: %d, UserID: %d]", err.ItemID, err.UserID) +} \ No newline at end of file diff --git a/models/list_items.go b/models/list_items.go index 9445598a..ff34d3ba 100644 --- a/models/list_items.go +++ b/models/list_items.go @@ -89,7 +89,7 @@ func DeleteListItemByID(itemID int64, doer *User) (err error) { // Check if the user hat the right to delete that item if listitem.CreatedByID != doer.ID { - return + return ErrNeedToBeItemOwner{ItemID:itemID, UserID: doer.ID} } _, err = x.ID(itemID).Delete(ListItem{}) diff --git a/routes/api/v1/item_delete.go b/routes/api/v1/item_delete.go index 2aa8ee73..384c3892 100644 --- a/routes/api/v1/item_delete.go +++ b/routes/api/v1/item_delete.go @@ -28,6 +28,10 @@ func DeleteListItemByIDtemByID(c echo.Context) error { return c.JSON(http.StatusNotFound, models.Message{"List item does not exist."}) } + if models.IsErrNeedToBeItemOwner(err) { + return c.JSON(http.StatusForbidden, models.Message{"You need to own the list item in order to be able to delete it."}) + } + return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."}) }