Improved item deletion rights check

models/error.go

@@ -192,3 +192,18 @@ func (err ErrListItemDoesNotExist) Error() string {
 	return fmt.Sprintf("List item does not exist. [ID: %d]", err.ID)
 }
 
+// ErrNeedToBeItemOwner represents an error, where the user is not the owner of that item (used i.e. when deleting a list)
+type ErrNeedToBeItemOwner struct {
+	ItemID int64
+	UserID int64
+}
+
+// IsErrNeedToBeItemOwner checks if an error is a ErrNeedToBeItemOwner.
+func IsErrNeedToBeItemOwner(err error) bool {
+	_, ok := err.(ErrNeedToBeItemOwner)
+	return ok
+}
+
+func (err ErrNeedToBeItemOwner) Error() string {
+	return fmt.Sprintf("You need to be item owner to do that [ItemID: %d, UserID: %d]", err.ItemID, err.UserID)
+}

models/list_items.go

@@ -89,7 +89,7 @@ func DeleteListItemByID(itemID int64, doer *User) (err error) {
 
 	// Check if the user hat the right to delete that item
 	if listitem.CreatedByID != doer.ID {
-		return
+		return ErrNeedToBeItemOwner{ItemID:itemID, UserID: doer.ID}
 	}
 
 	_, err = x.ID(itemID).Delete(ListItem{})

routes/api/v1/item_delete.go

@@ -28,6 +28,10 @@ func DeleteListItemByIDtemByID(c echo.Context) error {
 			return c.JSON(http.StatusNotFound, models.Message{"List item does not exist."})
 		}
 
+		if models.IsErrNeedToBeItemOwner(err) {
+			return c.JSON(http.StatusForbidden, models.Message{"You need to own the list item in order to be able to delete it."})
+		}
+
 		return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
 	}