Implemented CanDelete method for lists and listitems
This commit is contained in:
konrad
kolaente
parent
217208274e
commit
4e503072a8
6 changed files with 18 additions and 18 deletions
|
|
@ -3,21 +3,11 @@ package models
|
|||
// Delete implements the delete method of CRUDable
|
||||
func (l *List) Delete(id int64, doer *User) (err error) {
|
||||
// Check if the list exists
|
||||
list, err := GetListByID(id)
|
||||
_, err = GetListByID(id)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Check rights
|
||||
user, _, err := GetUserByID(doer.ID)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if !list.IsAdmin(&user) {
|
||||
return ErrNeedToBeListAdmin{ListID: id, UserID: user.ID}
|
||||
}
|
||||
|
||||
// Delete the list
|
||||
_, err = x.ID(id).Delete(&List{})
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -92,3 +92,10 @@ func GetListItemByID(listItemID int64) (listItem ListItem, err error) {
|
|||
|
||||
return
|
||||
}
|
||||
|
||||
// CanDelete checks if the user can delete an item
|
||||
func (i *ListItem) CanDelete(doer *User) (bool) {
|
||||
// A user can delete an item if he has write acces to its list
|
||||
list, _ := GetListByID(i.ListID)
|
||||
return list.CanWrite(doer)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,13 +4,7 @@ package models
|
|||
func (i *ListItem) Delete(id int64, doer *User) (err error) {
|
||||
|
||||
// Check if it exists
|
||||
listitem, err := GetListItemByID(id)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// Check if the user hat the right to delete that item
|
||||
_, err = listItemPreCheck(i, doer, listitem.ListID)
|
||||
_, err = GetListItemByID(id)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -79,3 +79,8 @@ func (l *List) CanRead(user *User) bool {
|
|||
|
||||
return false
|
||||
}
|
||||
|
||||
// CanDelete checks if the user can delete a list
|
||||
func (l *List) CanDelete(doer *User) (bool) {
|
||||
return l.IsAdmin(doer)
|
||||
}
|
||||
|
|
@ -5,4 +5,5 @@ type Rights interface {
|
|||
IsAdmin(*User) bool
|
||||
CanWrite(*User) bool
|
||||
CanRead(*User) bool
|
||||
CanDelete(*User) bool
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,9 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
|
|||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError)
|
||||
}
|
||||
if !c.CObject.CanDelete(&user) {
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
||||
err = c.CObject.Delete(id, &user)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in a new issue