Fixed CanDelete
This commit is contained in:
parent
b24b245f4d
commit
55c02bc973
4 changed files with 10 additions and 6 deletions
|
@ -1,9 +1,12 @@
|
|||
package models
|
||||
|
||||
// CanDelete checks if the user can delete an item
|
||||
func (i *ListItem) CanDelete(doer *User) bool {
|
||||
func (i *ListItem) CanDelete(doer *User, id int64) bool {
|
||||
// Get the item
|
||||
lI, _ := GetListItemByID(id)
|
||||
|
||||
// A user can delete an item if he has write acces to its list
|
||||
list, _ := GetListByID(i.ListID)
|
||||
list, _ := GetListByID(lI.ListID)
|
||||
return list.CanWrite(doer)
|
||||
}
|
||||
|
||||
|
|
|
@ -81,8 +81,9 @@ func (l *List) CanRead(user *User) bool {
|
|||
}
|
||||
|
||||
// CanDelete checks if the user can delete a list
|
||||
func (l *List) CanDelete(doer *User) bool {
|
||||
return l.IsAdmin(doer)
|
||||
func (l *List) CanDelete(doer *User, id int64) bool {
|
||||
list, _ := GetListByID(id)
|
||||
return list.IsAdmin(doer)
|
||||
}
|
||||
|
||||
// CanUpdate checks if the user can update a list
|
||||
|
|
|
@ -5,7 +5,7 @@ type Rights interface {
|
|||
IsAdmin(*User) bool
|
||||
CanWrite(*User) bool
|
||||
CanRead(*User) bool
|
||||
CanDelete(*User) bool
|
||||
CanDelete(*User, int64) bool
|
||||
CanUpdate(*User, int64) bool
|
||||
CanCreate(*User, int64) bool
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
|
|||
if err != nil {
|
||||
return echo.NewHTTPError(http.StatusInternalServerError)
|
||||
}
|
||||
if !c.CObject.CanDelete(&user) {
|
||||
if !c.CObject.CanDelete(&user, id) {
|
||||
return echo.NewHTTPError(http.StatusForbidden)
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue