local-it/vikunja-api
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Added check to only let a user delete his own list

Browse source
This commit is contained in:
konrad 2018-06-12 18:35:36 +02:00 committed by kolaente
parent 5ba9d76328
commit be18247682
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
5 changed files with 56 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Featurecreep.md
View file

@ -40,6 +40,8 @@ Ab v0.3 können wir mit clients anfangen.
* [ ] Bearbeiten (abhaken) * [ ] Bearbeiten (abhaken)
* [x] Löschen * [x] Löschen
* [ ] Überall nochmal überprüfen dass der Nutzer auch das Recht hat die Liste zu löschen
* [ ] Swaggerdocs !!!! * [ ] Swaggerdocs !!!!
#### v0.2 #### v0.2

16
models/error.go
View file

@ -155,3 +155,19 @@ func IsErrListItemCannotBeEmpty(err error) bool {
func (err ErrListItemCannotBeEmpty) Error() string { func (err ErrListItemCannotBeEmpty) Error() string {
return fmt.Sprintf("List item text cannot be empty.") return fmt.Sprintf("List item text cannot be empty.")
} }
// ErrListItemCannotBeEmpty represents a "ErrListDoesNotExist" kind of error. Used if the list does not exist.
type ErrListItemDoesNotExist struct{
ID int64
}
// IsErrListItemCannotBeEmpty checks if an error is a ErrListDoesNotExist.
func IsErrListItemDoesNotExist(err error) bool {
_, ok := err.(ErrListItemDoesNotExist)
return ok
}
func (err ErrListItemDoesNotExist) Error() string {
return fmt.Sprintf("List item does not exist. [ID: %d]", err.ID)
}

30
models/list_items.go
View file

@ -65,9 +65,33 @@ func GetItemsByListID(listID int64) (items []*ListItem, err error) {
return return
} }
// DeleteListItemByID deletes a list item by its ID func GetListItemByID(listItemID int64) (listItem ListItem, err error) {
func DeleteListItemByIDtemByID(itemID int64) (err error) { exists, err := x.ID(listItemID).Get(&listItem)
_, err = x.ID(itemID).Delete(ListItem{}) if err != nil {
return ListItem{}, err
}
if !exists {
return ListItem{}, ErrListItemDoesNotExist{listItemID}
}
return return
} }
// DeleteListItemByID deletes a list item by its ID
func DeleteListItemByID(itemID int64, doer *User) (err error) {
// Check if it exists
listitem, err := GetListItemByID(itemID)
if err != nil {
return
}
// Check if the user hat the right to delete that item
if listitem.CreatedByID != doer.ID {
return
}
_, err = x.ID(itemID).Delete(ListItem{})
return
}

12
routes/api/v1/item_delete.go
View file

@ -16,10 +16,20 @@ func DeleteListItemByIDtemByID(c echo.Context) error {
return c.JSON(http.StatusBadRequest, models.Message{"Invalid ID."}) return c.JSON(http.StatusBadRequest, models.Message{"Invalid ID."})
} }
err = models.DeleteListItemByIDtemByID(itemID) // Check if the user has the right to delete that list
user, err := models.GetCurrentUser(c)
if err != nil { if err != nil {
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."}) return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
} }
err = models.DeleteListItemByID(itemID, &user)
if err != nil {
if models.IsErrListItemDoesNotExist(err) {
return c.JSON(http.StatusNotFound, models.Message{"List item does not exist."})
}
return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."})
}
return c.JSON(http.StatusOK, models.Message{"The item was deleted with success."}) return c.JSON(http.StatusOK, models.Message{"The item was deleted with success."})
} }

5
routes/api/v1/lists_list.go
View file

@ -16,11 +16,6 @@ func GetListsByUser(c echo.Context) error {
allLists, err := models.GetListsByUser(&currentUser) allLists, err := models.GetListsByUser(&currentUser)
if err != nil { if err != nil {
if models.IsErrListDoesNotExist(err) {
}
return c.JSON(http.StatusInternalServerError, models.Message{"Could not get lists."}) return c.JSON(http.StatusInternalServerError, models.Message{"Could not get lists."})
} }