feat: only allow deleting threads of current user

This commit is contained in:
overflowerror 2021-08-22 17:34:07 +02:00
parent 20ddede04e
commit 21c9deaa49
3 changed files with 11 additions and 3 deletions

View file

@ -16,6 +16,6 @@ type Logic interface {
AddThread(thread *models.Thread, user *models.User) error
UpdateThread(thread *models.Thread, user *models.User) error
DeleteThread(id uuid.UUID) error
DeleteThread(id uuid.UUID, user *models.User) error
GetThreads(user *models.User) ([]models.Thread, error)
}

View file

@ -46,7 +46,15 @@ func (l *Logic) UpdateThread(thread *models.Thread, user *models.User) error {
return err
}
func (l *Logic) DeleteThread(id uuid.UUID) error {
func (l *Logic) DeleteThread(id uuid.UUID, user *models.User) error {
t, err := l.ctx.Data.GetThread(id, user)
if err != nil {
return ErrNotFound
}
if t.Account.UserID != user.ID {
// invalid user
return ErrNotFound
}
return l.ctx.Data.DeleteThread(id)
}

View file

@ -61,7 +61,7 @@ func DeleteThread(ctx *web.Context) {
return
}
err = ctx.AppCtx.Logic.DeleteThread(id)
err = ctx.AppCtx.Logic.DeleteThread(id, ctx.Session.User)
if err != nil {
ErrorResponse(ctx, err)
return