Fixed CanDelete

This commit is contained in:
konrad 2018-07-12 23:33:21 +02:00 committed by kolaente
parent b24b245f4d
commit 55c02bc973
Signed by untrusted user: konrad
GPG Key ID: F40E70337AB24C9B
4 changed files with 10 additions and 6 deletions

View File

@ -1,9 +1,12 @@
package models package models
// CanDelete checks if the user can delete an item // CanDelete checks if the user can delete an item
func (i *ListItem) CanDelete(doer *User) bool { func (i *ListItem) CanDelete(doer *User, id int64) bool {
// Get the item
lI, _ := GetListItemByID(id)
// A user can delete an item if he has write acces to its list // A user can delete an item if he has write acces to its list
list, _ := GetListByID(i.ListID) list, _ := GetListByID(lI.ListID)
return list.CanWrite(doer) return list.CanWrite(doer)
} }

View File

@ -81,8 +81,9 @@ func (l *List) CanRead(user *User) bool {
} }
// CanDelete checks if the user can delete a list // CanDelete checks if the user can delete a list
func (l *List) CanDelete(doer *User) bool { func (l *List) CanDelete(doer *User, id int64) bool {
return l.IsAdmin(doer) list, _ := GetListByID(id)
return list.IsAdmin(doer)
} }
// CanUpdate checks if the user can update a list // CanUpdate checks if the user can update a list

View File

@ -5,7 +5,7 @@ type Rights interface {
IsAdmin(*User) bool IsAdmin(*User) bool
CanWrite(*User) bool CanWrite(*User) bool
CanRead(*User) bool CanRead(*User) bool
CanDelete(*User) bool CanDelete(*User, int64) bool
CanUpdate(*User, int64) bool CanUpdate(*User, int64) bool
CanCreate(*User, int64) bool CanCreate(*User, int64) bool
} }

View File

@ -19,7 +19,7 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
if err != nil { if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError) return echo.NewHTTPError(http.StatusInternalServerError)
} }
if !c.CObject.CanDelete(&user) { if !c.CObject.CanDelete(&user, id) {
return echo.NewHTTPError(http.StatusForbidden) return echo.NewHTTPError(http.StatusForbidden)
} }