diff --git a/models/list_items.go b/models/list_items.go index 6edab85aef..e98f9e8b9a 100644 --- a/models/list_items.go +++ b/models/list_items.go @@ -92,21 +92,3 @@ func GetListItemByID(listItemID int64) (listItem ListItem, err error) { return } - -// DeleteListItemByID deletes a list item by its ID -func DeleteListItemByID(itemID int64, doer *User) (err error) { - - // Check if it exists - listitem, err := GetListItemByID(itemID) - if err != nil { - return - } - - // Check if the user hat the right to delete that item - if listitem.CreatedByID != doer.ID { - return ErrNeedToBeItemOwner{ItemID: itemID, UserID: doer.ID} - } - - _, err = x.ID(itemID).Delete(ListItem{}) - return -} diff --git a/models/list_items_create_update.go b/models/list_items_create_update.go index 07a0e97242..fb3f0e0368 100644 --- a/models/list_items_create_update.go +++ b/models/list_items_create_update.go @@ -23,22 +23,13 @@ func (i *ListItem) Update(ID int64, doer *User) (err error) { // Helper function for creation or updating of new lists as both methods share most of their logic func createOrUpdateListItem(i *ListItem, doer *User, lID int64) (err error) { + // Check rights - user, _, err := GetUserByID(doer.ID) + user, err := listItemPreCheck(i, doer, lID) if err != nil { return } - // Get the list to check if the user has the right to write to that list - list, err := GetListByID(lID) // TODO: Get the list with one query by item ID - if err != nil { - return - } - - if !list.CanWrite(&user) { - return ErrNeedToBeListWriter{ListID: i.ListID, UserID: user.ID} - } - // Check if we have at least a text if i.Text == "" { return ErrListItemCannotBeEmpty{} @@ -55,3 +46,25 @@ func createOrUpdateListItem(i *ListItem, doer *User, lID int64) (err error) { return } + +// This helper function checks if the user has the right to edit a list item. +// It is used in Create/Update/Delete. +func listItemPreCheck(i *ListItem, doer *User, lID int64) (user User, err error) { + // Check rights + user, _, err = GetUserByID(doer.ID) + if err != nil { + return + } + + // Get the list to check if the user has the right to write to that list + list, err := GetListByID(lID) // TODO: Get the list with one query by item ID + if err != nil { + return + } + + if !list.CanWrite(&user) { + return user, ErrNeedToBeListWriter{ListID: i.ListID, UserID: user.ID} + } + + return +} diff --git a/models/list_items_delete.go b/models/list_items_delete.go new file mode 100644 index 0000000000..67afda6821 --- /dev/null +++ b/models/list_items_delete.go @@ -0,0 +1,20 @@ +package models + +// Delete implements the delete method for listItem +func (i *ListItem) Delete(id int64, doer *User) (err error) { + + // Check if it exists + listitem, err := GetListItemByID(id) + if err != nil { + return + } + + // Check if the user hat the right to delete that item + _, err = listItemPreCheck(i, doer, listitem.ListID) + if err != nil { + return + } + + _, err = x.ID(id).Delete(ListItem{}) + return +} diff --git a/routes/api/v1/item_delete.go b/routes/api/v1/item_delete.go index ce8ca23e43..a6349dcea9 100644 --- a/routes/api/v1/item_delete.go +++ b/routes/api/v1/item_delete.go @@ -1,10 +1,8 @@ package v1 import ( - "git.kolaente.de/konrad/list/models" "github.com/labstack/echo" "net/http" - "strconv" ) // DeleteListItemByIDtemByID is the web handler to delete a list item @@ -34,32 +32,5 @@ func DeleteListItemByIDtemByID(c echo.Context) error { // "500": // "$ref": "#/responses/Message" - // Check if we have our ID - id := c.Param("id") - // Make int - itemID, err := strconv.ParseInt(id, 10, 64) - if err != nil { - return c.JSON(http.StatusBadRequest, models.Message{"Invalid ID."}) - } - - // Check if the user has the right to delete that list item - user, err := models.GetCurrentUser(c) - if err != nil { - return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."}) - } - - err = models.DeleteListItemByID(itemID, &user) - if err != nil { - if models.IsErrListItemDoesNotExist(err) { - return c.JSON(http.StatusNotFound, models.Message{"List item does not exist."}) - } - - if models.IsErrNeedToBeItemOwner(err) { - return c.JSON(http.StatusForbidden, models.Message{"You need to own the list item in order to be able to delete it."}) - } - - return c.JSON(http.StatusInternalServerError, models.Message{"An error occured."}) - } - - return c.JSON(http.StatusOK, models.Message{"The item was deleted with success."}) + return echo.NewHTTPError(http.StatusNotImplemented) } diff --git a/routes/routes.go b/routes/routes.go index 5d623205e3..6f37d308e0 100644 --- a/routes/routes.go +++ b/routes/routes.go @@ -100,8 +100,8 @@ func RegisterRoutes(e *echo.Echo) { CObject: &models.ListItem{}, } a.PUT("/lists/:id", itemHandler.CreateWeb) - a.DELETE("/item/:id", apiv1.DeleteListItemByIDtemByID) - a.POST("/item/:id", itemHandler.UpdateWeb) + a.DELETE("/items/:id", itemHandler.DeleteWeb) + a.POST("/items/:id", itemHandler.UpdateWeb) a.GET("/namespaces", apiv1.GetAllNamespacesByCurrentUser) a.PUT("/namespaces", apiv1.AddNamespace)