diff --git a/src/myaktion/handler/campaign.go b/src/myaktion/handler/campaign.go
index 5039f0d4fb87de895e906f262c0396f3ebc67867..d73ab98fec9241f37da50375e0685c43f2873e18 100644
--- a/src/myaktion/handler/campaign.go
+++ b/src/myaktion/handler/campaign.go
@@ -43,7 +43,7 @@ func GetCampaign(w http.ResponseWriter, r *http.Request) {
http.Error(w, "Invalid campaign ID", http.StatusBadRequest)
return
}
- campaign, err := service.GetCampaignByID(id)
+ campaign, err := service.GetCampaignByID(id, getOrganizerName(r))
if err != nil {
log.Errorf("Error retrieving campaign with ID %d: %v", id, err)
http.Error(w, "Campaign not found", http.StatusNotFound)
@@ -66,7 +66,9 @@ func UpdateCampaign(w http.ResponseWriter, r *http.Request) {
return
}
campaign.ID = id
- if err := service.UpdateCampaign(campaign); err != nil {
+ //log.Errorf("Organizer name req body: %s AND in toke: %s", campaign.OrganizerName, getOrganizerName(r))
+ // FRAGE: Soll ein PUT req durchgehen wenn organizerName in req body nicht übereinstimmt mit dem aus dem Token?
+ if err := service.UpdateCampaign(campaign, getOrganizerName(r)); err != nil {
log.Errorf("Error updating campaign with ID %d: %v", id, err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -87,8 +89,7 @@ func PatchCampaign(w http.ResponseWriter, r *http.Request) {
http.Error(w, "Invalid campaign ID", http.StatusBadRequest)
return
}
-
- if err := service.PatchCampaign(id, campaign); err != nil {
+ if err := service.PatchCampaign(id, campaign, getOrganizerName(r)); err != nil {
log.Errorf("Error patching campaign with ID %d: %v", id, err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
@@ -103,7 +104,7 @@ func DeleteCampaign(w http.ResponseWriter, r *http.Request) {
http.Error(w, "Invalid campaign ID", http.StatusBadRequest)
return
}
- if err := service.DeleteCampaign(id); err != nil {
+ if err := service.DeleteCampaign(id, getOrganizerName(r)); err != nil {
log.Errorf("Error deleting campaign with ID %d: %v", id, err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
diff --git a/src/myaktion/main.go b/src/myaktion/main.go
index 1867d14da5e3149709ac5f433182eef8d721940f..b72036f73c369421c3ea3ac3104fde1c21682b8b 100644
--- a/src/myaktion/main.go
+++ b/src/myaktion/main.go
@@ -84,10 +84,10 @@ func main() {
router.HandleFunc("/health", handler.Health).Methods("GET")
router.HandleFunc("/campaigns", authMW(handler.CreateCampaign)).Methods("POST")
router.HandleFunc("/campaigns", authMW(handler.GetCampaigns)).Methods("GET")
- router.HandleFunc("/campaigns/{id}", handler.GetCampaign).Methods("GET")
- router.HandleFunc("/campaigns/{id}", handler.UpdateCampaign).Methods("PUT")
- router.HandleFunc("/campaigns/{id}", handler.PatchCampaign).Methods("PATCH")
- router.HandleFunc("/campaigns/{id}", handler.DeleteCampaign).Methods("DELETE")
+ router.HandleFunc("/campaigns/{id}", authMW(handler.GetCampaign)).Methods("GET")
+ router.HandleFunc("/campaigns/{id}", authMW(handler.UpdateCampaign)).Methods("PUT")
+ router.HandleFunc("/campaigns/{id}", authMW(handler.PatchCampaign)).Methods("PATCH")
+ router.HandleFunc("/campaigns/{id}", authMW(handler.DeleteCampaign)).Methods("DELETE")
router.HandleFunc("/campaigns/{id}/donations", handler.AddDonation).Methods("POST")
if err := http.ListenAndServe(":8000", router); err != nil {
log.Fatal(err)
diff --git a/src/myaktion/service/campaign.go b/src/myaktion/service/campaign.go
index 3b2632a3853876bc8a08a9f05b11b4036335eda9..2bd8a352ef40039df4403780510fb95b02ad0b94 100644
--- a/src/myaktion/service/campaign.go
+++ b/src/myaktion/service/campaign.go
@@ -1,6 +1,8 @@
package service
import (
+ "fmt"
+
log "github.com/sirupsen/logrus"
"gitlab.reutlingen-university.de/kober/myaktion-go/src/myaktion/db"
@@ -27,9 +29,9 @@ func GetCampaigns(organizerName string) ([]model.Campaign, error) {
return campaigns, nil
}
-func GetCampaignByID(id uint) (*model.Campaign, error) {
+func GetCampaignByID(id uint, organizerName string) (*model.Campaign, error) {
var campaign model.Campaign
- result := db.DB.Preload("Donations").First(&campaign, id)
+ result := db.DB.Preload("Donations").Where("organizer_name = ?", organizerName).First(&campaign, id)
if result.Error != nil {
return nil, result.Error
}
@@ -37,8 +39,12 @@ func GetCampaignByID(id uint) (*model.Campaign, error) {
return &campaign, nil
}
-func UpdateCampaign(campaign *model.Campaign) error {
- result := db.DB.Save(campaign)
+func UpdateCampaign(campaign *model.Campaign, organizerName string) error {
+ existing, err := GetCampaignByID(campaign.ID, organizerName)
+ if err != nil {
+ return err
+ }
+ result := db.DB.Model(&existing).Updates(campaign)
if result.Error != nil {
return result.Error
}
@@ -47,8 +53,12 @@ func UpdateCampaign(campaign *model.Campaign) error {
return nil
}
-func DeleteCampaign(id uint) error {
- result := db.DB.Delete(&model.Campaign{}, id)
+func DeleteCampaign(id uint, organizerName string) error {
+ existing, err := GetCampaignByID(id, organizerName)
+ if err != nil {
+ return err
+ }
+ result := db.DB.Delete(existing)
if result.Error != nil {
return result.Error
}
@@ -56,11 +66,14 @@ func DeleteCampaign(id uint) error {
return nil
}
-func PatchCampaign(id uint, campaign *model.Campaign) error {
- result := db.DB.Model(&model.Campaign{}).Where("id = ?", id).Updates(campaign)
+func PatchCampaign(id uint, campaign *model.Campaign, organizerName string) error {
+ result := db.DB.Model(&model.Campaign{}).Where("id = ? AND organizer_name = ?", id, organizerName).Updates(campaign)
if result.Error != nil {
return result.Error
}
+ if result.RowsAffected == 0 {
+ return fmt.Errorf("no campaign found with id %d for organizer %s", id, organizerName)
+ }
log.Infof("Successfully patched campaign with ID %v in database.", id)
return nil
}