check user owns guestbook

2025-03-15 12:18:17 -07:00 · 2025-03-15 12:18:17 -07:00 · 11c0815676
commit 11c0815676
parent 6c18752230
2 changed files with 168 additions and 165 deletions
--- a/cmd/web/handlers_guestbook.go
+++ b/cmd/web/handlers_guestbook.go
@ -1,6 +1,5 @@
 package main

-
 import (
 	"errors"
 	"fmt"
@ -12,12 +11,12 @@ import (
 	"git.32bit.cafe/32bitcafe/guestbook/ui/views"
 )

-func (app *application) getGuestbookCreate(w http.ResponseWriter, r* http.Request) {
+func (app *application) getGuestbookCreate(w http.ResponseWriter, r *http.Request) {
 	data := app.newCommonData(r)
 	views.GuestbookCreate("New Guestbook", data).Render(r.Context(), w)
 }

-func (app *application) postGuestbookCreate(w http.ResponseWriter, r* http.Request) {
+func (app *application) postGuestbookCreate(w http.ResponseWriter, r *http.Request) {
 	userId := app.sessionManager.GetInt64(r.Context(), "authenticatedUserId")
 	err := r.ParseForm()
 	if err != nil {
@ -83,6 +82,10 @@ func (app *application) getGuestbookDashboard(w http.ResponseWriter, r *http.Req
 		}
 		return
 	}
+	user := app.getCurrentUser(r)
+	if user.ID != guestbook.UserId {
+		app.clientError(w, http.StatusUnauthorized)
+	}
 	comments, err := app.guestbookComments.GetAll(guestbook.ID)
 	if err != nil {
 		app.serverError(w, r, err)
--- a/internal/models/user.go
+++ b/internal/models/user.go
@ -11,7 +11,7 @@ import (
 )

 type User struct {
-	ID             int
+	ID             int64
 	ShortId        uint64
 	Username       string
 	Email          string