Added a check if the user is either req. or supp.

Fixes #31
serdarkalayci · Apr 2, 2023 · 3f07c41 · 3f07c41
1 parent 4b1574c
commit 3f07c41
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/api/application/conversation.go b/api/application/conversation.go
@@ -132,6 +132,12 @@ func (cs ConversationService) GetConversation(conversationID string, userID stri
 		log.Logger.Error().Err(err).Msg("error getting conversation")
 		return nil, err
 	}
+	// Check that this user is the supplier or the requester of this conversation so that we can decide if they can see this conversation or not
+	if conversation.RequesterID != userID && conversation.SupplierID != userID {
+		log.Logger.Error().Err(err).Msg("user is not the owner of this conversation")
+		return nil, &domain.ErrNotAuthorizedForConversation{}
+	}
+
 	// Lets decide which messages to mark as read by looking who gets the details of the conversation
 	direction := "in"
 	if userID == conversation.RequesterID {

diff --git a/api/domain/conversation.go b/api/domain/conversation.go
@@ -31,6 +31,7 @@ type ContactDetails struct {
 
 type ErrNotTheOwner struct{}
 type ErrTheOwner struct{}
+type ErrNotAuthorizedForConversation struct{}
 
 func (e ErrNotTheOwner) Error() string {
 	return "this user is not the supplier of this trip"
@@ -39,3 +40,7 @@ func (e ErrNotTheOwner) Error() string {
 func (e ErrTheOwner) Error() string {
 	return "this user is the supplier of this trip, therefore cannot inititate conversation"
 }
+
+func (e ErrNotAuthorizedForConversation) Error() string {
+	return "this user is not authorized to see this conversation"
+}