update: requireclubmembership middleware for event rsvp

nevzattalhaozcan · nevzattalhaozcan · commit a0264387877b · 2025-10-11T21:51:44.000+03:00
diff --git a/internal/handlers/server.go b/internal/handlers/server.go
@@ -179,45 +179,45 @@ func (s *Server) setupRoutes() {
 		protected.GET("/clubs/:id/poll", postHandler.GetPollPostsByClubID)
 
 		protected.POST("/clubs/:id/join", clubHandler.JoinClub)
-		protected.POST("/clubs/:id/leave", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), clubHandler.LeaveClub)
-		protected.POST("/clubs/:id/ratings", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), clubHandler.RateClub)
+		protected.POST("/clubs/:id/leave", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), clubHandler.LeaveClub)
+		protected.POST("/clubs/:id/ratings", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), clubHandler.RateClub)
 		protected.GET("/my-clubs", clubHandler.GetMyClubs)
 
 		protected.PUT("/clubs/:id/members/:user_id", middleware.RequireClubMembershipWithRoles(clubRepo, "club_admin", "moderator"), clubHandler.UpdateClubMember)
 		protected.GET("/clubs/:id/members/:user_id", clubHandler.GetClubMember)
 
 		protected.POST("/clubs/:id/events", middleware.RequireClubMembershipWithRoles(clubRepo, "club_admin", "moderator"), eventHandler.CreateEvent)
-		protected.GET("/clubs/:id/events", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), eventHandler.GetClubEvents)
-		protected.GET("/events/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), eventHandler.GetEvent)
+		protected.GET("/clubs/:id/events", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), eventHandler.GetClubEvents)
+		protected.GET("/events/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), eventHandler.GetEvent)
 		protected.PUT("/events/:id", middleware.RequireClubMembershipWithRoles(clubRepo, "club_admin", "moderator"), eventHandler.UpdateEvent)
 		protected.DELETE("/events/:id", middleware.RequireClubMembershipWithRoles(clubRepo, "club_admin", "moderator"), eventHandler.DeleteEvent)
 
-		protected.POST("/events/:id/rsvp", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), eventHandler.RSVPToEvent)
-		protected.GET("/events/:id/attendees", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), eventHandler.GetEventAttendees)
+		protected.POST("/events/:id/rsvp", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), eventHandler.RSVPToEvent)
+		protected.GET("/events/:id/attendees", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), eventHandler.GetEventAttendees)
 
 		protected.POST("/books", middleware.RestrictToRoles("admin", "superuser"), bookHandler.CreateBook)
 		protected.PUT("/books/:id", middleware.RestrictToRoles("admin", "superuser"), bookHandler.UpdateBook)
 		protected.DELETE("/books/:id", middleware.RestrictToRoles("admin", "superuser"), bookHandler.DeleteBook)
 
-		protected.POST("/posts", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.CreatePost)
-		protected.PUT("/posts/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.UpdatePost)
-		protected.DELETE("/posts/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.DeletePost)
-		protected.GET("/posts/reviews", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.GetReviewsByBook)
-		protected.GET("/posts/filter", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.GetPostsByType)
+		protected.POST("/posts", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.CreatePost)
+		protected.PUT("/posts/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.UpdatePost)
+		protected.DELETE("/posts/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.DeletePost)
+		protected.GET("/posts/reviews", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.GetReviewsByBook)
+		protected.GET("/posts/filter", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.GetPostsByType)
 
-		protected.POST("/posts/:id/vote", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.VoteOnPoll)
-		protected.POST("/posts/:id/unvote", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.RemoveVoteFromPoll)
-		protected.GET("/posts/:id/poll/votes", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.GetUserPollVotes)
+		protected.POST("/posts/:id/vote", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.VoteOnPoll)
+		protected.POST("/posts/:id/unvote", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.RemoveVoteFromPoll)
+		protected.GET("/posts/:id/poll/votes", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.GetUserPollVotes)
 
-		protected.POST("/posts/:id/like", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.LikePost)
-		protected.POST("/posts/:id/unlike", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), postHandler.UnlikePost)
+		protected.POST("/posts/:id/like", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.LikePost)
+		protected.POST("/posts/:id/unlike", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), postHandler.UnlikePost)
 
-		protected.POST("/posts/:id/comments", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), commentHandler.CreateComment)
-		protected.PUT("/comments/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), commentHandler.UpdateComment)
-		protected.DELETE("/comments/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), commentHandler.DeleteComment)
+		protected.POST("/posts/:id/comments", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), commentHandler.CreateComment)
+		protected.PUT("/comments/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), commentHandler.UpdateComment)
+		protected.DELETE("/comments/:id", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), commentHandler.DeleteComment)
 
-		protected.POST("/comments/:id/like", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), commentHandler.LikeComment)
-		protected.POST("/comments/:id/unlike", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo), commentHandler.UnlikeComment)
+		protected.POST("/comments/:id/like", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), commentHandler.LikeComment)
+		protected.POST("/comments/:id/unlike", middleware.RequireClubMembership(clubRepo, postRepo, commentRepo, eventRepo), commentHandler.UnlikeComment)
 
 		protected.POST("/users/:id/reading/sync", middleware.AuthorizeSelf(), readingHandler.SyncUserStats)
 		protected.POST("/users/:id/reading/start", middleware.AuthorizeSelf(), readingHandler.StartReading)
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
@@ -124,7 +124,7 @@ func RestrictToRoles(allowedRoles ...string) gin.HandlerFunc {
 	}
 }
 
-func RequireClubMembership(clubRepo repository.ClubRepository, postRepo repository.PostRepository, commentRepo repository.CommentRepository) gin.HandlerFunc {
+func RequireClubMembership(clubRepo repository.ClubRepository, postRepo repository.PostRepository, commentRepo repository.CommentRepository, eventRepo repository.EventRepository) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// allow admin and superuser to bypass club membership check
 		userRoleRaw, exists := c.Get("user_role")
@@ -210,7 +210,26 @@ func RequireClubMembership(clubRepo repository.ClubRepository, postRepo reposito
 				return
 			}
 			clubID = uint(clubID64)
-		} else {
+		} else if (strings.Contains(path, "/events/:id/rsvp") || strings.Contains(path, "/events/:id/attendees")) && idParam != "" {
+            // For RSVP/attendees, get event and extract club_id
+            eventID, parseErr := strconv.ParseUint(idParam, 10, 32)
+            if parseErr != nil {
+                c.JSON(http.StatusBadRequest, gin.H{"error": "invalid event ID"})
+                c.Abort()
+                return
+            }
+            event, err := eventRepo.GetByID(uint(eventID))
+            if err != nil {
+                if err == gorm.ErrRecordNotFound {
+                    c.JSON(http.StatusNotFound, gin.H{"error": "event not found"})
+                } else {
+                    c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to fetch event"})
+                }
+                c.Abort()
+                return
+            }
+            clubID = event.ClubID
+        } else {
 			// Try to get club_id from request body
 			bodyBytes, readErr := c.GetRawData()
 			if readErr != nil {
