Skip to content

Commit 930c801

Browse files
kavos113kavos113
committed
fix: itemid is same as path paramater
1 parent 7c84caa commit 930c801

File tree

4 files changed

+32
-15
lines changed

4 files changed

+32
-15
lines changed

handler/ownership.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ func (h *handler) EditItemOwners(ctx echo.Context, itemId openapi.ItemIdInPath,
6060
Memo: req.Memo,
6161
}
6262

63-
updated, err := h.ou.UpdateOwnership(ownership, itemId, userID)
63+
updated, err := h.ou.UpdateOwnership(ownership, userID)
6464
if err != nil {
6565
if errors.Is(err, domain.ErrNotFound) {
6666
return ctx.NoContent(http.StatusNotFound)

usecase/mock/mock_ownership_usecase.go

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

usecase/ownership.go

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ import (
99
type OwnershipUseCase interface {
1010
GetByItemID(itemID int) ([]*domain.Ownership, error)
1111
CreateOwnership(ownership *domain.Ownership) (*domain.Ownership, error)
12-
UpdateOwnership(ownership *domain.Ownership, itemID int, userID string) (*domain.Ownership, error)
12+
UpdateOwnership(ownership *domain.Ownership, userID string) (*domain.Ownership, error)
1313
DeleteOwnership(id int, itemID int, userID string) error
1414
}
1515

@@ -32,16 +32,20 @@ func (u *ownershipUseCase) CreateOwnership(ownership *domain.Ownership) (*domain
3232
}
3333

3434
// TODO: 管理者も変えられるように
35-
func (u *ownershipUseCase) UpdateOwnership(ownership *domain.Ownership, itemID int, userID string) (*domain.Ownership, error) {
35+
func (u *ownershipUseCase) UpdateOwnership(ownership *domain.Ownership, userID string) (*domain.Ownership, error) {
3636
o, err := u.ownershipRepo.GetByID(ownership.ID)
3737
if err != nil {
3838
return nil, err
3939
}
4040

41-
if o.ItemID != itemID {
41+
if o.ItemID != ownership.ItemID {
4242
return nil, fmt.Errorf("%w: ownership does not belong to the specified item", domain.ErrNotFound)
4343
}
4444

45+
if o.UserID != ownership.UserID {
46+
return nil, fmt.Errorf("%w: you can only change the ownership of your own item", ErrForbidden)
47+
}
48+
4549
if o.UserID != userID {
4650
return nil, fmt.Errorf("%w: you can only update your own ownership", ErrForbidden)
4751
}

usecase/ownership_test.go

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,6 @@ func TestOwnershipUseCase_UpdateOwnership(t *testing.T) {
114114
testCases := []struct {
115115
name string
116116
inputOwnership *domain.Ownership
117-
itemID int
118117
userID string
119118
setupMock func(repo *mock_domain.MockOwnershipRepository)
120119
expectedOwnership *domain.Ownership
@@ -129,7 +128,6 @@ func TestOwnershipUseCase_UpdateOwnership(t *testing.T) {
129128
Rentable: false,
130129
Memo: "updated memo",
131130
},
132-
itemID: 1,
133131
userID: "owner",
134132
setupMock: func(repo *mock_domain.MockOwnershipRepository) {
135133
repo.EXPECT().
@@ -153,7 +151,6 @@ func TestOwnershipUseCase_UpdateOwnership(t *testing.T) {
153151
Rentable: true,
154152
Memo: "memo",
155153
},
156-
itemID: 1,
157154
userID: "owner",
158155
setupMock: func(repo *mock_domain.MockOwnershipRepository) {
159156
repo.EXPECT().
@@ -164,15 +161,32 @@ func TestOwnershipUseCase_UpdateOwnership(t *testing.T) {
164161
expectedErr: domain.ErrNotFound,
165162
},
166163
{
167-
name: "failure: forbidden",
164+
name: "failure: cannot change other user's ownership",
165+
inputOwnership: &domain.Ownership{
166+
ID: 1,
167+
ItemID: 1,
168+
UserID: "owner",
169+
Rentable: false,
170+
Memo: "updated memo",
171+
},
172+
userID: "another-user",
173+
setupMock: func(repo *mock_domain.MockOwnershipRepository) {
174+
repo.EXPECT().
175+
GetByID(1).
176+
Return(&domain.Ownership{ID: 1, ItemID: 1, UserID: "owner", Rentable: true, Memo: "before"}, nil).
177+
Times(1)
178+
},
179+
expectedErr: ErrForbidden,
180+
},
181+
{
182+
name: "failure: cannot change other user's ownership, although ownership.userID is matched",
168183
inputOwnership: &domain.Ownership{
169184
ID: 1,
170185
ItemID: 1,
171186
UserID: "owner",
172187
Rentable: false,
173188
Memo: "updated memo",
174189
},
175-
itemID: 1,
176190
userID: "another-user",
177191
setupMock: func(repo *mock_domain.MockOwnershipRepository) {
178192
repo.EXPECT().
@@ -191,7 +205,6 @@ func TestOwnershipUseCase_UpdateOwnership(t *testing.T) {
191205
Rentable: false,
192206
Memo: "updated memo",
193207
},
194-
itemID: 1,
195208
userID: "owner",
196209
setupMock: func(repo *mock_domain.MockOwnershipRepository) {
197210
repo.EXPECT().
@@ -213,7 +226,7 @@ func TestOwnershipUseCase_UpdateOwnership(t *testing.T) {
213226

214227
ownershipUseCase := NewOwnershipUseCase(mockOwnershipRepo)
215228

216-
ownership, err := ownershipUseCase.UpdateOwnership(tc.inputOwnership, tc.itemID, tc.userID)
229+
ownership, err := ownershipUseCase.UpdateOwnership(tc.inputOwnership, tc.userID)
217230

218231
assert.Equal(t, tc.expectedOwnership, ownership)
219232
assert.True(t, errors.Is(err, tc.expectedErr))

0 commit comments

Comments
 (0)