Add: delete review

pkg/api/handle_review.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"encoding/json"
+	"errors"
 	"msw-open-music/pkg/database"
 	"net/http"
 	"time"
@@ -102,6 +103,32 @@ func (api *API) HandleGetReview(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func (api *API) CheckUserCanModifyReview(w http.ResponseWriter, r *http.Request, reviewID int64) error {
+	review, err := api.Db.GetReview(reviewID)
+	if err != nil {
+		return err
+	}
+
+	err = api.CheckNotAnonymous(w, r)
+	if err != nil {
+		return err
+	}
+
+	err = api.CheckAdmin(w, r)
+	if err != nil {
+		userID, err := api.GetUserID(w, r)
+		if err != nil {
+			return err
+		}
+
+		if review.UserId != userID {
+			return errors.New("you are not allowed to modify this review")
+		}
+	}
+
+	return nil
+}
+
 func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) {
 	req := &database.Review{}
 
@@ -111,6 +138,12 @@ func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	err = api.CheckUserCanModifyReview(w, r, req.ID)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
 	req.UpdatedAt = time.Now().Unix()
 
 	err = api.Db.UpdateReview(req)
@@ -121,3 +154,31 @@ func (api *API) HandleUpdateReview(w http.ResponseWriter, r *http.Request) {
 
 	api.HandleOK(w, r)
 }
+
+type DeleteReviewRequest struct {
+	ID int64 `json:"id"`
+}
+
+func (api *API) HandleDeleteReview(w http.ResponseWriter, r *http.Request) {
+	req := &DeleteReviewRequest{}
+
+	err := json.NewDecoder(r.Body).Decode(req)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
+	err = api.CheckUserCanModifyReview(w, r, req.ID)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
+	err = api.Db.DeleteReview(req.ID)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
+	api.HandleOK(w, r)
+}