From cfaf8aa1aed6c0928e3d8581b242c8936baefd2e Mon Sep 17 00:00:00 2001
From: meskio <meskio@sindominio.net>
Date: Fri, 25 Sep 2020 19:39:49 +0200
Subject: [PATCH] Check that you have enough money

---
 api/purchase.go | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/api/purchase.go b/api/purchase.go
index 79c7021..b2cfa41 100644
--- a/api/purchase.go
+++ b/api/purchase.go
@@ -12,12 +12,12 @@ import (
 )
 
 type Purchase struct {
-	gorm.Model `json:"-"`
-	MemberNum  int                `json:"member" gorm:"column:member"`
-	Member     Member             `json:"-" gorm:"foreignKey:MemberNum;references:Num"`
-	Date       time.Time          `json:"date"`
-	Total      int                `json:"total"`
-	Products   []PurchasedProduct `json:"products"`
+	gorm.Model
+	MemberNum int                `json:"member" gorm:"column:member"`
+	Member    Member             `json:"-" gorm:"foreignKey:MemberNum;references:Num"`
+	Date      time.Time          `json:"date"`
+	Total     int                `json:"total"`
+	Products  []PurchasedProduct `json:"products"`
 }
 
 type PurchasedProduct struct {
@@ -56,9 +56,6 @@ func (a *api) AddPurchase(num int, w http.ResponseWriter, req *http.Request) {
 	}
 	total := 0
 	for i, p := range products {
-		if p.ProductCode == 0 {
-			continue
-		}
 		var product Product
 		err = a.db.Where("code = ?", p.ProductCode).First(&product).Error
 		if err != nil {
@@ -71,6 +68,18 @@ func (a *api) AddPurchase(num int, w http.ResponseWriter, req *http.Request) {
 		products[i].Price = product.Price
 	}
 
+	var member Member
+	err = a.db.Where("num = ?", num).Find(&member).Error
+	if err != nil {
+		log.Printf("Can't find member %d: %v", num, err)
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
+	if member.Balance < total {
+		log.Printf("Member %d don't have enough money (%d-%d): %v", num, member.Balance, total, err)
+		w.WriteHeader(http.StatusBadRequest)
+		return
+	}
 	err = a.db.Model(&Member{}).
 		Where("num = ?", num).
 		Update("balance", gorm.Expr("balance - ?", total)).Error
@@ -79,6 +88,7 @@ func (a *api) AddPurchase(num int, w http.ResponseWriter, req *http.Request) {
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
+
 	purchase := Purchase{
 		MemberNum: num,
 		Date:      time.Now(),
@@ -114,7 +124,9 @@ func (a *api) AddPurchase(num int, w http.ResponseWriter, req *http.Request) {
 func (a *api) GetPurchase(w http.ResponseWriter, req *http.Request) {
 	vars := mux.Vars(req)
 	var purchase Purchase
-	err := a.db.Where("id = ?", vars["id"]).First(&purchase).Error
+	err := a.db.Where("id = ?", vars["id"]).
+		Preload("Products.Product").
+		First(&purchase).Error
 	if err != nil {
 		if err.Error() == "record not found" {
 			w.WriteHeader(http.StatusNotFound)
-- 
GitLab