From 21d4ac15a4ebb94179c6fe89dec4d62b7cfffec0 Mon Sep 17 00:00:00 2001
From: GotPPay <bilal@saburly.com>
Date: Thu, 3 May 2018 18:29:24 +0200
Subject: [PATCH] create structure for rules checking

---
 server/router/organizationroute/controller.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server/router/organizationroute/controller.go b/server/router/organizationroute/controller.go
index 1044379..d399c6e 100644
--- a/server/router/organizationroute/controller.go
+++ b/server/router/organizationroute/controller.go
@@ -239,6 +239,10 @@ func (c *controller) handleRemoveAddress(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	if !authorization.CanDeleteAddress(authUser, address) {
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	address.UpdatedUser.ID = authUser.ID
 
 	err = c.svc.Organization.InactivateOrganizationAddress(orgUUID, address, authUser)
@@ -315,6 +319,10 @@ func (c *controller) handleRemoveContact(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	if !authorization.CanDeleteContact(authUser, contact) {
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	contact.UpdatedUser.ID = authUser.ID
 
 	err = c.svc.Organization.InactivateOrganizationContact(orgUUID, contact, authUser)