verify whether user can delete transaction with specified time when deleting transaction

pkg/api/transactions.go

@@ -498,6 +498,34 @@ func (a *TransactionsApi) TransactionDeleteHandler(c *core.Context) (interface{}
 	}
 
 	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.ErrorfWithRequestId(c, "[transactions.TransactionDeleteHandler] failed to get user, because %s", err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	transaction, err := a.transactions.GetTransactionByTransactionId(uid, transactionDeleteReq.Id)
+
+	if err != nil {
+		log.ErrorfWithRequestId(c, "[transactions.TransactionDeleteHandler] failed to get transaction \"id:%d\" for user \"uid:%d\", because %s", transactionDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if transaction.Type == models.TRANSACTION_DB_TYPE_TRANSFER_IN {
+		log.WarnfWithRequestId(c, "[transactions.TransactionDeleteHandler] cannot delete transaction \"id:%d\" for user \"uid:%d\", because transaction type is transfer in", transactionDeleteReq.Id, uid)
+		return nil, errs.ErrTransactionTypeInvalid
+	}
+
+	transactionEditable := user.CanEditTransactionByTransactionTime(transaction.TransactionTime, transactionDeleteReq.UtcOffset)
+
+	if !transactionEditable {
+		return nil, errs.ErrCannotDeleteTransactionWithThisTransactionTime
+	}
+
 	err = a.transactions.DeleteTransaction(uid, transactionDeleteReq.Id)
 
 	if err != nil {

pkg/errs/transaction.go

@@ -20,4 +20,5 @@ var (
 	ErrCannotDeleteTransactionInHiddenAccount              = NewNormalError(NormalSubcategoryTransaction, 13, http.StatusBadRequest, "cannot delete transaction in hidden account")
 	ErrCannotCreateTransactionWithThisTransactionTime      = NewNormalError(NormalSubcategoryTransaction, 14, http.StatusBadRequest, "cannot add transaction with this transaction time")
 	ErrCannotModifyTransactionWithThisTransactionTime      = NewNormalError(NormalSubcategoryTransaction, 15, http.StatusBadRequest, "cannot modify transaction with this transaction time")
+	ErrCannotDeleteTransactionWithThisTransactionTime      = NewNormalError(NormalSubcategoryTransaction, 16, http.StatusBadRequest, "cannot delete transaction with this transaction time")
 )

pkg/models/transaction.go

@@ -112,7 +112,8 @@ type TransactionGetRequest struct {
 
 // TransactionDeleteRequest represents all parameters of transaction deleting request
 type TransactionDeleteRequest struct {
-	Id int64 `json:"id,string" binding:"required,min=1"`
+	Id        int64 `json:"id,string" binding:"required,min=1"`
+	UtcOffset int   `form:"utc_offset" binding:"required,min=-720,max=840"`
 }
 
 // TransactionInfoResponse represents a view-object of transaction

src/lib/services.js

@@ -288,8 +288,10 @@ export default {
         });
     },
     deleteTransaction: ({ id }) => {
+        const utcOffset = utils.getTimezoneOffsetMinutes();
         return axios.post('v1/transactions/delete.json', {
-            id
+            id,
+            utcOffset
         });
     },
     getAllTransactionCategories: () => {

src/locales/en.js

@@ -548,6 +548,7 @@ export default {
         'cannot delete transaction in hidden account': 'You cannot delete transaction in an hidden account',
         'cannot add transaction with this transaction time': 'You cannot add transaction with this transaction time',
         'cannot modify transaction with this transaction time': 'You cannot modify this transaction with this transaction time',
+        'cannot delete transaction with this transaction time': 'You cannot delete this transaction with this transaction time',
         'transaction category id is invalid': 'Transaction category ID is invalid',
         'transaction category not found': 'Transaction category is not found',
         'transaction category type is invalid': 'Transaction category type is invalid',

src/locales/zh_Hans.js

@@ -548,6 +548,7 @@ export default {
         'cannot delete transaction in hidden account': '您不能删除隐藏账户中的交易',
         'cannot add transaction with this transaction time': '您不能添加该交易时间的交易',
         'cannot modify transaction with this transaction time': '您不能修改该交易时间的交易',
+        'cannot delete transaction with this transaction time': '您不能删除该交易时间的交易',
         'transaction category id is invalid': '交易分类ID无效',
         'transaction category not found': '交易分类不存在',
         'transaction category type is invalid': '交易分类类型无效',