Ejemplo n.º 1
0
 @Override
 public boolean hasAssignment(String userId, String roleId) {
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return result;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + User.AUX_USER_ROLE
           + " WHERE user_id = "
           + userId
           + " AND role_id = "
           + roleId
           + " "; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("hasAssignment:" + result);
   return result;
 }
Ejemplo n.º 2
0
 @Override
 public boolean hasBeenGranted(String roleId, String entityId, String priv) {
   // TODO validate priv. (roleId,entityId)
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return result;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + Role.AUX_ROLE_PRIV
           + " WHERE role_id = "
           + roleId
           + " AND manager_id = "
           + entityId
           + " AND priv_id = "
           + priv
           + "  "; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("hasBeenGranted:" + result);
   return result;
 }
Ejemplo n.º 3
0
 @Override
 public boolean existsRole(String role) {
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return false;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + Role.AUX_ROLE
           + " WHERE "
           + Role.ROLEFLD
           + " = '"
           + role
           + "'"; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("existsRole:" + result);
   return result;
 }