@RequestMapping(value = "/edit-vote.jsp", method = RequestMethod.GET) public ModelAndView showForm(HttpServletRequest request, @RequestParam("msgid") int msgid) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isModeratorSession()) { throw new AccessViolationException("Not authorized"); } Map<String, Object> params = new HashMap<String, Object>(); params.put("msgid", msgid); Connection db = null; try { db = LorDataSource.getConnection(); Poll poll = Poll.getPollByTopic(db, msgid); params.put("poll", poll); List<PollVariant> variants = poll.getPollVariants(db, Poll.ORDER_ID); params.put("variants", variants); return new ModelAndView("edit-vote", params); } finally { if (db != null) { db.close(); } } }
@RequestMapping(value = "/edit-vote.jsp", method = RequestMethod.POST) public ModelAndView editVote( HttpServletRequest request, @RequestParam("msgid") int msgid, @RequestParam("id") int id, @RequestParam("title") String title) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isModeratorSession()) { throw new AccessViolationException("Not authorized"); } Connection db = null; try { db = LorDataSource.getConnection(); db.setAutoCommit(false); User user = User.getUser(db, tmpl.getNick()); user.checkCommit(); Poll poll = new Poll(db, id); PreparedStatement pstTitle = db.prepareStatement("UPDATE votenames SET title=? WHERE id=?"); pstTitle.setInt(2, id); pstTitle.setString(1, HTMLFormatter.htmlSpecialChars(title)); pstTitle.executeUpdate(); PreparedStatement pstTopic = db.prepareStatement("UPDATE topics SET title=? WHERE id=?"); pstTopic.setInt(2, msgid); pstTopic.setString(1, HTMLFormatter.htmlSpecialChars(title)); pstTopic.executeUpdate(); List<PollVariant> variants = poll.getPollVariants(db, Poll.ORDER_ID); for (PollVariant var : variants) { String label = new ServletParameterParser(request).getString("var" + var.getId()); if (label == null || label.trim().length() == 0) { var.remove(db); } else { var.updateLabel(db, label); } } for (int i = 1; i <= 3; i++) { String label = new ServletParameterParser(request).getString("new" + i); if (label != null && label.trim().length() > 0) { poll.addNewVariant(db, label); } } logger.info("Отредактирован опрос" + id + " пользователем " + user.getNick()); db.commit(); Random random = new Random(); return new ModelAndView( new RedirectView("view-message.jsp?msgid=" + msgid + "&nocache=" + random.nextInt())); } finally { if (db != null) { db.close(); } } }