@Override
public boolean hasAssignment(String userId, String roleId) {
boolean result = false;
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return result;
}
String countSql =
"SELECT COUNT(*) FROM "
+ User.AUX_USER_ROLE
+ " WHERE user_id = "
+ userId
+ " AND role_id = "
+ roleId
+ " "; // TODO sql injection, used pstmt setString?
r = db.executeCountQuery(countSql);
if (r.hasValue()) {
Integer count = (Integer) r.objectValue();
if (count > 0) {
result = true;
}
}
log("hasAssignment:" + result);
return result;
}
@Override
public boolean hasBeenGranted(String roleId, String entityId, String priv) {
// TODO validate priv. (roleId,entityId)
boolean result = false;
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return result;
}
String countSql =
"SELECT COUNT(*) FROM "
+ Role.AUX_ROLE_PRIV
+ " WHERE role_id = "
+ roleId
+ " AND manager_id = "
+ entityId
+ " AND priv_id = "
+ priv
+ " "; // TODO sql injection, used pstmt setString?
r = db.executeCountQuery(countSql);
if (r.hasValue()) {
Integer count = (Integer) r.objectValue();
if (count > 0) {
result = true;
}
}
log("hasBeenGranted:" + result);
return result;
}
@Override
public boolean existsRole(String role) {
boolean result = false;
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return false;
}
String countSql =
"SELECT COUNT(*) FROM "
+ Role.AUX_ROLE
+ " WHERE "
+ Role.ROLEFLD
+ " = '"
+ role
+ "'"; // TODO sql injection, used pstmt setString?
r = db.executeCountQuery(countSql);
if (r.hasValue()) {
Integer count = (Integer) r.objectValue();
if (count > 0) {
result = true;
}
}
log("existsRole:" + result);
return result;
}
