@Override
public Result createUser(String user, String pass) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
if (!existsUser(user)) {
String sInsert =
"INSERT INTO "
+ User.AUX_USER
+ " ("
+ User.USERFLD
+ ","
+ User.PASSFLD
+ ") values ('"
+ user
+ "', '"
+ pass
+ "')"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
} else {
r.noResult();
r.setMessage("User already exists.");
}
return r;
}
/** DOC */
public Result logout() {
Result r = new Result();
if (!loggedIn) {
r.noResult();
r.setMessage("Already logged out.");
}
loggedIn = false;
r.success();
;
return r;
}
@Override
public Result grant(String roleId, String entityId, String priv) {
// TODO validate priv. (roleId,entityId)
// List<Result> rlist = new ArrayList<Result>();
// TODO ensure it doesn't already exist.
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
List<String> entityIds = new ArrayList<String>();
if (Base.ALL.equals(entityId)) {
String sSelectIds = "SELECT ID FROM " + Manager.AUX_MANAGER + " ";
Result selectResult = db.executeSelectAllIds(sSelectIds, entityIds);
if (selectResult.notSuccessful()) {
return selectResult;
}
} else {
entityIds.add(entityId);
}
boolean found = false;
for (String s : entityIds) {
if (!found) {
found = true;
}
if (!hasBeenGranted(roleId, s, priv)) {
String sInsert =
"INSERT INTO "
+ Role.AUX_ROLE_PRIV
+ " (role_id, manager_id, priv_id) values ("
+ roleId
+ ","
+ s
+ ","
+ priv
+ ")"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
if (r.notSuccessful()) {
return r;
}
}
}
if (!found) {
r.noResult();
r.setMessage("All privileges were already granted.");
} else {
r.success();
; // some privileges exist.
}
return r;
}
@Override
public Result createRole(String role) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
if (!existsRole(role)) {
String sInsert =
"INSERT INTO "
+ Role.AUX_ROLE
+ " (role) values ('"
+ role
+ "')"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
} else {
r.noResult();
r.setMessage("Role already exists.");
}
return r;
}
@Override
public Result assign(String userId, String roleId) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
if (!hasAssignment(userId, roleId)) {
String sInsert =
"INSERT INTO "
+ User.AUX_USER_ROLE
+ " (user_id, role_id) values ("
+ userId
+ ","
+ roleId
+ ")"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
} else {
r.noResult();
r.setMessage("Assignment already exists.");
}
return r;
}
