@Override
public void init() {
log("Initializing.");
application = config.loadApplication();
application.initialize();
db =
new Database(
"jdbc:hsqldb:file:./data/",
"accounting",
"SA",
""); // config.DBURL,config.DATABASE,config.ADMIN_LOGIN,config.ADMIN_PASSWORD//TODO
// secure.
boolean goodConnection = db.testConnection();
if (!goodConnection) {
throw new IllegalStateException("Database failure.");
}
Result r = createManagementTables();
if (r.notSuccessful()) {
log("CreateManagementTables:" + r.name());
return;
}
log("Created Management Tables.");
r = fillAuxManagementTable();
if (r.notSuccessful()) {
log("FillAuxManagementTable:" + r.name());
return;
}
log("Filled Management Tables.");
}
@Override
public Result grant(String roleId, String entityId, String priv) {
// TODO validate priv. (roleId,entityId)
// List<Result> rlist = new ArrayList<Result>();
// TODO ensure it doesn't already exist.
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
List<String> entityIds = new ArrayList<String>();
if (Base.ALL.equals(entityId)) {
String sSelectIds = "SELECT ID FROM " + Manager.AUX_MANAGER + " ";
Result selectResult = db.executeSelectAllIds(sSelectIds, entityIds);
if (selectResult.notSuccessful()) {
return selectResult;
}
} else {
entityIds.add(entityId);
}
boolean found = false;
for (String s : entityIds) {
if (!found) {
found = true;
}
if (!hasBeenGranted(roleId, s, priv)) {
String sInsert =
"INSERT INTO "
+ Role.AUX_ROLE_PRIV
+ " (role_id, manager_id, priv_id) values ("
+ roleId
+ ","
+ s
+ ","
+ priv
+ ")"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
if (r.notSuccessful()) {
return r;
}
}
}
if (!found) {
r.noResult();
r.setMessage("All privileges were already granted.");
} else {
r.success();
; // some privileges exist.
}
return r;
}
