@RequestMapping(value = "/show-topics.jsp", method = RequestMethod.GET) public ModelAndView showUserTopics( @RequestParam("nick") String nick, @RequestParam(value = "offset", required = false) Integer offset, @RequestParam(value = "output", required = false) String output, HttpServletResponse response) throws Exception { Connection db = null; Map<String, Object> params = new HashMap<String, Object>(); try { response.setDateHeader("Expires", System.currentTimeMillis() + 60 * 1000); response.setDateHeader("Last-Modified", System.currentTimeMillis()); db = LorDataSource.getConnection(); User user = User.getUser(db, nick); params.put("ptitle", "Сообщения " + user.getNick()); params.put("navtitle", "Сообщения " + user.getNick()); params.put("user", user); NewsViewer newsViewer = new NewsViewer(); offset = fixOffset(offset); newsViewer.setLimit("LIMIT 20" + (offset > 0 ? (" OFFSET " + offset) : "")); newsViewer.setCommitMode(NewsViewer.CommitMode.ALL); if (user.getId() == 2) { throw new UserErrorException("Лента для пользователя anonymous не доступна"); } newsViewer.setUserid(user.getId()); params.put("messages", newsViewer.getMessagesCached(db)); params.put("offsetNavigation", true); params.put("offset", offset); params.put("rssLink", "show-topics.jsp?nick=" + nick + "&output=rss"); if (output != null && output.equals("rss")) { return new ModelAndView("section-rss", params); } else { return new ModelAndView("view-news", params); } } finally { if (db != null) { db.close(); } } }
@RequestMapping(value = "/edit-vote.jsp", method = RequestMethod.POST) public ModelAndView editVote( HttpServletRequest request, @RequestParam("msgid") int msgid, @RequestParam("id") int id, @RequestParam("title") String title) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isModeratorSession()) { throw new AccessViolationException("Not authorized"); } Connection db = null; try { db = LorDataSource.getConnection(); db.setAutoCommit(false); User user = User.getUser(db, tmpl.getNick()); user.checkCommit(); Poll poll = new Poll(db, id); PreparedStatement pstTitle = db.prepareStatement("UPDATE votenames SET title=? WHERE id=?"); pstTitle.setInt(2, id); pstTitle.setString(1, HTMLFormatter.htmlSpecialChars(title)); pstTitle.executeUpdate(); PreparedStatement pstTopic = db.prepareStatement("UPDATE topics SET title=? WHERE id=?"); pstTopic.setInt(2, msgid); pstTopic.setString(1, HTMLFormatter.htmlSpecialChars(title)); pstTopic.executeUpdate(); List<PollVariant> variants = poll.getPollVariants(db, Poll.ORDER_ID); for (PollVariant var : variants) { String label = new ServletParameterParser(request).getString("var" + var.getId()); if (label == null || label.trim().length() == 0) { var.remove(db); } else { var.updateLabel(db, label); } } for (int i = 1; i <= 3; i++) { String label = new ServletParameterParser(request).getString("new" + i); if (label != null && label.trim().length() > 0) { poll.addNewVariant(db, label); } } logger.info("Отредактирован опрос" + id + " пользователем " + user.getNick()); db.commit(); Random random = new Random(); return new ModelAndView( new RedirectView("view-message.jsp?msgid=" + msgid + "&nocache=" + random.nextInt())); } finally { if (db != null) { db.close(); } } }