summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephan Schwär2021-04-21 15:13:07 +0200
committerSimon Rettberg2021-04-21 15:19:34 +0200
commitff629d2d809c702f572994456145a80167152073 (patch)
tree9da89632044c73e580accecfbad473e24627b828
parent[server] More checks and messages when renaming/deleting upload (diff)
downloadtutor-module-ff629d2d.tar.gz
tutor-module-ff629d2d.tar.xz
tutor-module-ff629d2d.zip
[server] Fix download of images for students
ImageDetailsRead object is filled with bogus information or null for variables not needed for downloading when students request to download an image linked to a lecture, as students don't have sufficient permissions to request all that information. Also check "isrestricted" flag server-side and don't supply images to students that have it set.
Diffstat
-rw-r--r--dozentenmodul/src/main/properties/i18n/thrift.properties4
-rw-r--r--dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java112
2 files changed, 64 insertions, 52 deletions
diff --git a/dozentenmodul/src/main/properties/i18n/thrift.properties b/dozentenmodul/src/main/properties/i18n/thrift.properties
index 9770aef0..0ddcffef 100644
--- a/dozentenmodul/src/main/properties/i18n/thrift.properties
+++ b/dozentenmodul/src/main/properties/i18n/thrift.properties
@@ -2,8 +2,8 @@
GuiErrorCallback.Message.error.notAuthenticatedOrInvalidToken=Invalid session token or failed \
authentication on {0}!\nPlease restart the program. Exit now?
GuiErrorCallback.thriftError.String.errMsg=(Error {0})
-GuiErrorCallback.Message.error.transportException=The communication with {0} is interrupted. \
- Calling the function {1} is failed {2}.\n\n\
+GuiErrorCallback.Message.error.transportException=The communication with {0} was interrupted. \
+ Calling the function {1} has failed {2}.\n\n\
Do you want to retry the call?
# ImageLocalDetailsActions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
index 1d501c7a..5b821881 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
@@ -88,35 +88,23 @@ public class DbImage {
public static ImageDetailsRead getImageDetails(UserInfo user, String imageBaseId)
throws TNotFoundException, SQLException {
try (MysqlConnection connection = Database.getConnection()) {
-
- // if Student is trying to download only needed information is filled
MysqlStatement stmt = null;
- if (user.role == Role.STUDENT)
- {
- stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
- + " null, null, null, null, null, null, null, null,"
- + " null, null,"
- + " null, null, null, null,"
- + " null, null, null, null"
- + " FROM imagebase i"
- + " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
- + " WHERE i.imagebaseid = :imagebaseid");
+ // Students should only be able to request a download of an image. Therefore not all information is needed for this task.
+ if (user.role == Role.STUDENT) {
+ stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid, i.virtid"
+ + " FROM imagebase i"
+ + " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
+ + " WHERE i.imagebaseid = :imagebaseid");
} else {
stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
- + " i.displayname, i.description, i.osid, i.virtid, i.createtime, i.updatetime, i.ownerid, i.updaterid,"
- + " i.sharemode, i.istemplate,"
- + " i.canlinkdefault, i.candownloaddefault, i.caneditdefault, i.canadmindefault,"
- + " perm.canlink, perm.candownload, perm.canedit, perm.canadmin"
- + " FROM imagebase i"
- + " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
- + " WHERE i.imagebaseid = :imagebaseid");
+ + " i.displayname, i.description, i.osid, i.virtid, i.createtime, i.updatetime, i.ownerid, i.updaterid,"
+ + " i.sharemode, i.istemplate,"
+ + " i.canlinkdefault, i.candownloaddefault, i.caneditdefault, i.canadmindefault,"
+ + " perm.canlink, perm.candownload, perm.canedit, perm.canadmin"
+ + " FROM imagebase i"
+ + " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
+ + " WHERE i.imagebaseid = :imagebaseid");
}
-
-
-
- // if Student is trying to download only needed information is filled
-
-
stmt.setString("userid", user == null ? "-" : user.userId);
stmt.setString("imagebaseid", imageBaseId);
ResultSet rs = stmt.executeQuery();
@@ -125,14 +113,26 @@ public class DbImage {
// Exists:
List<String> tags = DbSoftwareTag.getImageTags(connection, imageBaseId);
List<ImageVersionDetails> versions = getImageVersions(connection, imageBaseId, user);
- ImagePermissions defaultPermissions = DbImagePermissions.fromResultSetDefault(rs);
- ImageDetailsRead image = new ImageDetailsRead(rs.getString("imagebaseid"),
- rs.getString("latestversionid"), versions, rs.getString("displayname"),
- rs.getString("description"), tags, rs.getInt("osid"), rs.getString("virtid"),
- rs.getLong("createtime"), rs.getLong("updatetime"), rs.getString("ownerid"),
- rs.getString("updaterid"), toShareMode(rs.getString("sharemode")),
- rs.getByte("istemplate") != 0, defaultPermissions);
- image.setUserPermissions(DbImagePermissions.fromResultSetUser(rs));
+
+ ImageDetailsRead image;
+ if (user.role == Role.STUDENT) {
+ // Students should only have download permissions.
+ // todo evaluate if this is needed and if there is a nicer way to create ImageDetailsRead object
+ ImagePermissions defaultPermissions = new ImagePermissions(false, true, false, false);
+ image = new ImageDetailsRead(rs.getString("imagebaseid"), rs.getString("latestversionid"),
+ versions, "DownloadedImage", null, tags, 0, rs.getString("virtid"), 0, 0, null, null,
+ null, false, defaultPermissions);
+ image.setUserPermissions(defaultPermissions);
+ } else {
+ ImagePermissions defaultPermissions = DbImagePermissions.fromResultSetDefault(rs);
+ image = new ImageDetailsRead(rs.getString("imagebaseid"), rs.getString("latestversionid"),
+ versions, rs.getString("displayname"), rs.getString("description"), tags,
+ rs.getInt("osid"), rs.getString("virtid"), rs.getLong("createtime"),
+ rs.getLong("updatetime"), rs.getString("ownerid"), rs.getString("updaterid"),
+ toShareMode(rs.getString("sharemode")), rs.getByte("istemplate") != 0,
+ defaultPermissions);
+ image.setUserPermissions(DbImagePermissions.fromResultSetUser(rs));
+ }
User.setCombinedUserPermissions(image, user);
return image;
} catch (SQLException e) {
@@ -275,25 +275,32 @@ public class DbImage {
MysqlStatement stmt = null;
if (user.role == Role.STUDENT) {
stmt = connection.prepareStatement("SELECT"
- + " imageversionid, createtime, expiretime, filesize, null,"
- + " isrestricted, isvalid, isprocessed" + " FROM imageversion"
- + " WHERE imagebaseid = :imagebaseid");
+ + " imageversionid, createtime, expiretime, filesize,"
+ + " isrestricted, isvalid, isprocessed"
+ + " FROM imageversion"
+ + " WHERE imagebaseid = :imagebaseid AND isrestricted = 0");
} else {
stmt = connection.prepareStatement("SELECT"
- + " imageversionid, createtime, expiretime, filesize, uploaderid,"
- + " isrestricted, isvalid, isprocessed" + " FROM imageversion"
- + " WHERE imagebaseid = :imagebaseid");
-
+ + " imageversionid, createtime, expiretime, filesize, uploaderid,"
+ + " isrestricted, isvalid, isprocessed"
+ + " FROM imageversion"
+ + " WHERE imagebaseid = :imagebaseid");
}
stmt.setString("imagebaseid", imageBaseId);
ResultSet rs = stmt.executeQuery();
+
while (rs.next()) {
String imageVersionId = rs.getString("imageversionid");
+ String uploaderID = "";
+ // Only student doesn't know the uploaderid
+ if (user.role != Role.STUDENT) {
+ uploaderID = rs.getString("uploaderid");
+ }
versionList.add(new ImageVersionDetails(imageVersionId, rs.getLong("createtime"),
- rs.getLong("expiretime"), rs.getLong("filesize"), rs.getString("uploaderid"),
+ rs.getLong("expiretime"), rs.getLong("filesize"), uploaderID,
rs.getByte("isrestricted") != 0, rs.getByte("isvalid") != 0,
- rs.getByte("isprocessed") != 0, DbSoftwareTag.getImageVersionSoftwareList(connection,
- imageVersionId)));
+ rs.getByte("isprocessed") != 0,
+ DbSoftwareTag.getImageVersionSoftwareList(connection, imageVersionId)));
}
stmt.close();
return versionList;
@@ -383,7 +390,8 @@ public class DbImage {
+ " canlinkdefault = :canlink,"
+ " candownloaddefault = :candownload, caneditdefault = :canedit,"
+ (user != null ? " updaterid = :updaterid, updatetime = UNIX_TIMESTAMP()," : "")
- + " canadmindefault = :canadmin" + " WHERE imagebaseid = :baseid");
+ + " canadmindefault = :canadmin"
+ + " WHERE imagebaseid = :baseid");
stmt.setString("baseid", imageBaseId);
stmt.setString("imagename", image.imageName);
stmt.setString("description", image.description);
@@ -492,7 +500,8 @@ public class DbImage {
throw new TNotFoundException();
// First update version table
MysqlStatement stmtVersion = connection.prepareStatement("UPDATE imageversion v SET"
- + " v.isrestricted = :isrestricted" + " WHERE v.imageversionid = :versionid");
+ + " v.isrestricted = :isrestricted"
+ + " WHERE v.imageversionid = :versionid");
stmtVersion.setString("versionid", imageVersionId);
stmtVersion.setBoolean("isrestricted", image.isRestricted);
if (stmtVersion.executeUpdate() != 0) {
@@ -528,11 +537,13 @@ public class DbImage {
try (MysqlConnection connection = Database.getConnection()) {
{
// Disable version in question
- MysqlStatement checkStmt = connection.prepareStatement("SELECT imageversionid FROM"
- + " imageversion WHERE imageversionid = :versionid AND"
+ MysqlStatement checkStmt = connection.prepareStatement("SELECT imageversionid"
+ + " FROM imageversion"
+ + " WHERE imageversionid = :versionid AND"
+ " (expiretime > UNIX_TIMESTAMP() OR isvalid <> 0)");
- MysqlStatement disableStmt = connection.prepareStatement("UPDATE imageversion SET"
- + " expiretime = 1234567890, isvalid = 0" + " WHERE imageversionid = :versionid");
+ MysqlStatement disableStmt = connection.prepareStatement("UPDATE imageversion"
+ + " SET expiretime = 1234567890, isvalid = 0"
+ + " WHERE imageversionid = :versionid");
affectedList = new ArrayList<>(imageVersionIds.length);
for (String imageVersionId : imageVersionIds) {
if (imageVersionId == null)
@@ -832,7 +843,8 @@ public class DbImage {
// Determine manually if anything changed, as executeQuery() always returns 1 for some reason
boolean latestVersionChanged = true;
do {
- MysqlStatement ds = connection.prepareStatement("SELECT latestversionid FROM imagebase WHERE imagebaseid = :imagebaseid");
+ MysqlStatement ds = connection.prepareStatement(
+ "SELECT latestversionid FROM imagebase WHERE imagebaseid = :imagebaseid");
ds.setString("imagebaseid", imageBaseId);
ResultSet drs = ds.executeQuery();
if (drs.next()) {
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-09 21:06:59 +0200