diff options
author | Stephan Schwär | 2021-04-19 19:42:22 +0200 |
---|---|---|
committer | Stephan Schwär | 2021-04-19 19:42:22 +0200 |
commit | 9ddf844774c30aacb9772e40bffb38633f576a1d (patch) | |
tree | c780528ed3c0a426ca1855dc26a5fddc2fadbc28 | |
parent | Minor i18n fix (diff) | |
download | tutor-module-9ddf844774c30aacb9772e40bffb38633f576a1d.tar.gz tutor-module-9ddf844774c30aacb9772e40bffb38633f576a1d.tar.xz tutor-module-9ddf844774c30aacb9772e40bffb38633f576a1d.zip |
[server] Fix download of images for students
ImageDetailsRead object is filled with bogus information or null for
variables not needed for downloading when students request to
download an image linked to a lecture, as students don't have
sufficient permissions to request all that information.
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java | 64 |
1 files changed, 44 insertions, 20 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java index 1d501c7a..2c58773a 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java @@ -93,6 +93,7 @@ public class DbImage { MysqlStatement stmt = null; if (user.role == Role.STUDENT) { + // Todo remove evaluate and minimize the null placeholders stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid," + " null, null, null, null, null, null, null, null," + " null, null," @@ -110,13 +111,10 @@ public class DbImage { + " FROM imagebase i" + " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)" + " WHERE i.imagebaseid = :imagebaseid"); + } - - // if Student is trying to download only needed information is filled - - stmt.setString("userid", user == null ? "-" : user.userId); stmt.setString("imagebaseid", imageBaseId); ResultSet rs = stmt.executeQuery(); @@ -125,14 +123,27 @@ public class DbImage { // Exists: List<String> tags = DbSoftwareTag.getImageTags(connection, imageBaseId); List<ImageVersionDetails> versions = getImageVersions(connection, imageBaseId, user); - ImagePermissions defaultPermissions = DbImagePermissions.fromResultSetDefault(rs); - ImageDetailsRead image = new ImageDetailsRead(rs.getString("imagebaseid"), - rs.getString("latestversionid"), versions, rs.getString("displayname"), - rs.getString("description"), tags, rs.getInt("osid"), rs.getString("virtid"), - rs.getLong("createtime"), rs.getLong("updatetime"), rs.getString("ownerid"), - rs.getString("updaterid"), toShareMode(rs.getString("sharemode")), - rs.getByte("istemplate") != 0, defaultPermissions); - image.setUserPermissions(DbImagePermissions.fromResultSetUser(rs)); + + ImageDetailsRead image; + + if (user.role == Role.STUDENT) { + ImagePermissions defaultPermissions = new ImagePermissions(false, true, false, false); + + image = new ImageDetailsRead(rs.getString("imagebaseid"), + rs.getString("latestversionid"), versions, imageBaseId, imageBaseId, tags, 0, imageBaseId, 0, 0, imageBaseId, imageBaseId, null, false, defaultPermissions); + image.setUserPermissions(defaultPermissions); + } else { + ImagePermissions defaultPermissions = DbImagePermissions.fromResultSetDefault(rs); + + image = new ImageDetailsRead(rs.getString("imagebaseid"), + rs.getString("latestversionid"), versions, rs.getString("displayname"), + rs.getString("description"), tags, rs.getInt("osid"), rs.getString("virtid"), + rs.getLong("createtime"), rs.getLong("updatetime"), rs.getString("ownerid"), + rs.getString("updaterid"), toShareMode(rs.getString("sharemode")), + rs.getByte("istemplate") != 0, defaultPermissions); + image.setUserPermissions(DbImagePermissions.fromResultSetUser(rs)); + + } User.setCombinedUserPermissions(image, user); return image; } catch (SQLException e) { @@ -283,18 +294,31 @@ public class DbImage { + " imageversionid, createtime, expiretime, filesize, uploaderid," + " isrestricted, isvalid, isprocessed" + " FROM imageversion" + " WHERE imagebaseid = :imagebaseid"); - } stmt.setString("imagebaseid", imageBaseId); ResultSet rs = stmt.executeQuery(); - while (rs.next()) { - String imageVersionId = rs.getString("imageversionid"); - versionList.add(new ImageVersionDetails(imageVersionId, rs.getLong("createtime"), - rs.getLong("expiretime"), rs.getLong("filesize"), rs.getString("uploaderid"), - rs.getByte("isrestricted") != 0, rs.getByte("isvalid") != 0, - rs.getByte("isprocessed") != 0, DbSoftwareTag.getImageVersionSoftwareList(connection, - imageVersionId))); + if (user.role == Role.STUDENT) { + while (rs.next()) { + String imageVersionId = rs.getString("imageversionid"); + versionList.add(new ImageVersionDetails(imageVersionId, rs.getLong("createtime"), + // todo evaluate this empty string for uploaderid + rs.getLong("expiretime"), rs.getLong("filesize"), "", + rs.getByte("isrestricted") != 0, rs.getByte("isvalid") != 0, + rs.getByte("isprocessed") != 0, DbSoftwareTag.getImageVersionSoftwareList(connection, + imageVersionId))); + } + + } else { + while (rs.next()) { + String imageVersionId = rs.getString("imageversionid"); + versionList.add(new ImageVersionDetails(imageVersionId, rs.getLong("createtime"), + rs.getLong("expiretime"), rs.getLong("filesize"), rs.getString("uploaderid"), + rs.getByte("isrestricted") != 0, rs.getByte("isvalid") != 0, + rs.getByte("isprocessed") != 0, DbSoftwareTag.getImageVersionSoftwareList(connection, + imageVersionId))); + } } + stmt.close(); return versionList; } |