diff options
author | Simon Rettberg | 2024-05-14 20:46:57 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-05-14 20:46:57 +0200 |
commit | 297fe4557adbc7bf8a622f7c036e4e28d8b94477 (patch) | |
tree | 03cc0977049e1b64817d12689ec2ac2edab66a0c | |
parent | [server] ADD FUSDDS STIFF (diff) | |
download | tutor-module-297fe4557adbc7bf8a622f7c036e4e28d8b94477.tar.gz tutor-module-297fe4557adbc7bf8a622f7c036e4e28d8b94477.tar.xz tutor-module-297fe4557adbc7bf8a622f7c036e4e28d8b94477.zip |
[server] DbLecture: Properly handle superadmin in getXml()
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java index abe30a98..5e418873 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbLecture.java @@ -515,10 +515,16 @@ public class DbLecture { // Handle user String userFields = ""; String userJoin = ""; + boolean isSuperUser = false; if (user != null) { - userFields = " b.candownloaddefault, b.caneditdefault, b.canadmindefault," - + " ip.candownload, ip.canedit, ip.canadmin,"; - userJoin = " LEFT JOIN imagepermission ip ON (b.imagebaseid = ip.imagebaseid AND ip.userid = :userid)"; + if (User.isSuperUser(user)) { + isSuperUser = true; + user = null; + } else { + userFields = " b.candownloaddefault, b.caneditdefault, b.canadmindefault, b.ownerid," + + " ip.candownload, ip.canedit, ip.canadmin,"; + userJoin = " LEFT JOIN imagepermission ip ON (b.imagebaseid = ip.imagebaseid AND ip.userid = :userid)"; + } } // Query try (MysqlConnection connection = Database.getConnection()) { @@ -557,11 +563,17 @@ public class DbLecture { int prio = 100; // Check permissions int allowEdit = 0; - if (user != null) { + if (isSuperUser) { + allowEdit = 3; + } else if (user != null) { boolean admin; boolean download; boolean edit; - if (rs.getString("canadmin") != null) { + if (user.userId.equals(rs.getString("ownerid"))) { + admin = true; + edit = true; + download = true; + } else if (rs.getString("canadmin") != null) { admin = rs.getBoolean("canadmin"); edit = rs.getBoolean("canedit"); download = rs.getBoolean("candownload"); |