• Only allow permission changes for users who are authorized to do so

1 files changed, 52 insertions, 0 deletions

diff --git a/dozentenmodulserver/src/main/java/sql/SQL.java b/dozentenmodulserver/src/main/java/sql/SQL.java
index 455b1e6d..2d038732 100644
--- a/dozentenmodulserver/src/main/java/sql/SQL.java
+++ b/dozentenmodulserver/src/main/java/sql/SQL.java
@@ -2217,6 +2217,58 @@ public class SQL {
 	{

 		return UUID.randomUUID().toString();

 	}

+

+

+

+

+	public boolean userIsImageAdmin(String userID, String imageID) {

+		Connection con = getConnection();

+		ResultSet rs = null;

+		String sql = "SELECT image_admin FROM bwLehrpool.pm_VLData_image WHERE userID= ? AND GUID_imageID=?";

+		

+		try 

+		{

+			PreparedStatement prest = con.prepareStatement(sql);

+			prest.setString(1, userID);

+			prest.setString(2, imageID);

+			rs = prest.executeQuery();

+			con.commit();

+			rs.next();

+			

+			return rs.getBoolean("image_admin");

+			

+		} catch (SQLException e) {

+			 

+			e.printStackTrace();

+		}

+		return false;

+	}

+

+

+

+

+	public boolean userIsLectureAdmin(String userID, String lectureID) {

+		Connection con = getConnection();

+		ResultSet rs = null;

+		String sql = "SELECT rec_admin FROM bwLehrpool.pm_VLData_lecture WHERE userID= ? AND lectureID=?";

+		

+		try 

+		{

+			PreparedStatement prest = con.prepareStatement(sql);

+			prest.setString(1, userID);

+			prest.setString(2, lectureID);

+			rs = prest.executeQuery();

+			con.commit();

+			rs.next();

+			

+			return rs.getBoolean("rec_admin");

+			

+		} catch (SQLException e) {

+			 

+			e.printStackTrace();

+		}

+		return false;

+	}