diff options
author | Kuersat Akmaz | 2020-08-01 22:00:53 +0200 |
---|---|---|
committer | Kuersat Akmaz | 2020-08-01 22:04:56 +0200 |
commit | 26cc8cf3bf43b88d9da4f70d9ebc508aaeb5e01d (patch) | |
tree | 5105f791e0822ee41be5d425f359454195c33ac6 /dozentenmodulserver | |
parent | [client] PopupMenu Download Button in Lecturelist for Students enabled (diff) | |
download | tutor-module-26cc8cf3bf43b88d9da4f70d9ebc508aaeb5e01d.tar.gz tutor-module-26cc8cf3bf43b88d9da4f70d9ebc508aaeb5e01d.tar.xz tutor-module-26cc8cf3bf43b88d9da4f70d9ebc508aaeb5e01d.zip |
[server] getimageDetails query for Students adjustet so that they can see only needed information
I adjusted the qyery so that they can see only needed information
Issue : #3743
Diffstat (limited to 'dozentenmodulserver')
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java | 14 | ||||
-rw-r--r-- | dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java | 9 |
2 files changed, 22 insertions, 1 deletions
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java index ca4c3e3c..9fdcad0a 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java @@ -95,6 +95,20 @@ public class DbImage { + " FROM imagebase i" + " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)" + " WHERE i.imagebaseid = :imagebaseid"); + + // if Student is trying to download only needed information is filled + if (user.role.equals("STUDENT")) + { + stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid," + + " null, null, null, null, null, null, null, null," + + " null, null," + + " null, null, null, null," + + " null, null, null, null" + + " FROM imagebase i" + + " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)" + + " WHERE i.imagebaseid = :imagebaseid"); + } + stmt.setString("userid", user == null ? "-" : user.userId); stmt.setString("imagebaseid", imageBaseId); ResultSet rs = stmt.executeQuery(); diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java index 06c1e5a7..50935841 100644 --- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java +++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java @@ -303,7 +303,14 @@ public class ServerHandler implements SatelliteServer.Iface { public ImageDetailsRead getImageDetails(String userToken, String imageBaseId) throws TAuthorizationException, TNotFoundException, TInvocationException { UserInfo user = SessionManager.getOrFail(userToken); - User.canSeeImageDetailsOrFail(user); + // if user is a student canSeeImageDetailsOrFail() will throw exception + try { + User.canSeeImageDetailsOrFail(user); + } catch (TAuthorizationException ex) + { + DbLog.log(user, imageBaseId, "Student is trying to perform Download: '" + user.userId + "'"); + } + try { return DbImage.getImageDetails(user, imageBaseId); } catch (SQLException e) { |