From 7675cf0b3f9e0cb7805a008684ba620aaa5b1fc1 Mon Sep 17 00:00:00 2001
From: Michael Wilson
Date: Fri, 21 Nov 2014 14:08:53 +0100
Subject: • Only allow permission changes for users who are authorized to do so

---
 dozentenmodulserver/src/main/java/sql/SQL.java | 52 ++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

(limited to 'dozentenmodulserver/src/main/java/sql')

diff --git a/dozentenmodulserver/src/main/java/sql/SQL.java b/dozentenmodulserver/src/main/java/sql/SQL.java
index 455b1e6d..2d038732 100644
--- a/dozentenmodulserver/src/main/java/sql/SQL.java
+++ b/dozentenmodulserver/src/main/java/sql/SQL.java
@@ -2217,6 +2217,58 @@ public class SQL {
 	{
 		return UUID.randomUUID().toString();
 	}
+
+
+
+
+	public boolean userIsImageAdmin(String userID, String imageID) {
+		Connection con = getConnection();
+		ResultSet rs = null;
+		String sql = "SELECT image_admin FROM bwLehrpool.pm_VLData_image WHERE userID= ? AND GUID_imageID=?";
+		
+		try 
+		{
+			PreparedStatement prest = con.prepareStatement(sql);
+			prest.setString(1, userID);
+			prest.setString(2, imageID);
+			rs = prest.executeQuery();
+			con.commit();
+			rs.next();
+			
+			return rs.getBoolean("image_admin");
+			
+		} catch (SQLException e) {
+			 
+			e.printStackTrace();
+		}
+		return false;
+	}
+
+
+
+
+	public boolean userIsLectureAdmin(String userID, String lectureID) {
+		Connection con = getConnection();
+		ResultSet rs = null;
+		String sql = "SELECT rec_admin FROM bwLehrpool.pm_VLData_lecture WHERE userID= ? AND lectureID=?";
+		
+		try 
+		{
+			PreparedStatement prest = con.prepareStatement(sql);
+			prest.setString(1, userID);
+			prest.setString(2, lectureID);
+			rs = prest.executeQuery();
+			con.commit();
+			rs.next();
+			
+			return rs.getBoolean("rec_admin");
+			
+		} catch (SQLException e) {
+			 
+			e.printStackTrace();
+		}
+		return false;
+	}
 
 
 
-- 
cgit v1.2.3-55-g7522