From a0cd19423ee6c56792701ab67630032531a313dc Mon Sep 17 00:00:00 2001
From: Kuersat Akmaz
Date: Mon, 3 Aug 2020 14:54:03 +0200
Subject: [server] getimageversion funtion only shows needed information

the function did return the uploaderid which
is not necessary for students to see. So i removed it.
Issue : #3727
---
 .../openslx/bwlp/sat/database/mappers/DbImage.java | 44 +++++++++++++++-------
 1 file changed, 30 insertions(+), 14 deletions(-)

(limited to 'dozentenmodulserver/src/main/java')

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
index 9fdcad0a..99e90099 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
@@ -87,16 +87,9 @@ public class DbImage {
 	public static ImageDetailsRead getImageDetails(UserInfo user, String imageBaseId)
 			throws TNotFoundException, SQLException {
 		try (MysqlConnection connection = Database.getConnection()) {
-			MysqlStatement stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
-					+ " i.displayname, i.description, i.osid, i.virtid, i.createtime, i.updatetime, i.ownerid, i.updaterid,"
-					+ " i.sharemode, i.istemplate,"
-					+ " i.canlinkdefault, i.candownloaddefault, i.caneditdefault, i.canadmindefault,"
-					+ " perm.canlink, perm.candownload, perm.canedit, perm.canadmin"
-					+ " FROM imagebase i"
-					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
-					+ " WHERE i.imagebaseid = :imagebaseid");
 
 			// if Student is trying to download only needed information is filled
+			MysqlStatement stmt = null;
 			if (user.role.equals("STUDENT")) 
 			{
 				stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
@@ -107,8 +100,22 @@ public class DbImage {
 					+ " FROM imagebase i"
 					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
 					+ " WHERE i.imagebaseid = :imagebaseid");
+			} else {
+				stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
+					+ " i.displayname, i.description, i.osid, i.virtid, i.createtime, i.updatetime, i.ownerid, i.updaterid,"
+					+ " i.sharemode, i.istemplate,"
+					+ " i.canlinkdefault, i.candownloaddefault, i.caneditdefault, i.canadmindefault,"
+					+ " perm.canlink, perm.candownload, perm.canedit, perm.canadmin"
+					+ " FROM imagebase i"
+					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
+					+ " WHERE i.imagebaseid = :imagebaseid");
 			}
 
+			
+
+			// if Student is trying to download only needed information is filled
+			
+
 			stmt.setString("userid", user == null ? "-" : user.userId);
 			stmt.setString("imagebaseid", imageBaseId);
 			ResultSet rs = stmt.executeQuery();
@@ -116,7 +123,7 @@ public class DbImage {
 				throw new TNotFoundException();
 			// Exists:
 			List<String> tags = DbSoftwareTag.getImageTags(connection, imageBaseId);
-			List<ImageVersionDetails> versions = getImageVersions(connection, imageBaseId);
+			List<ImageVersionDetails> versions = getImageVersions(connection, imageBaseId, user);
 			ImagePermissions defaultPermissions = DbImagePermissions.fromResultSetDefault(rs);
 			ImageDetailsRead image = new ImageDetailsRead(rs.getString("imagebaseid"),
 					rs.getString("latestversionid"), versions, rs.getString("displayname"),
@@ -261,13 +268,22 @@ public class DbImage {
 		return resultSetToSummary(user, rs);
 	}
 
-	protected static List<ImageVersionDetails> getImageVersions(MysqlConnection connection, String imageBaseId)
+	protected static List<ImageVersionDetails> getImageVersions(MysqlConnection connection, String imageBaseId, UserInfo user)
 			throws SQLException {
 		List<ImageVersionDetails> versionList = new ArrayList<>();
-		MysqlStatement stmt = connection.prepareStatement("SELECT"
-				+ " imageversionid, createtime, expiretime, filesize, uploaderid,"
-				+ " isrestricted, isvalid, isprocessed" + " FROM imageversion"
-				+ " WHERE imagebaseid = :imagebaseid");
+		MysqlStatement stmt = null;	
+		if (user.role.equals("STUDENT")) {
+			stmt = connection.prepareStatement("SELECT"
+			+ " imageversionid, createtime, expiretime, filesize, null,"
+			+ " isrestricted, isvalid, isprocessed" + " FROM imageversion"
+			+ " WHERE imagebaseid = :imagebaseid");
+		} else {
+			stmt = connection.prepareStatement("SELECT"
+			+ " imageversionid, createtime, expiretime, filesize, uploaderid,"
+			+ " isrestricted, isvalid, isprocessed" + " FROM imageversion"
+			+ " WHERE imagebaseid = :imagebaseid");
+
+		}
 		stmt.setString("imagebaseid", imageBaseId);
 		ResultSet rs = stmt.executeQuery();
 		while (rs.next()) {
-- 
cgit v1.2.3-55-g7522