From 26cc8cf3bf43b88d9da4f70d9ebc508aaeb5e01d Mon Sep 17 00:00:00 2001
From: Kuersat Akmaz
Date: Sat, 1 Aug 2020 22:00:53 +0200
Subject: [server] getimageDetails query for Students adjustet so that they can
 see only needed information

I adjusted the qyery so that they can see only needed information
Issue : #3743
---
 .../org/openslx/bwlp/sat/database/mappers/DbImage.java     | 14 ++++++++++++++
 .../java/org/openslx/bwlp/sat/thrift/ServerHandler.java    |  9 ++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

(limited to 'dozentenmodulserver/src/main/java')

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
index ca4c3e3c..9fdcad0a 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
@@ -95,6 +95,20 @@ public class DbImage {
 					+ " FROM imagebase i"
 					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
 					+ " WHERE i.imagebaseid = :imagebaseid");
+
+			// if Student is trying to download only needed information is filled
+			if (user.role.equals("STUDENT")) 
+			{
+				stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
+					+ " null, null, null, null, null, null, null, null,"
+					+ " null, null,"
+					+ " null, null, null, null,"
+					+ " null, null, null, null"
+					+ " FROM imagebase i"
+					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
+					+ " WHERE i.imagebaseid = :imagebaseid");
+			}
+
 			stmt.setString("userid", user == null ? "-" : user.userId);
 			stmt.setString("imagebaseid", imageBaseId);
 			ResultSet rs = stmt.executeQuery();
diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
index 06c1e5a7..50935841 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
@@ -303,7 +303,14 @@ public class ServerHandler implements SatelliteServer.Iface {
 	public ImageDetailsRead getImageDetails(String userToken, String imageBaseId)
 			throws TAuthorizationException, TNotFoundException, TInvocationException {
 		UserInfo user = SessionManager.getOrFail(userToken);
-		User.canSeeImageDetailsOrFail(user);
+		// if user is a student canSeeImageDetailsOrFail() will throw exception
+		try {
+			User.canSeeImageDetailsOrFail(user);
+		} catch (TAuthorizationException ex)
+		{
+			DbLog.log(user, imageBaseId, "Student is trying to perform Download: '" + user.userId + "'");
+		}
+		
 		try {
 			return DbImage.getImageDetails(user, imageBaseId);
 		} catch (SQLException e) {
-- 
cgit v1.2.3-55-g7522


From a0cd19423ee6c56792701ab67630032531a313dc Mon Sep 17 00:00:00 2001
From: Kuersat Akmaz
Date: Mon, 3 Aug 2020 14:54:03 +0200
Subject: [server] getimageversion funtion only shows needed information

the function did return the uploaderid which
is not necessary for students to see. So i removed it.
Issue : #3727
---
 .../openslx/bwlp/sat/database/mappers/DbImage.java | 44 +++++++++++++++-------
 1 file changed, 30 insertions(+), 14 deletions(-)

(limited to 'dozentenmodulserver/src/main/java')

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
index 9fdcad0a..99e90099 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/database/mappers/DbImage.java
@@ -87,16 +87,9 @@ public class DbImage {
 	public static ImageDetailsRead getImageDetails(UserInfo user, String imageBaseId)
 			throws TNotFoundException, SQLException {
 		try (MysqlConnection connection = Database.getConnection()) {
-			MysqlStatement stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
-					+ " i.displayname, i.description, i.osid, i.virtid, i.createtime, i.updatetime, i.ownerid, i.updaterid,"
-					+ " i.sharemode, i.istemplate,"
-					+ " i.canlinkdefault, i.candownloaddefault, i.caneditdefault, i.canadmindefault,"
-					+ " perm.canlink, perm.candownload, perm.canedit, perm.canadmin"
-					+ " FROM imagebase i"
-					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
-					+ " WHERE i.imagebaseid = :imagebaseid");
 
 			// if Student is trying to download only needed information is filled
+			MysqlStatement stmt = null;
 			if (user.role.equals("STUDENT")) 
 			{
 				stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
@@ -107,8 +100,22 @@ public class DbImage {
 					+ " FROM imagebase i"
 					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
 					+ " WHERE i.imagebaseid = :imagebaseid");
+			} else {
+				stmt = connection.prepareStatement("SELECT i.imagebaseid, i.latestversionid,"
+					+ " i.displayname, i.description, i.osid, i.virtid, i.createtime, i.updatetime, i.ownerid, i.updaterid,"
+					+ " i.sharemode, i.istemplate,"
+					+ " i.canlinkdefault, i.candownloaddefault, i.caneditdefault, i.canadmindefault,"
+					+ " perm.canlink, perm.candownload, perm.canedit, perm.canadmin"
+					+ " FROM imagebase i"
+					+ " LEFT JOIN imagepermission perm ON (i.imagebaseid = perm.imagebaseid AND perm.userid = :userid)"
+					+ " WHERE i.imagebaseid = :imagebaseid");
 			}
 
+			
+
+			// if Student is trying to download only needed information is filled
+			
+
 			stmt.setString("userid", user == null ? "-" : user.userId);
 			stmt.setString("imagebaseid", imageBaseId);
 			ResultSet rs = stmt.executeQuery();
@@ -116,7 +123,7 @@ public class DbImage {
 				throw new TNotFoundException();
 			// Exists:
 			List<String> tags = DbSoftwareTag.getImageTags(connection, imageBaseId);
-			List<ImageVersionDetails> versions = getImageVersions(connection, imageBaseId);
+			List<ImageVersionDetails> versions = getImageVersions(connection, imageBaseId, user);
 			ImagePermissions defaultPermissions = DbImagePermissions.fromResultSetDefault(rs);
 			ImageDetailsRead image = new ImageDetailsRead(rs.getString("imagebaseid"),
 					rs.getString("latestversionid"), versions, rs.getString("displayname"),
@@ -261,13 +268,22 @@ public class DbImage {
 		return resultSetToSummary(user, rs);
 	}
 
-	protected static List<ImageVersionDetails> getImageVersions(MysqlConnection connection, String imageBaseId)
+	protected static List<ImageVersionDetails> getImageVersions(MysqlConnection connection, String imageBaseId, UserInfo user)
 			throws SQLException {
 		List<ImageVersionDetails> versionList = new ArrayList<>();
-		MysqlStatement stmt = connection.prepareStatement("SELECT"
-				+ " imageversionid, createtime, expiretime, filesize, uploaderid,"
-				+ " isrestricted, isvalid, isprocessed" + " FROM imageversion"
-				+ " WHERE imagebaseid = :imagebaseid");
+		MysqlStatement stmt = null;	
+		if (user.role.equals("STUDENT")) {
+			stmt = connection.prepareStatement("SELECT"
+			+ " imageversionid, createtime, expiretime, filesize, null,"
+			+ " isrestricted, isvalid, isprocessed" + " FROM imageversion"
+			+ " WHERE imagebaseid = :imagebaseid");
+		} else {
+			stmt = connection.prepareStatement("SELECT"
+			+ " imageversionid, createtime, expiretime, filesize, uploaderid,"
+			+ " isrestricted, isvalid, isprocessed" + " FROM imageversion"
+			+ " WHERE imagebaseid = :imagebaseid");
+
+		}
 		stmt.setString("imagebaseid", imageBaseId);
 		ResultSet rs = stmt.executeQuery();
 		while (rs.next()) {
-- 
cgit v1.2.3-55-g7522


From 4e1bab432e67bbc4e729f7d2d61219ca014b32bc Mon Sep 17 00:00:00 2001
From: Kuersat Akmaz
Date: Mon, 3 Aug 2020 15:19:00 +0200
Subject: [server] check if user can see imagedetails removed in funktion
 Serverhandler.getimagedetails

The check has been removed because it is no longer needed
Issue : #3727
---
 .../src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java   | 7 -------
 1 file changed, 7 deletions(-)

(limited to 'dozentenmodulserver/src/main/java')

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
index 50935841..4910ec4c 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/thrift/ServerHandler.java
@@ -303,13 +303,6 @@ public class ServerHandler implements SatelliteServer.Iface {
 	public ImageDetailsRead getImageDetails(String userToken, String imageBaseId)
 			throws TAuthorizationException, TNotFoundException, TInvocationException {
 		UserInfo user = SessionManager.getOrFail(userToken);
-		// if user is a student canSeeImageDetailsOrFail() will throw exception
-		try {
-			User.canSeeImageDetailsOrFail(user);
-		} catch (TAuthorizationException ex)
-		{
-			DbLog.log(user, imageBaseId, "Student is trying to perform Download: '" + user.userId + "'");
-		}
 		
 		try {
 			return DbImage.getImageDetails(user, imageBaseId);
-- 
cgit v1.2.3-55-g7522