From 34d74aae6af1798d011731e652b2e689b815843f Mon Sep 17 00:00:00 2001
From: NMerz <nmerz@icloud.com>
Date: Sat, 24 Oct 2020 14:46:56 -0400
Subject: [PATCH] Treat ListSharee as access table

This is so that multiple users can be paired with a single list.

In the future, we may want to reconsider list deletion behavior to simply remove a user's access and only delete it when no one has access.

We may also want the user deletion Lambda to use the list deletion Lambda when it is created.
---
 Lambdas/Lists/List/src/ListAdder.java         | 13 +++-
 Lambdas/Lists/List/src/ListGetter.java        |  2 +-
 .../Lists/ListShare/src/ListSharePOST.java    | 11 +++
 Lambdas/Lists/ListShare/src/ListSharer.java   | 68 +++++++++++++++++++
 Lambdas/Lists/User/src/UserDeleter.java       | 16 ++++-
 Lambdas/Lists/pom.xml                         |  9 ++-
 6 files changed, 112 insertions(+), 7 deletions(-)
 create mode 100644 Lambdas/Lists/ListShare/src/ListSharePOST.java
 create mode 100644 Lambdas/Lists/ListShare/src/ListSharer.java

diff --git a/Lambdas/Lists/List/src/ListAdder.java b/Lambdas/Lists/List/src/ListAdder.java
index a65d780..03fd809 100644
--- a/Lambdas/Lists/List/src/ListAdder.java
+++ b/Lambdas/Lists/List/src/ListAdder.java
@@ -8,7 +8,8 @@ public class ListAdder implements CallHandler {
     private Connection connection;
     private String cognitoID;
 
-    private final String LIST_CREATE = "INSERT INTO List (name, owner, lastUpdated) VALUES (?, ?, ?)";
+    private final String LIST_CREATE = "INSERT INTO List (name, owner, lastUpdated) VALUES (?, ?, ?);";
+    private final String LIST_ACCESS_GRANT = "INSERT INTO ListSharee(listID, userID) VALUES(?, ?);";
 
     public ListAdder(Connection connection, String cognitoID) {
         this.connection = connection;
@@ -17,7 +18,9 @@ public class ListAdder implements CallHandler {
 
     public Object conductAction(Map<String, Object> bodyMap, HashMap<String, String> queryString, String cognitoID) throws SQLException {
         PreparedStatement statement = connection.prepareStatement(LIST_CREATE, Statement.RETURN_GENERATED_KEYS);
-        statement.setString(1, bodyMap.get("name").toString());//Needs safe checking
+
+        String listName = bodyMap.get("name").toString();//Needs safe checking
+        statement.setString(1, listName);
         statement.setString(2, cognitoID);
         statement.setTimestamp(3, Timestamp.from(Instant.now()));
         System.out.println(statement);
@@ -25,7 +28,13 @@ public class ListAdder implements CallHandler {
         ResultSet newIDRS = statement.getGeneratedKeys();
         newIDRS.first();
         Integer newID = newIDRS.getInt(1);
+        PreparedStatement accessGrant = connection.prepareStatement(LIST_ACCESS_GRANT);
+        accessGrant.setInt(1, newID);
+        accessGrant.setString(2, cognitoID);
+        System.out.println(accessGrant);
+        accessGrant.executeUpdate();
         connection.commit();
+        System.out.println(newID);
         return newID;
     }
 }
diff --git a/Lambdas/Lists/List/src/ListGetter.java b/Lambdas/Lists/List/src/ListGetter.java
index 0ad47f9..c5a9ed1 100644
--- a/Lambdas/Lists/List/src/ListGetter.java
+++ b/Lambdas/Lists/List/src/ListGetter.java
@@ -11,7 +11,7 @@ public class ListGetter implements CallHandler{
     private final String cognitoID;
 
     private final String GET_LIST = "SELECT * FROM List WHERE listID = ?;";
-    private final String GET_LISTS = "SELECT listID FROM List WHERE owner = ?;";
+    private final String GET_LISTS = "SELECT listID FROM ListSharee WHERE userID = ?;";
     private final String GET_ENTRIES = "SELECT * FROM ListProduct WHERE listID = ?;";
 
     public ListGetter(Connection connection, String cognitoID) {
diff --git a/Lambdas/Lists/ListShare/src/ListSharePOST.java b/Lambdas/Lists/ListShare/src/ListSharePOST.java
new file mode 100644
index 0000000..c986edd
--- /dev/null
+++ b/Lambdas/Lists/ListShare/src/ListSharePOST.java
@@ -0,0 +1,11 @@
+import com.amazonaws.services.lambda.runtime.Context;
+import com.amazonaws.services.lambda.runtime.RequestHandler;
+
+import java.util.Map;
+
+public class ListSharePOST implements RequestHandler<Map<String,Object>, Object> {
+
+    public Object handleRequest(Map<String, Object> inputMap, Context unfilled) {
+        return BasicHandler.handleRequest(inputMap, unfilled, ListSharer.class);
+    }
+}
diff --git a/Lambdas/Lists/ListShare/src/ListSharer.java b/Lambdas/Lists/ListShare/src/ListSharer.java
new file mode 100644
index 0000000..6b15c3b
--- /dev/null
+++ b/Lambdas/Lists/ListShare/src/ListSharer.java
@@ -0,0 +1,68 @@
+import com.amazonaws.services.lambda.AWSLambdaClientBuilder;
+import com.amazonaws.services.lambda.model.InvokeRequest;
+import com.amazonaws.services.lambda.model.InvokeResult;
+
+import java.security.AccessControlException;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.InputMismatchException;
+import java.util.Map;
+
+public class ListSharer implements CallHandler {
+
+    private Connection connection;
+    private String cognitoID;
+
+    public ListSharer(Connection connection, String cognitoID) {
+        this.connection = connection;
+        this.cognitoID = cognitoID;
+    }
+
+    final private String CHECK_ACCESS = "SELECT * from ListSharee WHERE listID = ? AND userID = ?;";
+    final private String SHARE_LIST = "INSERT INTO ListSharee(listID, userID) VALUES(?, ?);";
+
+    public Object conductAction(Map<String, Object> bodyMap, HashMap<String, String> queryString, String cognitoID) throws SQLException {
+        PreparedStatement checkAccess = connection.prepareStatement(CHECK_ACCESS);
+        Integer listID = Integer.parseInt(bodyMap.get("listID").toString());
+        checkAccess.setInt(1, listID);
+        checkAccess.setString(2, cognitoID);
+        ResultSet checkAccessRS = checkAccess.executeQuery();
+        if (!checkAccessRS.next()) {
+            throw new AccessControlException("The requesting user does not have access to the requested list");
+        }
+        InvokeRequest invokeRequest = new InvokeRequest();
+        invokeRequest.setFunctionName("UserGET");
+        invokeRequest.setPayload("{" +
+                "  \"body\": {" +
+                "      \"emailToCheck\": \"" + bodyMap.get("shareWith").toString() + "\"" +
+                "  }," +
+                "  \"params\": {" +
+                "      \"querystring\": {" +
+                "      }" +
+                "  }," +
+                "  \"context\": {" +
+                "    \"sub\": \"not used\"" +
+                "  }" +
+                "}");
+        InvokeResult invokeResult = AWSLambdaClientBuilder.defaultClient().invoke(invokeRequest);
+        if (invokeResult.getStatusCode() != 200) {
+            throw new InputMismatchException("Could not find specified user to share with");
+        }
+        String shareWithSub = new String(invokeResult.getPayload().array()).replace("\"", "");
+        checkAccess.setString(2, shareWithSub);
+        checkAccessRS = checkAccess.executeQuery();
+        if (checkAccessRS.next()) {
+            throw new InputMismatchException("The specified user already has access");
+        }
+
+        PreparedStatement shareList = connection.prepareStatement(SHARE_LIST);
+        shareList.setInt(1, listID);
+        shareList.setString(2, shareWithSub);
+        shareList.executeUpdate();
+        connection.commit();
+        return null;
+    }
+}
diff --git a/Lambdas/Lists/User/src/UserDeleter.java b/Lambdas/Lists/User/src/UserDeleter.java
index b440d9e..e89776b 100644
--- a/Lambdas/Lists/User/src/UserDeleter.java
+++ b/Lambdas/Lists/User/src/UserDeleter.java
@@ -19,6 +19,8 @@ public class UserDeleter implements CallHandler {
     private final String GET_LISTS = "SELECT * FROM List WHERE (owner = ?);";
     private final String DELETE_LIST_PRODUCT = "DELETE FROM ListProduct WHERE (listID = ?);";
     private final String DELETE_LISTS = "DELETE FROM List WHERE (owner = ?);";
+    private final String DELETE_LIST_SHARES = "DELETE FROM ListSharee WHERE (listID = ?);";
+    private final String DELETE_LIST_ACCESS = "DELETE FROM ListSharee WHERE (userID = ?);";
 
     public UserDeleter(Connection connection, String cognitoID) {
         this.connection = connection;
@@ -57,13 +59,23 @@ public class UserDeleter implements CallHandler {
             statement = connection.prepareStatement(DELETE_LIST_PRODUCT);
             statement.setInt(1, listID);
             System.out.println(statement);
-            statement.executeQuery();
+            statement.executeUpdate();
+
+            statement = connection.prepareStatement(DELETE_LIST_SHARES);
+            statement.setInt(1, listID);
+            System.out.println(statement);
+            statement.executeUpdate();
         }
 
         statement = connection.prepareStatement(DELETE_LISTS);
         statement.setString(1, cognitoID);
         System.out.println(statement);
-        statement.executeQuery();
+        statement.executeUpdate();
+        statement = connection.prepareStatement(DELETE_LIST_ACCESS);
+        statement.setString(1, cognitoID);
+        System.out.println(statement);
+        statement.executeUpdate();
+
         connection.commit();
 
         return null;
diff --git a/Lambdas/Lists/pom.xml b/Lambdas/Lists/pom.xml
index c80c2c7..6fbc972 100644
--- a/Lambdas/Lists/pom.xml
+++ b/Lambdas/Lists/pom.xml
@@ -14,10 +14,15 @@
             <artifactId>aws-lambda-java-core</artifactId>
             <version>1.2.1</version>
         </dependency>
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-lambda</artifactId>
+            <version>1.11.875</version>
+        </dependency>
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-lambda-java-events</artifactId>
-            <version>3.1.0</version>
+            <version>3.4.0</version>
         </dependency>
         <dependency>
             <groupId>com.amazonaws</groupId>
@@ -42,7 +47,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.5.12</version>
+            <version>4.5.13</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>