Merge branch 'master' into aaron-branch-2

Lambdas/Lists/List/src/ListAdder.java

@@ -9,7 +9,7 @@ public class ListAdder implements CallHandler {
     private String cognitoID;
 
     private final String LIST_CREATE = "INSERT INTO List (name, owner, lastUpdated) VALUES (?, ?, ?);";
-    private final String LIST_ACCESS_GRANT = "INSERT INTO ListSharee(listID, userID) VALUES(?, ?);";
+    private final String LIST_ACCESS_GRANT = "INSERT INTO ListSharee(listID, userID, permissionLevel) VALUES(?, ?, ?);";
 
     public ListAdder(Connection connection, String cognitoID) {
         this.connection = connection;
@@ -31,6 +31,7 @@ public class ListAdder implements CallHandler {
         PreparedStatement accessGrant = connection.prepareStatement(LIST_ACCESS_GRANT);
         accessGrant.setInt(1, newID);
         accessGrant.setString(2, cognitoID);
+        accessGrant.setInt(3, ListPermissions.getAll());
         System.out.println(accessGrant);
         accessGrant.executeUpdate();
         connection.commit();

Lambdas/Lists/List/src/ListDeleter.java

@@ -10,7 +10,7 @@ public class ListDeleter implements CallHandler {
     private final Connection connection;
     private final String cognitoID;
 
-    private final String GET_LISTS = "SELECT * FROM List WHERE (owner = ? AND listID = ?);";
+    private final String ACCESS_CHECK = "SELECT * from ListSharee WHERE userID = ? and listID = ?;";
     private final String DELETE_LIST = "DELETE FROM List WHERE listID = ?;";
     private final String DELETE_REQUESTOR_ACCESS = "DELETE FROM ListSharee where listID = ? AND userID = ?;";
     private final String DELETE_LIST_ACCESS = "DELETE FROM ListSharee where listID = ?;";
@@ -24,19 +24,24 @@ public class ListDeleter implements CallHandler {
     @Override
     public Object conductAction(Map<String, Object> bodyMap, HashMap<String, String> queryMap, String cognitoID) throws SQLException {
         Integer listID = Integer.parseInt(queryMap.get("id"));
-        PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS);
-        cleanRequestorAccess.setInt(1, listID);
-        cleanRequestorAccess.setString(2, cognitoID);
-        System.out.println(cleanRequestorAccess);
-        cleanRequestorAccess.executeUpdate();
 
-        PreparedStatement accessCheck = connection.prepareStatement(GET_LISTS);
+        PreparedStatement accessCheck = connection.prepareStatement(ACCESS_CHECK);
         accessCheck.setString(1, cognitoID);
         accessCheck.setInt(2, listID);
         System.out.println(accessCheck);
         ResultSet userLists = accessCheck.executeQuery();
         if (!userLists.next()) {
             throw new AccessControlException("User does not have access to list");
+        } else {
+            Integer permissionLevel = userLists.getInt("permissionLevel");
+            if (!ListPermissions.hasPermission(permissionLevel, "Delete")) {
+                PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS);
+                cleanRequestorAccess.setInt(1, listID);
+                cleanRequestorAccess.setString(2, cognitoID);
+                System.out.println(cleanRequestorAccess);
+                cleanRequestorAccess.executeUpdate();
+                return null;
+            }
         }
         PreparedStatement cleanAccess = connection.prepareStatement(DELETE_LIST_ACCESS);
         cleanAccess.setInt(1, listID);

Lambdas/Lists/List/src/ListGetter.java

@@ -1,3 +1,4 @@
+import java.security.AccessControlException;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
@@ -40,8 +41,18 @@ public class ListGetter implements CallHandler{
         System.out.println(checkAccess);
         ResultSet accessResults = checkAccess.executeQuery();
         int sharees = 0;
-        while (sharees < 2 && accessResults.next()) {
-            sharees++;
+        boolean verifiedAccess = false;
+        while ((sharees < 2 && accessResults.next()) || !verifiedAccess) {
+            int permissionLevel = accessResults.getInt("permissionLevel");
+            if (accessResults.getString("userID").equals(cognitoID)) {
+                verifiedAccess = true;
+                if (!ListPermissions.hasPermission(permissionLevel, "Read")) {
+                    throw new AccessControlException("User " + cognitoID + " does not have permission to read list " + id);
+                }
+            }
+            if (permissionLevel > 0) {
+                sharees++;
+            }
         }
         boolean shared = false;
         if (sharees > 1) {

Lambdas/Lists/List/src/ListPermissions.java

@@ -0,0 +1,41 @@
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+public class ListPermissions {
+    private static final Map<Integer, String> keysToPerms;
+    static {
+        //All keys should be a prime number > 1
+        //All keys need to be maintained here and in ListShare object in data on the client side
+        HashMap<Integer, String> keysToPermsTemp = new HashMap<>();
+        keysToPermsTemp.put(2, "read");
+        keysToPermsTemp.put(3, "write");
+        keysToPermsTemp.put(5, "delete");
+        keysToPermsTemp.put(7, "share");
+        keysToPerms = Collections.unmodifiableMap(keysToPermsTemp);
+    }
+
+    public static Integer getAll() {
+        Integer toReturn = 1;
+        for (Integer key : keysToPerms.keySet()) {
+            toReturn *= key;
+        }
+        return toReturn;
+    }
+
+    public static boolean hasPermission(Integer level, String permission) {
+        return level % getKeyForPermission(permission) == 0;
+    }
+
+    public static Integer getKeyForPermission(String permissionRaw) {
+        String permission = permissionRaw.toLowerCase();
+        for (Map.Entry<Integer, String> entry : keysToPerms.entrySet()) {
+            if (entry.getValue().equals(permission)) {
+                return entry.getKey();
+            }
+        }
+        System.out.println("Tried to get key for invalid permission: " + permission);
+        return -1;
+    }
+
+}