ClaytonWWilson/Listify
1
0
Fork 0
mirror of https://github.com/ClaytonWWilson/Listify.git synced 2025-12-15 18:28:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refine delete access

Browse Source 
The requestor's access cannot be removed until after permissions are checked. Note, if the user does have permissions, they are remove along with all other users below these changes.
This commit is contained in:
NMerz 2020-11-14 15:17:56 -05:00
parent 2c23331354
commit 7cb9639f9a
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Lambdas/Lists/List/src/ListDeleter.java
View File

@ -24,11 +24,6 @@ public class ListDeleter implements CallHandler {
@Override
public Object conductAction(Map<String, Object> bodyMap, HashMap<String, String> queryMap, String cognitoID) throws SQLException {
Integer listID = Integer.parseInt(queryMap.get("id"));
PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS);
cleanRequestorAccess.setInt(1, listID);
cleanRequestorAccess.setString(2, cognitoID);
System.out.println(cleanRequestorAccess);
cleanRequestorAccess.executeUpdate();
PreparedStatement accessCheck = connection.prepareStatement(ACCESS_CHECK);
accessCheck.setString(1, cognitoID);
@ -40,7 +35,12 @@ public class ListDeleter implements CallHandler {
} else {
Integer permissionLevel = userLists.getInt("permissionLevel");
if (!ListPermissions.hasPermission(permissionLevel, "Delete")) {
throw new AccessControlException("User " + cognitoID + " does not have permission to delete list " + listID);
PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS);
cleanRequestorAccess.setInt(1, listID);
cleanRequestorAccess.setString(2, cognitoID);
System.out.println(cleanRequestorAccess);
cleanRequestorAccess.executeUpdate();
return null;
}
}
PreparedStatement cleanAccess = connection.prepareStatement(DELETE_LIST_ACCESS);