From 7cb9639f9ae40e63e5cf0b9c593e91388ee450b8 Mon Sep 17 00:00:00 2001 From: NMerz Date: Sat, 14 Nov 2020 15:17:56 -0500 Subject: [PATCH] Refine delete access The requestor's access cannot be removed until after permissions are checked. Note, if the user does have permissions, they are remove along with all other users below these changes. --- Lambdas/Lists/List/src/ListDeleter.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Lambdas/Lists/List/src/ListDeleter.java b/Lambdas/Lists/List/src/ListDeleter.java index d948007..b999c4f 100644 --- a/Lambdas/Lists/List/src/ListDeleter.java +++ b/Lambdas/Lists/List/src/ListDeleter.java @@ -24,11 +24,6 @@ public class ListDeleter implements CallHandler { @Override public Object conductAction(Map bodyMap, HashMap queryMap, String cognitoID) throws SQLException { Integer listID = Integer.parseInt(queryMap.get("id")); - PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS); - cleanRequestorAccess.setInt(1, listID); - cleanRequestorAccess.setString(2, cognitoID); - System.out.println(cleanRequestorAccess); - cleanRequestorAccess.executeUpdate(); PreparedStatement accessCheck = connection.prepareStatement(ACCESS_CHECK); accessCheck.setString(1, cognitoID); @@ -40,7 +35,12 @@ public class ListDeleter implements CallHandler { } else { Integer permissionLevel = userLists.getInt("permissionLevel"); if (!ListPermissions.hasPermission(permissionLevel, "Delete")) { - throw new AccessControlException("User " + cognitoID + " does not have permission to delete list " + listID); + PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS); + cleanRequestorAccess.setInt(1, listID); + cleanRequestorAccess.setString(2, cognitoID); + System.out.println(cleanRequestorAccess); + cleanRequestorAccess.executeUpdate(); + return null; } } PreparedStatement cleanAccess = connection.prepareStatement(DELETE_LIST_ACCESS);