From 7412915034eb8b2d291678500695a3c527ed42b1 Mon Sep 17 00:00:00 2001 From: NMerz Date: Sun, 1 Nov 2020 21:48:05 -0500 Subject: [PATCH] Allow non-owner semi-delete Non-owners should be able to remove only their own access to a list --- Lambdas/Lists/List/src/ListDeleter.java | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Lambdas/Lists/List/src/ListDeleter.java b/Lambdas/Lists/List/src/ListDeleter.java index 0b71411..820f65f 100644 --- a/Lambdas/Lists/List/src/ListDeleter.java +++ b/Lambdas/Lists/List/src/ListDeleter.java @@ -12,6 +12,7 @@ public class ListDeleter implements CallHandler { private final String GET_LISTS = "SELECT * FROM List WHERE (owner = ? AND listID = ?);"; private final String DELETE_LIST = "DELETE FROM List WHERE listID = ?;"; + private final String DELETE_REQUESTOR_ACCESS = "DELETE FROM ListSharee where listID = ? AND userID = ?;"; private final String DELETE_LIST_ACCESS = "DELETE FROM ListSharee where listID = ?;"; private final String DELETE_LIST_ENTRIES = "DELETE FROM ListProduct where listID = ?;"; @@ -23,12 +24,17 @@ public class ListDeleter implements CallHandler { @Override public Object conductAction(Map bodyMap, HashMap queryMap, String cognitoID) throws SQLException { Integer listID = Integer.parseInt(queryMap.get("id")); + PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS); + cleanRequestorAccess.setInt(1, listID); + cleanRequestorAccess.setString(2, cognitoID); + System.out.println(cleanRequestorAccess); + cleanRequestorAccess.executeUpdate(); + PreparedStatement accessCheck = connection.prepareStatement(GET_LISTS); accessCheck.setString(1, cognitoID); accessCheck.setInt(2, listID); System.out.println(accessCheck); ResultSet userLists = accessCheck.executeQuery(); - if (!userLists.next()) { throw new AccessControlException("User does not have access to list"); }