ClaytonWWilson/Listify
1
0
Fork 0
mirror of https://github.com/ClaytonWWilson/Listify.git synced 2025-12-16 02:38:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #97 from ClaytonWWilson/non-owner-delete

Browse Source 
Allow non-owner semi-delete
This commit is contained in:
Nathan Merz 2020-11-01 21:48:25 -05:00 committed by GitHub
commit 7e7b4bec84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Lambdas/Lists/List/src/ListDeleter.java
View File

@ -12,6 +12,7 @@ public class ListDeleter implements CallHandler {
private final String GET_LISTS = "SELECT * FROM List WHERE (owner = ? AND listID = ?);"; private final String GET_LISTS = "SELECT * FROM List WHERE (owner = ? AND listID = ?);";
private final String DELETE_LIST = "DELETE FROM List WHERE listID = ?;"; private final String DELETE_LIST = "DELETE FROM List WHERE listID = ?;";
private final String DELETE_REQUESTOR_ACCESS = "DELETE FROM ListSharee where listID = ? AND userID = ?;";
private final String DELETE_LIST_ACCESS = "DELETE FROM ListSharee where listID = ?;"; private final String DELETE_LIST_ACCESS = "DELETE FROM ListSharee where listID = ?;";
private final String DELETE_LIST_ENTRIES = "DELETE FROM ListProduct where listID = ?;"; private final String DELETE_LIST_ENTRIES = "DELETE FROM ListProduct where listID = ?;";
@ -23,12 +24,17 @@ public class ListDeleter implements CallHandler {
@Override @Override
public Object conductAction(Map<String, Object> bodyMap, HashMap<String, String> queryMap, String cognitoID) throws SQLException { public Object conductAction(Map<String, Object> bodyMap, HashMap<String, String> queryMap, String cognitoID) throws SQLException {
Integer listID = Integer.parseInt(queryMap.get("id")); Integer listID = Integer.parseInt(queryMap.get("id"));
PreparedStatement cleanRequestorAccess = connection.prepareStatement(DELETE_REQUESTOR_ACCESS);
cleanRequestorAccess.setInt(1, listID);
cleanRequestorAccess.setString(2, cognitoID);
System.out.println(cleanRequestorAccess);
cleanRequestorAccess.executeUpdate();
PreparedStatement accessCheck = connection.prepareStatement(GET_LISTS); PreparedStatement accessCheck = connection.prepareStatement(GET_LISTS);
accessCheck.setString(1, cognitoID); accessCheck.setString(1, cognitoID);
accessCheck.setInt(2, listID); accessCheck.setInt(2, listID);
System.out.println(accessCheck); System.out.println(accessCheck);
ResultSet userLists = accessCheck.executeQuery(); ResultSet userLists = accessCheck.executeQuery();
if (!userLists.next()) { if (!userLists.next()) {
throw new AccessControlException("User does not have access to list"); throw new AccessControlException("User does not have access to list");
} }