diff --git a/Lambdas/Lists/List/src/ListGetter.java b/Lambdas/Lists/List/src/ListGetter.java index 5886d35..e29267c 100644 --- a/Lambdas/Lists/List/src/ListGetter.java +++ b/Lambdas/Lists/List/src/ListGetter.java @@ -44,14 +44,17 @@ public class ListGetter implements CallHandler{ boolean verifiedAccess = false; int uiPosition = 1; while ((sharees < 2 && accessResults.next()) || !verifiedAccess) { + int permissionLevel = accessResults.getInt("permissionLevel"); if (accessResults.getString("userID").equals(cognitoID)) { verifiedAccess = true; - if (!ListPermissions.hasPermission(accessResults.getInt("permissionLevel"), "Read")) { + if (!ListPermissions.hasPermission(permissionLevel, "Read")) { throw new AccessControlException("User " + cognitoID + " does not have permission to read list " + id); } uiPosition = accessResults.getInt("uiPosition"); } - sharees++; + if (permissionLevel > 0) { + sharees++; + } } boolean shared = false; if (sharees > 1) { diff --git a/Lambdas/Lists/ListShare/src/ListSharer.java b/Lambdas/Lists/ListShare/src/ListSharer.java index 2beef67..c8b67cd 100644 --- a/Lambdas/Lists/ListShare/src/ListSharer.java +++ b/Lambdas/Lists/ListShare/src/ListSharer.java @@ -22,8 +22,8 @@ public class ListSharer implements CallHandler { } final private String CHECK_ACCESS = "SELECT * from ListSharee WHERE listID = ? AND userID = ?;"; - final private String SHARE_LIST = "INSERT INTO ListSharee(listID, userID, permissionLevel, ) VALUES(?, ?, ?, ?) ON DUPLICATE KEY UPDATE permissionLevel = ?;"; private final String UI_POSITION_CHECK = "SELECT Max(uiPosition) as maxUIPosition FROM ListSharee WHERE userID = ?;"; + final private String SHARE_LIST = "INSERT INTO ListSharee(listID, userID, permissionLevel, uiPosition) VALUES(?, ?, ?, ?) ON DUPLICATE KEY UPDATE permissionLevel = ?;"; public Object conductAction(Map bodyMap, HashMap queryString, String cognitoID) throws SQLException { PreparedStatement checkAccess = connection.prepareStatement(CHECK_ACCESS);