public ClassDelete ManageDelete(string pQuery)
{
Match Delete = Regex.Match(pQuery, Constants.regExDelete);
if (Delete.Success)
{
;
string Table = Delete.Groups[1].Value;
string Condition = Delete.Groups[2].Value;
ClassDelete query = new ClassDelete(Table, Condition);
return(query);
}
return(null);
}
public string Query(string psentencia, string dbname, Database pDB)
{
Boolean existTablePrivileges = false;
try
{
Query query = Parse(psentencia);
string a = query.getClass();
if (pDB.getUser() == "admin")
{
query.Run(dbname);
return(query.getResult());
}
else if (a.Equals("select"))
{
Match matchtableselect = Regex.Match(psentencia, @"SELECT\s+.+\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("SELECT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassSelect q2 = (ClassSelect)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("delete"))
{
Match matchtableselect = Regex.Match(psentencia, @"DELETE\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("DELETE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassDelete q2 = (ClassDelete)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("insert"))
{
Match matchtableselect = Regex.Match(psentencia, @"INSERT\s+INTO\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("INSERT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassInsert q2 = (ClassInsert)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("update"))
{
Match matchtableselect = Regex.Match(psentencia, @"UPDATE\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("UPDATE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassUpdate q2 = (ClassUpdate)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
if (!existTablePrivileges)
{
return(Constants.SecurityNotSufficientPrivileges);
}
return(null);
}
catch (Exception e)
{
string errorreg;
string error = e.ToString();
if (error.Contains("No se pudo encontrar el archivo"))
{
errorreg = "ERROR: Table does not exist";
}
else
{
errorreg = "Your query is not valid";
}
return(errorreg);
}
}
