public static Permissions createPermissions(User user, DatabaseConnection db)
        {
            PreparedStatement preStmtUser = db.Prepare("SELECT action.name, content_id, allow FROM user_account_can_do_action, action WHERE action.id = user_account_can_do_action.action_id AND user_account_id = "+user.id);
            PreparedStatement preStmtGroup = db.Prepare("SELECT action.name, content_id, allow FROM action, user_group_can_do_action, (SELECT user_group_id FROM user_account_in_user_group WHERE user_account_id = " + user.id + ") userGroups WHERE action.id = user_group_can_do_action.action_id AND user_group_can_do_action.user_group_id = userGroups.user_group_id");

            List<RestService.Entities.Action> actions = new List<RestService.Entities.Action>();

            Console.WriteLine(preStmtUser.GetCmd().CommandText);

            SqlDataReader reader = db.Query(new Dictionary<string,string>(),preStmtUser);

            while (reader.Read())
            {
                int contentId = int.Parse(reader.GetString(reader.GetOrdinal("content_id")));
                string actionName = reader.GetString(reader.GetOrdinal("name"));
                bool allowed = reader.GetBoolean(reader.GetOrdinal("allow"));

                actions.Add(new Entities.Action(contentId,actionName,null, true));
            }

            reader = db.Query(new Dictionary<string,string>(), preStmtGroup);

            while (reader.Read())
            {
                int contentId = reader.GetInt32(reader.GetOrdinal("content_id"));
                string actionName = reader.GetString(reader.GetOrdinal("name"));
                bool allowed = reader.GetBoolean(reader.GetOrdinal("allow"));

                actions.Add(new Entities.Action(contentId, actionName, null, true));
            }

            return new Permissions(actions.ToArray(), user);
        }
Example #2
0
 //Contructor
 public Request(LinkedList<string> uri, RestMethods method, Dictionary<string, string> data, User user, string authorization)
 {
     this.uri = uri;
     this.method = method;
     this.data = data;
     this.user = user;
     this.authorization = authorization;
 }
        private static User GetUser(string email, string password)
        {
            DatabaseConnection dbConnect = new DatabaseConnection("SMU");

            string query = @"SELECT * FROM user_account WHERE email='" + email + "' AND password_hash='" + password + "'";
            PreparedStatement prepStat = dbConnect.Prepare(query);

            SqlDataReader reader = dbConnect.Query(null, prepStat);

            User user = null;
            while (reader.Read())
            {
                int id = reader.GetInt32(reader.GetOrdinal("id"));
                string userEmail = reader.GetString(reader.GetOrdinal("email"));
                string userPassword = reader.GetString(reader.GetOrdinal("password_hash"));

                //TODO userdata has to be fetched witht he rast of the data
                user = new User(id, userEmail, userPassword, null);
            }

            reader.Close();
            dbConnect.CloseConnection();

            return user;
        }
 private Permissions(RestService.Entities.Action[] actions, User user)
 {
     this.actions = actions;
     this.user = user;
 }