public static Permissions createPermissions(User user, DatabaseConnection db)
{
PreparedStatement preStmtUser = db.Prepare("SELECT action.name, content_id, allow FROM user_account_can_do_action, action WHERE action.id = user_account_can_do_action.action_id AND user_account_id = "+user.id);
PreparedStatement preStmtGroup = db.Prepare("SELECT action.name, content_id, allow FROM action, user_group_can_do_action, (SELECT user_group_id FROM user_account_in_user_group WHERE user_account_id = " + user.id + ") userGroups WHERE action.id = user_group_can_do_action.action_id AND user_group_can_do_action.user_group_id = userGroups.user_group_id");
List<RestService.Entities.Action> actions = new List<RestService.Entities.Action>();
Console.WriteLine(preStmtUser.GetCmd().CommandText);
SqlDataReader reader = db.Query(new Dictionary<string,string>(),preStmtUser);
while (reader.Read())
{
int contentId = int.Parse(reader.GetString(reader.GetOrdinal("content_id")));
string actionName = reader.GetString(reader.GetOrdinal("name"));
bool allowed = reader.GetBoolean(reader.GetOrdinal("allow"));
actions.Add(new Entities.Action(contentId,actionName,null, true));
}
reader = db.Query(new Dictionary<string,string>(), preStmtGroup);
while (reader.Read())
{
int contentId = reader.GetInt32(reader.GetOrdinal("content_id"));
string actionName = reader.GetString(reader.GetOrdinal("name"));
bool allowed = reader.GetBoolean(reader.GetOrdinal("allow"));
actions.Add(new Entities.Action(contentId, actionName, null, true));
}
return new Permissions(actions.ToArray(), user);
}
//Contructor
public Request(LinkedList<string> uri, RestMethods method, Dictionary<string, string> data, User user, string authorization)
{
this.uri = uri;
this.method = method;
this.data = data;
this.user = user;
this.authorization = authorization;
}
private static User GetUser(string email, string password)
{
DatabaseConnection dbConnect = new DatabaseConnection("SMU");
string query = @"SELECT * FROM user_account WHERE email='" + email + "' AND password_hash='" + password + "'";
PreparedStatement prepStat = dbConnect.Prepare(query);
SqlDataReader reader = dbConnect.Query(null, prepStat);
User user = null;
while (reader.Read())
{
int id = reader.GetInt32(reader.GetOrdinal("id"));
string userEmail = reader.GetString(reader.GetOrdinal("email"));
string userPassword = reader.GetString(reader.GetOrdinal("password_hash"));
//TODO userdata has to be fetched witht he rast of the data
user = new User(id, userEmail, userPassword, null);
}
reader.Close();
dbConnect.CloseConnection();
return user;
}
private Permissions(RestService.Entities.Action[] actions, User user)
{
this.actions = actions;
this.user = user;
}