public ClassUpdate ManageUpdate(string pQuery)
{
Match Update = Regex.Match(pQuery, Constants.regExpUpdate);
if (Update.Success)
{
string Table = Update.Groups[1].Value;
string Column = Update.Groups[2].Value;
string[] ColumnSplit = Column.Split(',');
string Condition = Update.Groups[3].Value;
ClassUpdate query = new ClassUpdate(Table, ColumnSplit, Condition);
return(query);
}
return(null);
}
public string Query(string psentencia, string dbname, Database pDB)
{
Boolean existTablePrivileges = false;
try
{
Query query = Parse(psentencia);
string a = query.getClass();
if (pDB.getUser() == "admin")
{
query.Run(dbname);
return(query.getResult());
}
else if (a.Equals("select"))
{
Match matchtableselect = Regex.Match(psentencia, @"SELECT\s+.+\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("SELECT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassSelect q2 = (ClassSelect)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("delete"))
{
Match matchtableselect = Regex.Match(psentencia, @"DELETE\s+FROM\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("DELETE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassDelete q2 = (ClassDelete)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("insert"))
{
Match matchtableselect = Regex.Match(psentencia, @"INSERT\s+INTO\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("INSERT"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassInsert q2 = (ClassInsert)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
else if (a.Equals("update"))
{
Match matchtableselect = Regex.Match(psentencia, @"UPDATE\s+(\w+)");
string table = matchtableselect.Groups[1].Value;
List <TablePrivileges> userprivileges = pDB.GetTablePrivileges();
foreach (TablePrivileges tableprv in userprivileges)
{
if (tableprv.getTableName() == table)
{
if (tableprv.getTablePrivileges().Contains("UPDATE"))
{
existTablePrivileges = true;
query.Run(dbname);
ClassUpdate q2 = (ClassUpdate)query;
return(q2.getResult());
}
else
{
return(Constants.SecurityNotSufficientPrivileges);
}
}
}
}
if (!existTablePrivileges)
{
return(Constants.SecurityNotSufficientPrivileges);
}
return(null);
}
catch (Exception e)
{
string errorreg;
string error = e.ToString();
if (error.Contains("No se pudo encontrar el archivo"))
{
errorreg = "ERROR: Table does not exist";
}
else
{
errorreg = "Your query is not valid";
}
return(errorreg);
}
}
