/// <summary>
/// File constructor
/// </summary>
/// <param name="str">GUID string</param>
public File(string str)
{
Guid guid;
if (!Guid.TryParse(str, out guid))
throw new ArgumentException();
_guid = str.ToUpper();
var si = new SqlIntegrate(Utility.ConnStr);
si.AddParameter("@GUID", SqlIntegrate.DataType.VarChar, str.ToUpper());
var fileInfo = si.Reader("SELECT * FROM [File] WHERE [GUID] = @GUID");
_name = fileInfo["name"].ToString();
_info = fileInfo["info"].ToString();
_extension = fileInfo["extension"].ToString();
_size = Convert.ToInt32(fileInfo["size"]);
_uploader = new User(Guid.Parse(fileInfo["uploader"].ToString()));
_downloadCount = Convert.ToInt32(fileInfo["downloadCount"]);
_uploadTime = Convert.ToDateTime(fileInfo["uploadTime"]);
_savePath = StoragePath + str.ToUpper();
_permission = (PermissionLevel)Convert.ToInt32(fileInfo["permission"]);
_mediaId = fileInfo["media_id"].ToString();
Tag = new List<string>();
si.ResetParameter();
si.AddParameter("@FUID", SqlIntegrate.DataType.VarChar, str.ToUpper());
var tagList = si.Adapter("SELECT [name] FROM [Filetag] WHERE FUID = @FUID");
for (var i = 0; i < tagList.Rows.Count; i++)
Tag.Add(tagList.Rows[i]["name"].ToString());
}
/// <summary>
/// Notification constructor (obtain a current one)
/// </summary>
/// <param name="id">Notification ID in database</param>
public Notification(int id)
{
var si = new SqlIntegrate(Utility.ConnStr);
si.AddParameter("@ID", SqlIntegrate.DataType.Int, id);
var dr = si.Reader("SELECT * FROM Notification WHERE ID = @ID");
Content = dr["content"].ToString();
Title = dr["title"].ToString();
Id = id;
Type = (PermissionType)int.Parse(dr["type"].ToString());
_group = -1;
if (Type == PermissionType.SelfGroupOnly)
_group = new User(Guid.Parse(dr["UUID"].ToString())).Group;
NotifyTime = Convert.ToDateTime(dr["notifyTime"].ToString());
}
public override void Process(System.Web.HttpContext context)
{
if (context.Request["action"] == null) return;
if (context.Request["action"] == "login")
{
if (context.Request.Form["username"] == null
|| context.Request.Form["password"] == null
|| SAAO.User.IsLogin) return;
if (SAAO.User.Exist(context.Request.Form["username"].ToLower()))
{
var user = new SAAO.User(context.Request.Form["username"].ToLower());
if (!user.Login(context.Request.Form["password"]))
R.Flag = 2;
if (user.Wechat == "" && context.Session["wechat"] != null)
user.Wechat = context.Session["wechat"].ToString();
}
else
R.Flag = 2;
}
if (!SAAO.User.IsLogin) return;
if (context.Request["action"] == "password")
{
if (SAAO.User.Current.Verify(context.Request.Form["password"]))
SAAO.User.Current.PasswordRaw = context.Request.Form["newpassword"];
else
R.Flag = 2;
}
else if (context.Request["action"] == "logout")
{
SAAO.User.Current.Logout();
}
else if (context.Request["action"] == "info")
{
R.Flag = 2;
if (context.Request.Form["phone"] == null || !Regex.IsMatch(context.Request.Form["phone"], "\\d{11}")) return;
if (context.Request.Form["mail"] == null || !Regex.IsMatch(context.Request.Form["mail"], "\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*")) return;
if (context.Request.Form["classnum"] == null || !Regex.IsMatch(context.Request.Form["classnum"], "\\d{2}|\\d{1}")) return;
R.Flag = 0;
SAAO.User.Current.Phone = context.Request.Form["phone"];
SAAO.User.Current.Mail = context.Request.Form["mail"];
SAAO.User.Current.Class = int.Parse(context.Request.Form["classnum"]);
}
else if (context.Request["action"] == "unbind")
{
SAAO.User.Current.Wechat = "";
}
}
/// <summary>
/// Wechat Login
/// </summary>
/// <param name="wechatId">Wechat ID(username)</param>
/// <returns>Whether the wechat ID has been bound</returns>
public static bool WechatLogin(string wechatId)
{
var si = new SqlIntegrate(Utility.ConnStr);
si.AddParameter("@wechat", SqlIntegrate.DataType.VarChar, wechatId);
var r = si.Query(
"SELECT [username] FROM [User] WHERE [wechat] = @wechat");
if (r == null) return false;
Current = new User(r.ToString());
// TODO: no raw password raw storage!
return true;
}
/// <summary>
/// Check whether a user has the permission to the file
/// </summary>
/// <param name="user">User</param>
/// <returns>whether a user has the permission to the file</returns>
public bool Visible(User user)
{
return Visible(_permission, _uploader.UUID, _uploader.Group, user);
}
/// <summary>
/// Check whether a user has the permission to a file (static function)
/// </summary>
/// <param name="permission">Permission setting</param>
/// <param name="uuid">UUID (of uploader)</param>
/// <param name="group">Group (of uploader)</param>
/// <param name="user">User (current one most possibly)</param>
/// <returns>whether a user has the permission to a file</returns>
public static bool Visible(PermissionLevel permission, string uuid, int group, User user)
{
if (uuid == user.UUID)
return true;
switch (permission)
{
case PermissionLevel.All:
return true;
case PermissionLevel.SelfGroupOnly:
if (group == user.Group)
return true;
break;
case PermissionLevel.SeniorTwoOnly:
if (user.Senior == 2)
return true;
break;
case PermissionLevel.ImptMembOnly:
if (user.IsExecutive)
return true;
break;
default:
return false;
}
return false;
}
