package de.superx.servlet;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import javax.servlet.http.HttpServletRequest;

import org.dbforms.config.DbFormsConfig;
import org.dbforms.config.FieldValues;
import org.dbforms.config.Table;
import org.dbforms.config.ValidationException;
import org.dbforms.event.DbEventInterceptorSupport;

//Test
/**
 * Die Klasse prüft die Berechtigung bei dbforms
 * 
 * @author Daniel Quathamer <danielq@memtext.de>
 * @version 3.0, 19.1.2007 DQ 25.10.2007: Unterscheidung zwischen Lese- und
 *          Schreibrecht eingeführt Schreibrecht=1 Leserecht=2 kein Recht=0
 */

public class DbformInterceptor extends DbEventInterceptorSupport {
	protected int checkRights(String userid, String db_form_name, Connection con,
			int readwrite) throws ValidationException {
		Statement st;
		ResultSet l_rset;
		String erlaubt = "0";

		try {

			st = con.createStatement();
			l_rset = st.executeQuery("select sp_get_dbform_right('"
					+ db_form_name + "'," + userid + ") from xdummy");
			if (l_rset.next() == true) {
				erlaubt = l_rset.getString(1);
			}
			l_rset.close();
			st.close();
		} catch (SQLException e) {
			throw new ValidationException("Fehler bei Rechteermittlung DETAILS: "
					+ e.toString());
		}
		if (erlaubt.equals("1"))
			return GRANT_OPERATION;
		else
		// Wenn nur Leserecht gefordert ist, und die SP 2 zurückgibt, wird auch
		// GRANT geliefert:
		if (erlaubt.equals("2") && readwrite == 2)
			return GRANT_OPERATION;
		else
			return DENY_OPERATION;
	}

	public int preInsert(HttpServletRequest request, Table table,
			FieldValues fieldValues, DbFormsConfig config, Connection con)
			throws ValidationException {
		int right= checkRights(request.getSession().getAttribute("UserID")
				.toString(), table.getName(), con, 1);
		if (table.getName().equals("unload_params")&&fieldValues.get("param_val").getFieldValue().indexOf(";")>-1)
			right=DENY_OPERATION;
		return right;}

	public int preUpdate(HttpServletRequest request, Table table,
			FieldValues fieldValues, DbFormsConfig config, Connection con)
			throws ValidationException {
		
		int right= checkRights(request.getSession().getAttribute("UserID")
				.toString(), table.getName(), con, 1);
		if (table.getName().equals("unload_params")&&fieldValues.get("param_val").getFieldValue().indexOf(";")>-1)
			right=DENY_OPERATION;
		return right;
	}

	public int preDelete(HttpServletRequest request, Table table,
			FieldValues fieldValues, DbFormsConfig config, Connection con)
			throws ValidationException {
		return checkRights(request.getSession().getAttribute("UserID")
				.toString(), table.getName(), con, 1);
	}

	public int preSelect(HttpServletRequest request, Table table,
			FieldValues fieldValues, DbFormsConfig config, Connection con)
			throws ValidationException {
		return checkRights(request.getSession().getAttribute("UserID")
				.toString(), table.getName(), con, 2);
	}
}