SuperX
/
kern
7
0
Fork 0
Code Issues 8 Pull Requests Projects Releases Wiki Activity
SuperX-Kernmodul
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12 Commits
8 Branches
0 Tags
241 MiB
 
 
 
 
 
 
Tree: 15214edc33
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '15214edc33'
${ noResults }
kern/src/de/superx/servlet/DbformInterceptor.java

90 lines
3.0 KiB
Raw Blame History

package de.superx.servlet;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
import org.dbforms.config.DbFormsConfig;
import org.dbforms.config.FieldValues;
import org.dbforms.config.Table;
import org.dbforms.config.ValidationException;
import org.dbforms.event.DbEventInterceptorSupport;
//Test
/**
* Die Klasse prüft die Berechtigung bei dbforms
*
* @author Daniel Quathamer <danielq@memtext.de>
* @version 3.0, 19.1.2007 DQ 25.10.2007: Unterscheidung zwischen Lese- und
* Schreibrecht eingeführt Schreibrecht=1 Leserecht=2 kein Recht=0
*/
public class DbformInterceptor extends DbEventInterceptorSupport {
protected int checkRights(String userid, String db_form_name, Connection con,
int readwrite) throws ValidationException {
Statement st;
ResultSet l_rset;
String erlaubt = "0";
try {
st = con.createStatement();
l_rset = st.executeQuery("select sp_get_dbform_right('"
+ db_form_name + "'," + userid + ") from xdummy");
if (l_rset.next() == true) {
erlaubt = l_rset.getString(1);
}
l_rset.close();
st.close();
} catch (SQLException e) {
throw new ValidationException("Fehler bei Rechteermittlung DETAILS: "
+ e.toString());
}
if (erlaubt.equals("1"))
return GRANT_OPERATION;
else
// Wenn nur Leserecht gefordert ist, und die SP 2 zurückgibt, wird auch
// GRANT geliefert:
if (erlaubt.equals("2") && readwrite == 2)
return GRANT_OPERATION;
else
return DENY_OPERATION;
}
public int preInsert(HttpServletRequest request, Table table,
FieldValues fieldValues, DbFormsConfig config, Connection con)
throws ValidationException {
int right= checkRights(request.getSession().getAttribute("UserID")
.toString(), table.getName(), con, 1);
if (table.getName().equals("unload_params")&&fieldValues.get("param_val").getFieldValue().indexOf(";")>-1)
right=DENY_OPERATION;
return right;}
public int preUpdate(HttpServletRequest request, Table table,
FieldValues fieldValues, DbFormsConfig config, Connection con)
throws ValidationException {
int right= checkRights(request.getSession().getAttribute("UserID")
.toString(), table.getName(), con, 1);
if (table.getName().equals("unload_params")&&fieldValues.get("param_val").getFieldValue().indexOf(";")>-1)
right=DENY_OPERATION;
return right;
}
public int preDelete(HttpServletRequest request, Table table,
FieldValues fieldValues, DbFormsConfig config, Connection con)
throws ValidationException {
return checkRights(request.getSession().getAttribute("UserID")
.toString(), table.getName(), con, 1);
}
public int preSelect(HttpServletRequest request, Table table,
FieldValues fieldValues, DbFormsConfig config, Connection con)
throws ValidationException {
return checkRights(request.getSession().getAttribute("UserID")
.toString(), table.getName(), con, 2);
}
}