This repository has been archived on 2021-11-25. You can view files and clone it, but cannot push or open issues or pull requests.
DBHomework/allowuser.cpp

170 lines
4.4 KiB
C++
Raw Normal View History

2017-11-22 16:32:54 +08:00
#include "Session.h"
#include "Util.h"
#include "jsonfail.h"
#include "json.hpp"
using namespace std;
using json = nlohmann::json;
#define postval(NAME) string NAME=req.post[#NAME]
int main()
{
Request req;
Session se(req);
Response res;
json j;
auto jsonfail=[&](int errcode,const string& detail="")
{
j["success"]=0;
j["errcode"]=errcode;
j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail;
};
do
{
if(!se.isReady())
{
jsonfail(err_session);
break;
}
if(se.isNew()||se.getUser().empty())
{
jsonfail(err_need_login);
break;
}
if(req.requestMethod!="POST")
{
jsonfail(err_method_not_supported);
break;
}
if(req.post["account"].empty())
{
jsonfail(err_missing_parameter);
break;
}
postval(account);
/// Connect to DB
DBInfo db;
MySQLConn conn;
if(db.readConfig()<0)
{
jsonfail(err_config);
break;
}
if(db.connectProxy(conn)<0)
{
jsonfail(err_connect);
break;
}
/// Check Permission
int permission_level;
if(conn.exec(make_str("select permission_level from bs_user where username='",
se.getUser(),
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
permission_level=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(permission_level>1)
{
/// Permission Denied.
jsonfail(err_permission_denied);
break;
}
/// Check if target user exists
int count_val;
if(conn.exec(make_str("select count(username) from bs_user where username='",
account,
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
count_val=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 2");
break;
}
if(count_val!=1)
{
jsonfail(err_data,"Username Not Exist");
break;
}
/// Check Target User Permission Level
int target_level;
if(conn.exec(make_str("select permission_level from bs_user where username='",
account,
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
target_level=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(permission_level==1) /// Normal Admin
{
if(target_level<=1) /// Target is also admin
{
jsonfail(err_permission_denied,"Need Super Admin");
break;
}
}
else /// permission_level==0 , Super Admin
{
if(target_level==0) /// Target is also super admin
{
jsonfail(err_permission_denied,"Super Admin Conflict");
break;
}
}
/// Now we have permission, and we ensure the user is there.
/// Do Update
if(conn.exec(make_str("update bs_user set account_status=3 where username='",
account,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Step 4");
break;
}
if(conn.getAffectedRows()!=1)
{
jsonfail(err_sql_logic,"Update Affect Rows not equals to 1");
break;
}
j["success"]=1;
}while(0);
res.content.append(j.dump());
res.show();
return 0;
}