From 1e85efc4647fcc03ed58300b77dce716d9787ce2 Mon Sep 17 00:00:00 2001 From: kiritow <1362050620@qq.com> Date: Wed, 22 Nov 2017 16:32:54 +0800 Subject: [PATCH] Add more api --- addbookobject.cpp | 221 ++++++++++++++++++++++++++++++++++++++++++++++ allowuser.cpp | 169 +++++++++++++++++++++++++++++++++++ blockuser.cpp | 169 +++++++++++++++++++++++++++++++++++ 3 files changed, 559 insertions(+) create mode 100644 addbookobject.cpp create mode 100644 allowuser.cpp create mode 100644 blockuser.cpp diff --git a/addbookobject.cpp b/addbookobject.cpp new file mode 100644 index 0000000..595dee9 --- /dev/null +++ b/addbookobject.cpp @@ -0,0 +1,221 @@ +#include "Session.h" +#include "Util.h" +#include "jsonfail.h" +#include "json.hpp" +using namespace std; +using json = nlohmann::json; + +#define postval(NAME) string NAME=req.post[#NAME] + +int main() +{ + Request req; + Session se(req); + Response res; + json j; + + auto jsonfail=[&](int errcode,const string& detail="") + { + j["success"]=0; + j["errcode"]=errcode; + j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail; + }; + + do + { + if(!se.isReady()) + { + jsonfail(err_session); + break; + } + if(se.isNew()||se.getUser().empty()) + { + jsonfail(err_need_login); + break; + } + + if(req.requestMethod!="POST") + { + jsonfail(err_method_not_supported); + break; + } + + if(req.post["class_id"].empty() || + req.post["position"].empty() || + req.post["status"].empty() ) + { + jsonfail(err_missing_parameter); + break; + } + + postval(class_id); + postval(position); + postval(status); + postval(book_id); + + int class_id_real=ParseInt(class_id); + if(class_id_real<0) + { + jsonfail(err_parameter,"Failed to parse class_id"); + break; + } + int status_real=ParseInt(status); + if(status_real<0) + { + jsonfail(err_parameter,"Failed to parse status"); + break; + } + + /// Connect to DB + DBInfo db; + MySQLConn conn; + if(db.readConfig()<0) + { + jsonfail(err_config); + break; + } + + if(db.connectProxy(conn)<0) + { + jsonfail(err_connect); + break; + } + + /// Check Permission + int permission_level; + if(conn.exec(make_str("select permission_level from bs_user where username='", + se.getUser(), + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + permission_level=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 1"); + break; + } + + if(permission_level>1) + { + /// Permission Denied. + jsonfail(err_permission_denied); + break; + } + + /// Verify class_id + int count_val; + if(conn.exec(make_str("select count(class_id) from bs_book where class_id=", + class_id_real), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + count_val=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 2"); + break; + } + if(count_val!=1) + { + jsonfail(err_data,"Cannot verify class_id"); + break; + } + + int book_id_real; + if(!book_id.empty()) + { + /// With book_id parameter. + /// Parse It + book_id_real=ParseInt(book_id); + if(book_id_real<0) + { + jsonfail(err_parameter,"Failed to parse book_id"); + break; + } + + /// Check if book_id exists. + int count_val; + if(conn.exec(make_str("select count(book_id) from bs_bookstatus where book_id=", + book_id_real), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + count_val=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 3"); + break; + } + + if(count_val!=0) + { + jsonfail(err_data,"book_id conflict"); + break; + } + } + else + { + /// Without book_id parameter + int count_val,max_book_id; + if(conn.exec(make_str("select count(book_id),max(book_id) from bs_bookstatus where book_id=", + book_id_real), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + count_val=ParseInt(val[0]); + max_book_id=ParseInt(val[1]); + }); + })<0) + { + jsonfail(err_sql,"Step 4"); + break; + } + if(count_val==0) + { + book_id_real=1; + } + else + { + book_id_real=max_book_id+1; + } + } + + /// Do Insert + if(conn.exec(make_str("insert into bs_bookstatus values (", + book_id_real, + ",", + class_id_real, + ",'", + position, + "',", + status, + ")"),nullptr)<0) + { + jsonfail(err_sql,"Step 5"); + break; + } + + if(conn.getAffectedRows()!=1) + { + jsonfail(err_sql_logic,"Affected not equals to 1"); + break; + } + + j["success"]=1; + + }while(0); + + res.content.append(j.dump()); + res.show(); + + return 0; +} + diff --git a/allowuser.cpp b/allowuser.cpp new file mode 100644 index 0000000..d6af399 --- /dev/null +++ b/allowuser.cpp @@ -0,0 +1,169 @@ +#include "Session.h" +#include "Util.h" +#include "jsonfail.h" +#include "json.hpp" +using namespace std; +using json = nlohmann::json; + +#define postval(NAME) string NAME=req.post[#NAME] + +int main() +{ + Request req; + Session se(req); + Response res; + json j; + + auto jsonfail=[&](int errcode,const string& detail="") + { + j["success"]=0; + j["errcode"]=errcode; + j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail; + }; + + do + { + if(!se.isReady()) + { + jsonfail(err_session); + break; + } + if(se.isNew()||se.getUser().empty()) + { + jsonfail(err_need_login); + break; + } + + if(req.requestMethod!="POST") + { + jsonfail(err_method_not_supported); + break; + } + + if(req.post["account"].empty()) + { + jsonfail(err_missing_parameter); + break; + } + + postval(account); + + /// Connect to DB + DBInfo db; + MySQLConn conn; + if(db.readConfig()<0) + { + jsonfail(err_config); + break; + } + + if(db.connectProxy(conn)<0) + { + jsonfail(err_connect); + break; + } + + /// Check Permission + int permission_level; + if(conn.exec(make_str("select permission_level from bs_user where username='", + se.getUser(), + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + permission_level=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 1"); + break; + } + + if(permission_level>1) + { + /// Permission Denied. + jsonfail(err_permission_denied); + break; + } + + /// Check if target user exists + int count_val; + if(conn.exec(make_str("select count(username) from bs_user where username='", + account, + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + count_val=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 2"); + break; + } + if(count_val!=1) + { + jsonfail(err_data,"Username Not Exist"); + break; + } + + /// Check Target User Permission Level + int target_level; + if(conn.exec(make_str("select permission_level from bs_user where username='", + account, + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + target_level=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 3"); + break; + } + + if(permission_level==1) /// Normal Admin + { + if(target_level<=1) /// Target is also admin + { + jsonfail(err_permission_denied,"Need Super Admin"); + break; + } + } + else /// permission_level==0 , Super Admin + { + if(target_level==0) /// Target is also super admin + { + jsonfail(err_permission_denied,"Super Admin Conflict"); + break; + } + } + + /// Now we have permission, and we ensure the user is there. + /// Do Update + if(conn.exec(make_str("update bs_user set account_status=3 where username='", + account, + "'"),nullptr)<0) + { + jsonfail(err_sql,"Step 4"); + break; + } + + if(conn.getAffectedRows()!=1) + { + jsonfail(err_sql_logic,"Update Affect Rows not equals to 1"); + break; + } + + j["success"]=1; + }while(0); + + res.content.append(j.dump()); + res.show(); + + return 0; +} diff --git a/blockuser.cpp b/blockuser.cpp new file mode 100644 index 0000000..d9c18b6 --- /dev/null +++ b/blockuser.cpp @@ -0,0 +1,169 @@ +#include "Session.h" +#include "Util.h" +#include "jsonfail.h" +#include "json.hpp" +using namespace std; +using json = nlohmann::json; + +#define postval(NAME) string NAME=req.post[#NAME] + +int main() +{ + Request req; + Session se(req); + Response res; + json j; + + auto jsonfail=[&](int errcode,const string& detail="") + { + j["success"]=0; + j["errcode"]=errcode; + j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail; + }; + + do + { + if(!se.isReady()) + { + jsonfail(err_session); + break; + } + if(se.isNew()||se.getUser().empty()) + { + jsonfail(err_need_login); + break; + } + + if(req.requestMethod!="POST") + { + jsonfail(err_method_not_supported); + break; + } + + if(req.post["account"].empty()) + { + jsonfail(err_missing_parameter); + break; + } + + postval(account); + + /// Connect to DB + DBInfo db; + MySQLConn conn; + if(db.readConfig()<0) + { + jsonfail(err_config); + break; + } + + if(db.connectProxy(conn)<0) + { + jsonfail(err_connect); + break; + } + + /// Check Permission + int permission_level; + if(conn.exec(make_str("select permission_level from bs_user where username='", + se.getUser(), + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + permission_level=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 1"); + break; + } + + if(permission_level>1) + { + /// Permission Denied. + jsonfail(err_permission_denied); + break; + } + + /// Check if target user exists + int count_val; + if(conn.exec(make_str("select count(username) from bs_user where username='", + account, + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + count_val=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 2"); + break; + } + if(count_val!=1) + { + jsonfail(err_data,"Username Not Exist"); + break; + } + + /// Check Target User Permission Level + int target_level; + if(conn.exec(make_str("select permission_level from bs_user where username='", + account, + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + target_level=ParseInt(val[0]); + }); + })<0) + { + jsonfail(err_sql,"Step 3"); + break; + } + + if(permission_level==1) /// Normal Admin + { + if(target_level<=1) /// Target is also admin + { + jsonfail(err_permission_denied,"Need Super Admin"); + break; + } + } + else /// permission_level==0 , Super Admin + { + if(target_level==0) /// Target is also super admin + { + jsonfail(err_permission_denied,"Super Admin Conflict"); + break; + } + } + + /// Now we have permission, and we ensure the user is there. + /// Do Update + if(conn.exec(make_str("update bs_user set account_status=1 where username='", + account, + "'"),nullptr)<0) + { + jsonfail(err_sql,"Step 4"); + break; + } + + if(conn.getAffectedRows()!=1) + { + jsonfail(err_sql_logic,"Update Affect Rows not equals to 1"); + break; + } + + j["success"]=1; + }while(0); + + res.content.append(j.dump()); + res.show(); + + return 0; +}