Add more api

This commit is contained in:
Kirigaya Kazuto 2017-11-22 16:32:54 +08:00
parent 596190a638
commit 1e85efc464
3 changed files with 559 additions and 0 deletions

221
addbookobject.cpp Normal file
View File

@ -0,0 +1,221 @@
#include "Session.h"
#include "Util.h"
#include "jsonfail.h"
#include "json.hpp"
using namespace std;
using json = nlohmann::json;
#define postval(NAME) string NAME=req.post[#NAME]
int main()
{
Request req;
Session se(req);
Response res;
json j;
auto jsonfail=[&](int errcode,const string& detail="")
{
j["success"]=0;
j["errcode"]=errcode;
j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail;
};
do
{
if(!se.isReady())
{
jsonfail(err_session);
break;
}
if(se.isNew()||se.getUser().empty())
{
jsonfail(err_need_login);
break;
}
if(req.requestMethod!="POST")
{
jsonfail(err_method_not_supported);
break;
}
if(req.post["class_id"].empty() ||
req.post["position"].empty() ||
req.post["status"].empty() )
{
jsonfail(err_missing_parameter);
break;
}
postval(class_id);
postval(position);
postval(status);
postval(book_id);
int class_id_real=ParseInt(class_id);
if(class_id_real<0)
{
jsonfail(err_parameter,"Failed to parse class_id");
break;
}
int status_real=ParseInt(status);
if(status_real<0)
{
jsonfail(err_parameter,"Failed to parse status");
break;
}
/// Connect to DB
DBInfo db;
MySQLConn conn;
if(db.readConfig()<0)
{
jsonfail(err_config);
break;
}
if(db.connectProxy(conn)<0)
{
jsonfail(err_connect);
break;
}
/// Check Permission
int permission_level;
if(conn.exec(make_str("select permission_level from bs_user where username='",
se.getUser(),
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
permission_level=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(permission_level>1)
{
/// Permission Denied.
jsonfail(err_permission_denied);
break;
}
/// Verify class_id
int count_val;
if(conn.exec(make_str("select count(class_id) from bs_book where class_id=",
class_id_real),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
count_val=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 2");
break;
}
if(count_val!=1)
{
jsonfail(err_data,"Cannot verify class_id");
break;
}
int book_id_real;
if(!book_id.empty())
{
/// With book_id parameter.
/// Parse It
book_id_real=ParseInt(book_id);
if(book_id_real<0)
{
jsonfail(err_parameter,"Failed to parse book_id");
break;
}
/// Check if book_id exists.
int count_val;
if(conn.exec(make_str("select count(book_id) from bs_bookstatus where book_id=",
book_id_real),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
count_val=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(count_val!=0)
{
jsonfail(err_data,"book_id conflict");
break;
}
}
else
{
/// Without book_id parameter
int count_val,max_book_id;
if(conn.exec(make_str("select count(book_id),max(book_id) from bs_bookstatus where book_id=",
book_id_real),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
count_val=ParseInt(val[0]);
max_book_id=ParseInt(val[1]);
});
})<0)
{
jsonfail(err_sql,"Step 4");
break;
}
if(count_val==0)
{
book_id_real=1;
}
else
{
book_id_real=max_book_id+1;
}
}
/// Do Insert
if(conn.exec(make_str("insert into bs_bookstatus values (",
book_id_real,
",",
class_id_real,
",'",
position,
"',",
status,
")"),nullptr)<0)
{
jsonfail(err_sql,"Step 5");
break;
}
if(conn.getAffectedRows()!=1)
{
jsonfail(err_sql_logic,"Affected not equals to 1");
break;
}
j["success"]=1;
}while(0);
res.content.append(j.dump());
res.show();
return 0;
}

169
allowuser.cpp Normal file
View File

@ -0,0 +1,169 @@
#include "Session.h"
#include "Util.h"
#include "jsonfail.h"
#include "json.hpp"
using namespace std;
using json = nlohmann::json;
#define postval(NAME) string NAME=req.post[#NAME]
int main()
{
Request req;
Session se(req);
Response res;
json j;
auto jsonfail=[&](int errcode,const string& detail="")
{
j["success"]=0;
j["errcode"]=errcode;
j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail;
};
do
{
if(!se.isReady())
{
jsonfail(err_session);
break;
}
if(se.isNew()||se.getUser().empty())
{
jsonfail(err_need_login);
break;
}
if(req.requestMethod!="POST")
{
jsonfail(err_method_not_supported);
break;
}
if(req.post["account"].empty())
{
jsonfail(err_missing_parameter);
break;
}
postval(account);
/// Connect to DB
DBInfo db;
MySQLConn conn;
if(db.readConfig()<0)
{
jsonfail(err_config);
break;
}
if(db.connectProxy(conn)<0)
{
jsonfail(err_connect);
break;
}
/// Check Permission
int permission_level;
if(conn.exec(make_str("select permission_level from bs_user where username='",
se.getUser(),
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
permission_level=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(permission_level>1)
{
/// Permission Denied.
jsonfail(err_permission_denied);
break;
}
/// Check if target user exists
int count_val;
if(conn.exec(make_str("select count(username) from bs_user where username='",
account,
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
count_val=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 2");
break;
}
if(count_val!=1)
{
jsonfail(err_data,"Username Not Exist");
break;
}
/// Check Target User Permission Level
int target_level;
if(conn.exec(make_str("select permission_level from bs_user where username='",
account,
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
target_level=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(permission_level==1) /// Normal Admin
{
if(target_level<=1) /// Target is also admin
{
jsonfail(err_permission_denied,"Need Super Admin");
break;
}
}
else /// permission_level==0 , Super Admin
{
if(target_level==0) /// Target is also super admin
{
jsonfail(err_permission_denied,"Super Admin Conflict");
break;
}
}
/// Now we have permission, and we ensure the user is there.
/// Do Update
if(conn.exec(make_str("update bs_user set account_status=3 where username='",
account,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Step 4");
break;
}
if(conn.getAffectedRows()!=1)
{
jsonfail(err_sql_logic,"Update Affect Rows not equals to 1");
break;
}
j["success"]=1;
}while(0);
res.content.append(j.dump());
res.show();
return 0;
}

169
blockuser.cpp Normal file
View File

@ -0,0 +1,169 @@
#include "Session.h"
#include "Util.h"
#include "jsonfail.h"
#include "json.hpp"
using namespace std;
using json = nlohmann::json;
#define postval(NAME) string NAME=req.post[#NAME]
int main()
{
Request req;
Session se(req);
Response res;
json j;
auto jsonfail=[&](int errcode,const string& detail="")
{
j["success"]=0;
j["errcode"]=errcode;
j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail;
};
do
{
if(!se.isReady())
{
jsonfail(err_session);
break;
}
if(se.isNew()||se.getUser().empty())
{
jsonfail(err_need_login);
break;
}
if(req.requestMethod!="POST")
{
jsonfail(err_method_not_supported);
break;
}
if(req.post["account"].empty())
{
jsonfail(err_missing_parameter);
break;
}
postval(account);
/// Connect to DB
DBInfo db;
MySQLConn conn;
if(db.readConfig()<0)
{
jsonfail(err_config);
break;
}
if(db.connectProxy(conn)<0)
{
jsonfail(err_connect);
break;
}
/// Check Permission
int permission_level;
if(conn.exec(make_str("select permission_level from bs_user where username='",
se.getUser(),
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
permission_level=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(permission_level>1)
{
/// Permission Denied.
jsonfail(err_permission_denied);
break;
}
/// Check if target user exists
int count_val;
if(conn.exec(make_str("select count(username) from bs_user where username='",
account,
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
count_val=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 2");
break;
}
if(count_val!=1)
{
jsonfail(err_data,"Username Not Exist");
break;
}
/// Check Target User Permission Level
int target_level;
if(conn.exec(make_str("select permission_level from bs_user where username='",
account,
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
target_level=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(permission_level==1) /// Normal Admin
{
if(target_level<=1) /// Target is also admin
{
jsonfail(err_permission_denied,"Need Super Admin");
break;
}
}
else /// permission_level==0 , Super Admin
{
if(target_level==0) /// Target is also super admin
{
jsonfail(err_permission_denied,"Super Admin Conflict");
break;
}
}
/// Now we have permission, and we ensure the user is there.
/// Do Update
if(conn.exec(make_str("update bs_user set account_status=1 where username='",
account,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Step 4");
break;
}
if(conn.getAffectedRows()!=1)
{
jsonfail(err_sql_logic,"Update Affect Rows not equals to 1");
break;
}
j["success"]=1;
}while(0);
res.content.append(j.dump());
res.show();
return 0;
}