diff --git a/addbooktype.cpp b/addbooktype.cpp index f7a6a55..900bc96 100644 --- a/addbooktype.cpp +++ b/addbooktype.cpp @@ -20,79 +20,89 @@ int main() j["errmsg"]=errmsg; }; - if(se.isNew()||se.getUser().empty()) + do { - jsonfail(1,"Please Login First"); - } - - DBInfo db; - MySQLConn conn; - if(db.readConfig()<0) - { - jsonfail(4,"Failed to read config"); - } - else - { - if(db.connectProxy(conn)<0) + if(se.isNew()||se.getUser().empty()) { - jsonfail(5,"Failed to connect DB"); - } - else - { - if(conn.exec(make_str("select permission_level from bs_user where username='", - se.getUser(), - "'"),/// TODO - )) + jsonfail(1,"Please Login First"); + break; + } + + if(req.requestMethod!="POST") + { + jsonfail(2,"Unsupported request method"); + break; } - if(req.requestMethod!="POST") - { - jsonfail(2,"Unsupported request method"); - } - else - { if(req.post["booktype"].empty()) { jsonfail(3,"Missing Parameters"); + break; + } + + postval(booktype); + + DBInfo db; + MySQLConn conn; + if(db.readConfig()<0) + { + jsonfail(4,"Failed to read config"); + break; + } + + if(db.connectProxy(conn)<0) + { + jsonfail(5,"Failed to connect DB"); + break; + } + + int permission_level; + if(conn.exec(make_str("select permission_level from bs_user where username='", + se.getUser(), + "'"), + [&](MySQLResult& res) + { + res.stepRow([&](char** val,unsigned long* len) + { + permission_level=ParseInt(val[0]); + }); + })<0) + { + jsonfail(6,"Failed to execute SQL"); + break; + } + + if(permission_level>1) + { + /// Permission Denied. + jsonfail(7,"Permission denied"); + break; + } + + if(conn.exec(make_str("insert into bs_booktype values ('", + booktype, + "')"),nullptr)<0) + { + jsonfail(8,"Failed to execute SQL"); + break; } else { - postval(booktype); - DBInfo db; - if(db.readConfig()<0) + if(conn.getAffectedRows()!=1) { - jsonfail(4,"Failed to read config"); + jsonfail(9,"insert affects not equals 1"); + break; } else { - MySQLConn conn; - if(db.connectProxy(conn)<0) - { - jsonfail(5,"Failed to connect DB"); - } - else - { - if(conn.exec(make_str("insert into bs_booktype values ('", - booktype, - "')"),nullptr)<0) - { - jsonfail(6,"Failed to execute SQL"); - } - else - { - if(conn.getAffectedRows()!=1) - { - jsonfail(7,"insert affects not equals 1"); - } - else - { - j["success"]=1; - } - } - } + j["success"]=1; } } - } + + }while(0); + + res.content.append(j.dump()); + res.show(); return 0; }