#include "Session.h" #include "Util.h" #include "jsonfail.h" #include "json.hpp" #include "MySQLTransaction.h" using namespace std; using json = nlohmann::json; #define postval(NAME) string NAME=req.post[#NAME] int main() { Request req; Session se(req); Response res; json j; auto jsonfail=[&](int errcode,const string& detail="") { j["success"]=0; j["errcode"]=errcode; j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail; }; do { if(!se.isReady()) { jsonfail(err_session); break; } if(se.isNew()||se.getUser().empty()) { jsonfail(err_need_login); break; } if(req.requestMethod!="POST") { jsonfail(err_method_not_supported); break; } if(req.post["class_id"].empty() || req.post["position"].empty() || req.post["status"].empty() ) { jsonfail(err_missing_parameter); break; } postval(class_id); postval(position); postval(status); postval(book_id); int class_id_real=ParseInt(class_id); if(class_id_real<0) { jsonfail(err_parameter,"Failed to parse class_id"); break; } int status_real=ParseInt(status); if(status_real<0) { jsonfail(err_parameter,"Failed to parse status"); break; } /// Connect to DB DBInfo db; MySQLConn conn; if(db.readConfig()<0) { jsonfail(err_config); break; } if(db.connectProxy(conn)<0) { jsonfail(err_connect); break; } /// Check Permission int permission_level; if(conn.exec(make_str("select permission_level from bs_user where username='", se.getUser(), "'"), [&](MySQLResult& res) { res.stepRow([&](char** val,unsigned long* len) { permission_level=ParseInt(val[0]); }); })<0) { jsonfail(err_sql,"Step 1"); break; } if(permission_level>1) { /// Permission Denied. jsonfail(err_permission_denied); break; } /// Verify class_id int count_val; if(conn.exec(make_str("select count(class_id) from bs_book where class_id=", class_id_real), [&](MySQLResult& res) { res.stepRow([&](char** val,unsigned long* len) { count_val=ParseInt(val[0]); }); })<0) { jsonfail(err_sql,"Step 2"); break; } if(count_val!=1) { jsonfail(err_data,"Cannot verify class_id"); break; } int book_id_real; if(!book_id.empty()) { /// With book_id parameter. /// Parse It book_id_real=ParseInt(book_id); if(book_id_real<0) { jsonfail(err_parameter,"Failed to parse book_id"); break; } /// Check if book_id exists. int count_val; if(conn.exec(make_str("select count(book_id) from bs_bookstatus where book_id=", book_id_real), [&](MySQLResult& res) { res.stepRow([&](char** val,unsigned long* len) { count_val=ParseInt(val[0]); }); })<0) { jsonfail(err_sql,"Step 3"); break; } if(count_val!=0) { jsonfail(err_data,"book_id conflict"); break; } } else { /// Without book_id parameter int count_val,max_book_id; if(conn.exec(make_str("select count(book_id),max(book_id) from bs_bookstatus where book_id=", book_id_real), [&](MySQLResult& res) { res.stepRow([&](char** val,unsigned long* len) { count_val=ParseInt(val[0]); max_book_id=ParseInt(val[1]); }); })<0) { jsonfail(err_sql,"Step 4"); break; } if(count_val==0) { book_id_real=1; } else { book_id_real=max_book_id+1; } } /// Do Insert if(conn.exec(make_str("insert into bs_bookstatus values (", book_id_real, ",", class_id_real, ",'", position, "',", status, ")"),nullptr)<0) { jsonfail(err_sql,"Step 5"); break; } if(conn.getAffectedRows()!=1) { jsonfail(err_sql_logic,"Affected not equals to 1"); break; } j["success"]=1; }while(0); res.content.append(j.dump()); res.show(); return 0; }