170 lines
4.4 KiB
C++
170 lines
4.4 KiB
C++
#include "Session.h"
|
|
#include "Util.h"
|
|
#include "jsonfail.h"
|
|
#include "json.hpp"
|
|
using namespace std;
|
|
using json = nlohmann::json;
|
|
|
|
#define postval(NAME) string NAME=req.post[#NAME]
|
|
|
|
int main()
|
|
{
|
|
Request req;
|
|
Session se(req);
|
|
Response res;
|
|
json j;
|
|
|
|
auto jsonfail=[&](int errcode,const string& detail="")
|
|
{
|
|
j["success"]=0;
|
|
j["errcode"]=errcode;
|
|
j["errmsg"]=string(GetErrMsg(errcode))+" : "+detail;
|
|
};
|
|
|
|
do
|
|
{
|
|
if(!se.isReady())
|
|
{
|
|
jsonfail(err_session);
|
|
break;
|
|
}
|
|
if(se.isNew()||se.getUser().empty())
|
|
{
|
|
jsonfail(err_need_login);
|
|
break;
|
|
}
|
|
|
|
if(req.requestMethod!="POST")
|
|
{
|
|
jsonfail(err_method_not_supported);
|
|
break;
|
|
}
|
|
|
|
if(req.post["account"].empty())
|
|
{
|
|
jsonfail(err_missing_parameter);
|
|
break;
|
|
}
|
|
|
|
postval(account);
|
|
|
|
/// Connect to DB
|
|
DBInfo db;
|
|
MySQLConn conn;
|
|
if(db.readConfig()<0)
|
|
{
|
|
jsonfail(err_config);
|
|
break;
|
|
}
|
|
|
|
if(db.connectProxy(conn)<0)
|
|
{
|
|
jsonfail(err_connect);
|
|
break;
|
|
}
|
|
|
|
/// Check Permission
|
|
int permission_level;
|
|
if(conn.exec(make_str("select permission_level from bs_user where username='",
|
|
se.getUser(),
|
|
"'"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
permission_level=ParseInt(val[0]);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(permission_level>1)
|
|
{
|
|
/// Permission Denied.
|
|
jsonfail(err_permission_denied);
|
|
break;
|
|
}
|
|
|
|
/// Check if target user exists
|
|
int count_val;
|
|
if(conn.exec(make_str("select count(username) from bs_user where username='",
|
|
account,
|
|
"'"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
count_val=ParseInt(val[0]);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 2");
|
|
break;
|
|
}
|
|
if(count_val!=1)
|
|
{
|
|
jsonfail(err_data,"Username Not Exist");
|
|
break;
|
|
}
|
|
|
|
/// Check Target User Permission Level
|
|
int target_level;
|
|
if(conn.exec(make_str("select permission_level from bs_user where username='",
|
|
account,
|
|
"'"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
target_level=ParseInt(val[0]);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 3");
|
|
break;
|
|
}
|
|
|
|
if(permission_level==1) /// Normal Admin
|
|
{
|
|
if(target_level<=1) /// Target is also admin
|
|
{
|
|
jsonfail(err_permission_denied,"Need Super Admin");
|
|
break;
|
|
}
|
|
}
|
|
else /// permission_level==0 , Super Admin
|
|
{
|
|
if(target_level==0) /// Target is also super admin
|
|
{
|
|
jsonfail(err_permission_denied,"Super Admin Conflict");
|
|
break;
|
|
}
|
|
}
|
|
|
|
/// Now we have permission, and we ensure the user is there.
|
|
/// Do Update
|
|
if(conn.exec(make_str("update bs_user set account_status=3 where username='",
|
|
account,
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Step 4");
|
|
break;
|
|
}
|
|
|
|
if(conn.getAffectedRows()!=1)
|
|
{
|
|
jsonfail(err_sql_logic,"Update Affect Rows not equals to 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
|
|
res.content.append(j.dump());
|
|
res.show();
|
|
|
|
return 0;
|
|
}
|