Kiritow
/
DBHomework
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2021-11-25. You can view files and clone it, but cannot push or open issues/pull-requests.
DBHomework/src/BookSearch.cpp

1393 lines
37 KiB
C++
Raw Permalink Blame History

#include "handler.h"
#include "MySQLTransaction.h"
using namespace std;
#define check_session() if(!se.isReady()){jsonfail(err_session,"Session not ready.");break;}
#define must_login() if(se.getUser().empty()){jsonfail(err_need_login);break;}
#define get_user_permission(PermissionValue,User) PermissionValue=-1;\
if(conn.exec(make_str("select permission_level from bs_user where username='",User,"'"),SQLParseInt(PermissionValue))<0)\
{jsonfail(err_sql,"Failed to get permission level.");break;}
#define need_at_least_permission(lv) int _permission_level;get_user_permission(_permission_level,se.getUser());if(_permission_level<0||_permission_level>lv){jsonfail(err_permission_denied);break;}
#define check_user_auth(Ret,User,Pass) Ret=-1;\
if(conn.exec(make_str("select count(username) from bs_user where username='",User,"' and password='",Pass,"'"),SQLParseInt(Ret))<0)\
{jsonfail(err_sql,"Failed to auth user.");break;}
#define startts() Transaction ts(conn);if(!ts.isReady()){jsonfail(err_sql_logic,"Cannot start transaction");break;}
#define committs() if(ts.commit()!=0){jsonfail(err_sql_logic,"Cannot commit transaction.");break;}
void UserLogin(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
startdb();
if(!se.getUser().empty()) /// Has login?
{
j["success"]=2;
int permission_level;
get_user_permission(permission_level,se.getUser());
if(permission_level<0) /// Session is invalid. User does not exist.
{
jsonfail(err_sql,"Step 1");
se.invalidate();
break;
}
if(permission_level>=3)
{
j["next_url"]="user.html";
}
else
{
j["next_url"]="admin.html";
}
}
else /// Not login
{
postval(username);
postval(password);
int count_val;
check_user_auth(count_val,username,password);
if(count_val<=0)
{
jsonfail(err_data,"Auth Failed.");
break;
}
if(se.setUser(username)<0)
{
jsonfail(err_session,"Failed to setuser");
break;
}
j["success"]=1;
int permission_level;
get_user_permission(permission_level,username);
if(permission_level<0) /// Session is invalid. User does not exist.
{
jsonfail(err_sql,"Step 2");
se.invalidate();
break;
}
if(permission_level>=3)
{
j["next_url"]="user.html";
}
else
{
j["next_url"]="admin.html";
}
}
}while(0);
}
void UserLogout(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
j["ret"]=se.invalidate();
j["success"]=1;
j["next_url"]="signin.html";
}while(0);
}
void CheckLogin(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
j["success"]=1;
}while(0);
}
void CheckLoginX(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
j["success"]=1;
startdb();
int permission_level;
get_user_permission(permission_level,se.getUser());
if(permission_level<0) /// Session is invalid. User does not exist.
{
jsonfail(err_sql,"Step 1");
se.invalidate();
break;
}
if(permission_level>=3)
{
j["next_url"]="user.html";
}
else
{
j["next_url"]="admin.html";
}
}while(0);
}
void BookSearch(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(name);
startdb();
if(conn.exec(make_str("select class_id,name,book_type from bs_book where name like '%",
name,
"%'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
json s;
s["class_id"]=string(val[0]);
s["book_name"]=string(val[1]);
s["book_type"]=string(val[2]);
j["result"].push_back(s);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
j["success"]=1;
}while(0);
}
void BookGetInfo(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(class_id);
int class_id_real=ParseInt(class_id);
if(class_id_real<0)
{
jsonfail(err_parameter,"Failed to parse class_id");
break;
}
startdb();
if(conn.exec(make_str("select name,isbn,book_type,author,publisher,publish_time,status from bs_book where class_id=",
class_id_real),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
/// define ref
json& x=j;
x["book_name"]=string(val[0]);
x["book_isbn"]=string(val[1]);
x["book_type"]=string(val[2]);
x["book_author"]=string(val[3]);
x["book_publisher"]=string(val[4]);
x["book_pubdate"]=string(val[5]);
x["book_status"]=ParseInt(val[6]);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
j["success"]=1;
}while(0);
}
void BookGetObjInfo(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(class_id);
int class_id_real=ParseInt(class_id);
if(class_id_real<0)
{
jsonfail(err_parameter,"Failed to parse class_id");
break;
}
startdb();
if(conn.exec(make_str("select book_id,position,status from bs_bookstatus where class_id=",class_id_real),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
json x;
x["obj_id"]=string(val[0]);
x["book_pos"]=string(len[1]>0?val[1]:"");
x["book_status"]=string(val[2]);
j["result"].push_back(x);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
j["success"]=1;
}while(0);
}
void BookBorrow(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(obj_id);
int obj_id_real=ParseInt(obj_id);
if(obj_id_real<0)
{
jsonfail(err_parameter,"Failed to parse obj_id");
break;
}
startdb();
/// Start transaction
Transaction ts(conn);
if(!ts.isReady())
{
jsonfail(err_sql_logic,"Failed to start transaction.");
break;
}
/// Check if user can borrow...
int cntval;
if(conn.exec(make_str("select count(username) from bs_reader where username='",
se.getUser(),
"'"),
SQLParseInt(cntval))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(cntval!=1)
{
jsonfail(err_permission_denied,"You are not in reader list!");
break;
}
int borrow_limit,borrow_used,borrow_time_limit;
if(conn.exec(make_str("select borrow_limit,borrow_used,borrow_time_limit from bs_reader where username='",
se.getUser(),
"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
borrow_limit=ParseInt(val[0]);
borrow_used=ParseInt(val[1]);
borrow_time_limit=ParseInt(val[2]);
});
})<0)
{
jsonfail(err_sql,"Step 2");
break;
}
if(borrow_limit-borrow_used<=0)
{
jsonfail(err_general,"Reach Borrow Limit");
break;
}
int bid_real=obj_id_real;
/// Verify bid
if(conn.exec(make_str("select count(book_id) from bs_bookstatus where book_id=",
bid_real),
SQLParseInt(cntval))<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(cntval!=1)
{
jsonfail(err_parameter,"Failed to verify bid");
break;
}
/// Check if bid is allowed to be borrowed.
int book_status;
if(conn.exec(make_str("select status from bs_bookstatus where book_id=",bid_real),
SQLParseInt(book_status))<0)
{
jsonfail(err_sql,"Step 4");
break;
}
if(book_status!=2)
{
jsonfail(err_data,"Book is not allowed to borrow");
break;
}
/// DO UPDATE
if(conn.exec(make_str("update bs_reader set borrow_used=borrow_used+1 where username='",
se.getUser(),
"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 1");
break;
}
if(conn.exec(make_str("update bs_bookstatus set status=0 where book_id=",bid_real),nullptr)<0)
{
jsonfail(err_sql,"Update 2");
break;
}
if(conn.exec(make_str("insert into bs_borrow values ('",
se.getUser(),
"',",
bid_real,
",curdate(),date_add(curdate(),interval ",
borrow_time_limit,
" day),null)"),nullptr)<0)
{
jsonfail(err_sql,"Update 3");
break;
}
/// Commit it
if(ts.commit()<0)
{
jsonfail(err_sql_logic,"Commit failed");
break;
}
j["success"]=1;
}while(0);
}
void BookReturn(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(obj_id);
int obj_id_real=ParseInt(obj_id);
if(obj_id_real<0)
{
jsonfail(err_parameter,"Failed to parse obj_id");
break;
}
startdb();
/// Start transaction
Transaction ts(conn);
if(!ts.isReady())
{
jsonfail(err_sql_logic,"Failed to start transaction.");
break;
}
/// Check if this deal exists.
int count_val;
if(conn.exec(make_str("select count(username) from bs_borrow where username='",
se.getUser(),
"' and book_id=",
obj_id_real,
" and return_time is null"),
SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_val==0)
{
jsonfail(err_general,"Failed to return book. Deal does not exist or closed.");
break;
}
/// Update return time
if(conn.exec(make_str("update bs_borrow set return_time=curdate() where username='",
se.getUser(),
"' and book_id=",
obj_id_real,
" and return_time is null"),nullptr)<0)
{
jsonfail(err_sql,"Update 1");
break;
}
/// Update bookstatus
if(conn.exec(make_str("update bs_bookstatus set status=2 where book_id=",obj_id_real),nullptr)<0)
{
jsonfail(err_sql,"Update 2");
break;
}
/// Update reader borrowed count
if(conn.exec(make_str("update bs_reader set borrow_used=borrow_used-1 where username='",
se.getUser(),
"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 3");
break;
}
/// Commit it
if(ts.commit()<0)
{
jsonfail(err_sql_logic,"Commit failed");
break;
}
j["success"]=1;
}while(0);
}
void BookGetBorrowed(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
startdb();
if(conn.exec(make_str("select name,book_id from bs_bookdup where book_id in (select book_id from bs_borrow where username='",
se.getUser(),
"' and return_time is null) "),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
json x;
x["name"]=string(len[0]?val[0]:"");
x["obj_id"]=ParseInt(val[1]);
j["result"].push_back(x);
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
j["success"]=1;
}while(0);
}
void BookTypeGet(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
startdb();
if(conn.exec("select book_type from bs_booktype",
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
j["result"].push_back(string(len[0]?val[0]:""));
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
j["success"]=1;
}while(0);
}
void BookTypeAdd(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(new_typename);
startdb();
/// Start transaction
Transaction ts(conn);
if(!ts.isReady())
{
jsonfail(err_sql_logic,"Failed to start transaction.");
break;
}
int count_val;
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
new_typename,
"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_val!=0)
{
jsonfail(err_sql_logic,"Step 2");
break;
}
if(conn.exec(make_str("insert into bs_booktype values ('",new_typename,"')"),nullptr)<0)
{
jsonfail(err_sql,"Update 1");
break;
}
/// Commit it
if(ts.commit()<0)
{
jsonfail(err_sql_logic,"Commit failed");
break;
}
j["success"]=1;
}while(0);
}
void BookTypeEdit(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(old_typename);
postval(new_typename);
startdb();
/// Start transaction
Transaction ts(conn);
if(!ts.isReady())
{
jsonfail(err_sql_logic,"Failed to start transaction.");
break;
}
int count_val;
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
old_typename,
"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_val==0)
{
jsonfail(err_sql_logic,"Step 2");
break;
}
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
new_typename,
"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(count_val!=0)
{
jsonfail(err_sql_logic,"Step 4");
break;
}
if(conn.exec(make_str("select count(book_type) from bs_book where book_type='",
old_typename,
"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 5");
break;
}
if(count_val!=0)
{
jsonfail(err_sql_logic,"Step 6");
break;
}
if(conn.exec(make_str("update bs_booktype set book_type='",new_typename,"' where book_type='",old_typename,"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 1");
break;
}
/// Commit it
if(ts.commit()<0)
{
jsonfail(err_sql_logic,"Commit failed");
break;
}
j["success"]=1;
}while(0);
}
void BookTypeRemove(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(old_typename);
startdb();
/// Start transaction
Transaction ts(conn);
if(!ts.isReady())
{
jsonfail(err_sql_logic,"Failed to start transaction.");
break;
}
int count_val;
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
old_typename,
"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_val==0)
{
jsonfail(err_sql_logic,"Step 2");
break;
}
if(conn.exec(make_str("select count(book_type) from bs_book where book_type='",
old_typename,
"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(count_val!=0)
{
jsonfail(err_sql_logic,"Step 4");
break;
}
if(conn.exec(make_str("delete from bs_booktype where book_type='",old_typename,"'"),nullptr)<0)
{
jsonfail(err_sql,"Delete 1");
break;
}
/// Commit it
if(ts.commit()<0)
{
jsonfail(err_sql_logic,"Commit failed");
break;
}
j["success"]=1;
}while(0);
}
void BookAdd(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(book_isbn);
postval(book_type);
postval(book_name);
postval(book_author);
postval(book_publish);
postval(book_pubdate);
postval(book_status);
int book_status_real=ParseInt(book_status);
if(book_status_real<0)
{
jsonfail(err_parameter,"Failed to parse status");
break;
}
if(book_status_real<0||book_status_real>2)
{
jsonfail(err_parameter,"Invalid Status");
break;
}
startdb();
/// Check Permission
int permission_level=-1;
get_user_permission(permission_level,se.getUser());
if(permission_level<0)
{
jsonfail(err_data,"Failed to get permission level");
break;
}
if(permission_level>2)
{
jsonfail(err_permission_denied,"Permission Not Reach Required Level");
break;
}
int result_code=-1;
if(conn.exec(make_str("call newbook('",
book_isbn,
"','",
book_name,
"','",
book_type,
"','",
book_author,
"','",
book_publish,
"','",
book_pubdate,
"',",
book_status_real,
")"),
SQLParseInt(result_code))<0)
{
jsonfail(err_sql,"Procedure 1");
break;
}
if(result_code==1)
{
/// Failed
jsonfail(err_sql_logic,"SQL Operation Failed");
break;
}
j["success"]=1;
}while(0);
}
void BookEdit(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(book_key);
int book_key_real=ParseInt(book_key);
if(book_key_real<0)
{
jsonfail(err_parameter,"Failed to parse book_key");
break;
}
startdb();
startts();
need_at_least_permission(2);
/// Try to verify book_key (class_id)
int count_class_id_val;
if(conn.exec(make_str("select count(class_id) from bs_book where class_id=",
book_key_real),
SQLParseInt(count_class_id_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_class_id_val!=1)
{
/// Failed to verify
jsonfail(err_data,"Cannot verify book key.");
break;
}
#define gpostval(NAME) NAME=new string;*NAME=req.post[#NAME]
#define tpostval(NAME) string* NAME=nullptr; do { if(req.post.find(#NAME)!=req.post.end()) { gpostval(NAME); } }while(0)
tpostval(isbn);
tpostval(bookname);
tpostval(booktype);
tpostval(author);
tpostval(publisher);
tpostval(pubdate);
tpostval(status);
if(status)
{
int _in_status=ParseInt(*status);
if(_in_status<0)
{
jsonfail(err_parameter,"Status parse failed.");
break;
}
/// Verify status
int status_cnt;
if(conn.exec(make_str("select count(status) from bs_meta_book where status=",
_in_status),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
status_cnt=ParseInt(val[0]);
});
})<0)
{
jsonfail(err_sql,"Step 2");
break;
}
if(status_cnt!=1)
{
jsonfail(err_data,"Cannot verify status");
break;
}
if(conn.exec(make_str("update bs_book set status=",_in_status," where class_id=",book_key_real),nullptr)<0)
{
jsonfail(err_sql,"Update 1 status");
break;
}
}
#define doUpdate(NAME,SETNAME) \
if(NAME) \
{\
if((*NAME).empty()) \
{\
*NAME="null";\
}\
else\
{\
*NAME=make_str("'",(*NAME),"'");\
}\
if(conn.exec(make_str("update bs_book set ",SETNAME,"=",\
*NAME,\
" where class_id=",\
book_key_real),nullptr)<0)\
{\
jsonfail(err_sql,make_str("Update 1 ",SETNAME));\
break;\
}\
}
doUpdate(isbn,"isbn");
doUpdate(bookname,"name");
doUpdate(booktype,"book_type");
doUpdate(author,"author");
doUpdate(publisher,"publisher");
doUpdate(pubdate,"publish_time");
committs();
j["success"]=1;
}while(0);
}
void BookRemove(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(book_key);
int book_key_real=ParseInt(book_key);
if(book_key_real<0)
{
jsonfail(err_parameter,"Failed to parse book_key");
break;
}
startdb();
startts();
need_at_least_permission(2);
int count_val=-1;
/// verify book_key
if(conn.exec(make_str("select count(class_id) from bs_book where class_id=",
book_key_real),
SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_val!=1)
{
jsonfail(err_data,"Cannot verify book key.");
break;
}
/// check if exists borrowed book.
if(conn.exec(make_str("select count(book_id) from bs_bookstatus where class_id=",
book_key_real),
SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 2");
break;
}
if(count_val!=0)
{
jsonfail(err_data,"Still borrowed books exist.");
break;
}
/// do delete
if(conn.exec(make_str("delete from bs_borrow where book_id in (select book_id from bs_bookstatus where class_id=",
book_key_real,
")"),nullptr)<0)
{
jsonfail(err_sql,"Update 1");
break;
}
if(conn.exec(make_str("delete from bs_bookstatus where class_id=",
book_key_real),nullptr)<0)
{
jsonfail(err_sql,"Update 2");
break;
}
if(conn.exec(make_str("delete from bs_book where class_id=",
book_key_real),nullptr)<0)
{
jsonfail(err_sql,"Update 3");
break;
}
committs();
j["success"]=1;
}while(0);
}
void UserReaderAdd(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(username);
postval(password);
postval(nickname);
postval(realname);
postval(realid);
postval(realphone);
startdb();
startts();
need_at_least_permission(1);
/// Check if user already exists.
int count_val;
if(conn.exec(make_str("select count(username) from bs_user where username='",
username,
"'"),
SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(conn.exec(make_str("insert into bs_user values ('",
username,
"','",
password,
"','",
nickname,
"',3,3)"),nullptr)<0)
{
jsonfail(err_sql,"Update 1");
break;
}
if(conn.exec(make_str("insert into bs_reader values ('",
username,
"','",
realname,
"','",
realid,
"','",
realphone,
"',1,0,3,0,10,0,0)"),nullptr)<0)
{
jsonfail(err_sql,"Update 2");
break;
}
committs();
j["success"]=1;
}while(0);
}
void UserReaderEdit(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(username);
postval(password);
postval(nickname);
postval(realname);
postval(realid);
postval(realphone);
startdb();
startts();
/// Check this user, target user.
int count_val;
if(conn.exec(make_str("select count(username) from bs_user where username='",
se.getUser(),"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_val!=1)
{
jsonfail(err_need_login,"Failed to check this user");
break;
}
if(conn.exec(make_str("select count(username) from bs_user where username='",
username,"'"),SQLParseInt(count_val))<0)
{
jsonfail(err_sql,"Step 1");
break;
}
if(count_val!=1)
{
jsonfail(err_data,"Failed to check target user.");
break;
}
int permission_level_this=-1,permission_level_target=-1;
if(se.getUser()!=username)
{
get_user_permission(permission_level_this,se.getUser());
get_user_permission(permission_level_target,username);
if(permission_level_this<0||permission_level_target<0||permission_level_this>permission_level_target)
{
jsonfail(err_permission_denied);
break;
}
}
if(conn.exec(make_str("update bs_user set password='",
password,
"' where username='",
username,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 1");
break;
}
if(conn.exec(make_str("update bs_user set nickname='",
nickname,
"' where username='",
username,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 2");
break;
}
if(conn.exec(make_str("update bs_reader set realname='",
realname,
"' where username='",
username,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 3");
break;
}
if(conn.exec(make_str("update bs_reader set realid='",
realid,
"' where username='",
username,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 4");
break;
}
if(conn.exec(make_str("update bs_reader set phonenum='",
realphone,
"' where username='",
username,
"'"),nullptr)<0)
{
jsonfail(err_sql,"Update 5");
break;
}
committs();
j["success"]=1;
}while(0);
}
void UserReaderRemove(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(username);
startdb();
startts();
int permission_level_this=-1,permission_level_target=-1;
get_user_permission(permission_level_this,se.getUser());
get_user_permission(permission_level_target,username);
if(permission_level_this<0||permission_level_target<0||permission_level_this>permission_level_target)
{
jsonfail(err_permission_denied);
break;
}
/// Return books borrowed by this reader.
vector<int> vec;
if(conn.exec(make_str("select book_id from bs_borrow where username='",
username,
"' and return_time is null"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
vec.push_back(ParseInt(val[0]));
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
bool failed=false;
for(int i=0;i<(int)vec.size();i++)
{
if(conn.exec(make_str("update bs_bookstatus set status=2 where book_id=",vec[i]),nullptr)<0)
{
failed=true;
break;
}
}
if(failed)
{
jsonfail(err_sql,"Step 2");
break;
}
if(conn.exec(make_str("delete from bs_borrow where username='",username,"'"),nullptr)<0)
{
jsonfail(err_sql,"Step 3");
break;
}
if(conn.exec(make_str("delete from bs_reader where username='",username,"'"),nullptr)<0)
{
jsonfail(err_sql,"Step 4");
break;
}
if(conn.exec(make_str("delete from bs_user where username='",username,"'"),nullptr)<0)
{
jsonfail(err_sql,"Step 5");
break;
}
committs();
j["success"]=1;
}while(0);
}
void UserSearch(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(keyword);
startdb();
need_at_least_permission(2);
if(conn.exec(make_str("select username from bs_user where username like '%",keyword,"%' or nickname like '%",keyword,"%'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
j["result"].push_back(string(len[0]?val[0]:""));
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
j["success"]=1;
}while(0);
}
void UserReaderGet(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(username);
startdb();
need_at_least_permission(1);
if(conn.exec(make_str("select username,password,realname,realid,",
"phonenum,nickname ",
"from bs_userreader where username='",
username,"'"),
[&](MySQLResult& res)
{
res.stepRow([&](char** val,unsigned long* len)
{
json& x=j;
x["username"]=string(len[0]?val[0]:"");
x["password"]=string(len[1]?val[1]:"");
x["realname"]=string(len[2]?val[2]:"");
x["realid"]=ParseInt(val[3]);
x["phonenum"]=string(len[4]?val[4]:"");
x["nickname"]=string(len[5]?val[5]:"");
});
})<0)
{
jsonfail(err_sql,"Step 1");
break;
}
j["success"]=1;
}
while(0);
}
void BookObjAdd(Request& req, Session& se, Response& res, json& j)
{
default_jsonfail();
do
{
check_session();
must_login();
postval(class_id);
postval(position);
startdb();
need_at_least_permission(2);
}while(0);
}
void BookObjEdit(Request& req, Session& se, Response& res, json& j)
{
}
void BookObjRemove(Request& req, Session& se, Response& res, json& j)
{
}
Reference in New Issue View Git Blame Copy Permalink