1393 lines
37 KiB
C++
1393 lines
37 KiB
C++
#include "handler.h"
|
|
#include "MySQLTransaction.h"
|
|
using namespace std;
|
|
|
|
#define check_session() if(!se.isReady()){jsonfail(err_session,"Session not ready.");break;}
|
|
#define must_login() if(se.getUser().empty()){jsonfail(err_need_login);break;}
|
|
#define get_user_permission(PermissionValue,User) PermissionValue=-1;\
|
|
if(conn.exec(make_str("select permission_level from bs_user where username='",User,"'"),SQLParseInt(PermissionValue))<0)\
|
|
{jsonfail(err_sql,"Failed to get permission level.");break;}
|
|
#define need_at_least_permission(lv) int _permission_level;get_user_permission(_permission_level,se.getUser());if(_permission_level<0||_permission_level>lv){jsonfail(err_permission_denied);break;}
|
|
#define check_user_auth(Ret,User,Pass) Ret=-1;\
|
|
if(conn.exec(make_str("select count(username) from bs_user where username='",User,"' and password='",Pass,"'"),SQLParseInt(Ret))<0)\
|
|
{jsonfail(err_sql,"Failed to auth user.");break;}
|
|
#define startts() Transaction ts(conn);if(!ts.isReady()){jsonfail(err_sql_logic,"Cannot start transaction");break;}
|
|
#define committs() if(ts.commit()!=0){jsonfail(err_sql_logic,"Cannot commit transaction.");break;}
|
|
|
|
void UserLogin(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
|
|
startdb();
|
|
|
|
if(!se.getUser().empty()) /// Has login?
|
|
{
|
|
j["success"]=2;
|
|
|
|
int permission_level;
|
|
get_user_permission(permission_level,se.getUser());
|
|
if(permission_level<0) /// Session is invalid. User does not exist.
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
se.invalidate();
|
|
break;
|
|
}
|
|
|
|
if(permission_level>=3)
|
|
{
|
|
j["next_url"]="user.html";
|
|
}
|
|
else
|
|
{
|
|
j["next_url"]="admin.html";
|
|
}
|
|
}
|
|
else /// Not login
|
|
{
|
|
postval(username);
|
|
postval(password);
|
|
|
|
int count_val;
|
|
check_user_auth(count_val,username,password);
|
|
if(count_val<=0)
|
|
{
|
|
jsonfail(err_data,"Auth Failed.");
|
|
break;
|
|
}
|
|
|
|
if(se.setUser(username)<0)
|
|
{
|
|
jsonfail(err_session,"Failed to setuser");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
|
|
int permission_level;
|
|
get_user_permission(permission_level,username);
|
|
if(permission_level<0) /// Session is invalid. User does not exist.
|
|
{
|
|
jsonfail(err_sql,"Step 2");
|
|
se.invalidate();
|
|
break;
|
|
}
|
|
|
|
if(permission_level>=3)
|
|
{
|
|
j["next_url"]="user.html";
|
|
}
|
|
else
|
|
{
|
|
j["next_url"]="admin.html";
|
|
}
|
|
}
|
|
|
|
}while(0);
|
|
}
|
|
|
|
void UserLogout(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
j["ret"]=se.invalidate();
|
|
j["success"]=1;
|
|
j["next_url"]="signin.html";
|
|
}while(0);
|
|
}
|
|
|
|
void CheckLogin(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void CheckLoginX(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
j["success"]=1;
|
|
|
|
startdb();
|
|
int permission_level;
|
|
get_user_permission(permission_level,se.getUser());
|
|
if(permission_level<0) /// Session is invalid. User does not exist.
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
se.invalidate();
|
|
break;
|
|
}
|
|
|
|
if(permission_level>=3)
|
|
{
|
|
j["next_url"]="user.html";
|
|
}
|
|
else
|
|
{
|
|
j["next_url"]="admin.html";
|
|
}
|
|
}while(0);
|
|
}
|
|
|
|
void BookSearch(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(name);
|
|
|
|
startdb();
|
|
|
|
if(conn.exec(make_str("select class_id,name,book_type from bs_book where name like '%",
|
|
name,
|
|
"%'"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
json s;
|
|
s["class_id"]=string(val[0]);
|
|
s["book_name"]=string(val[1]);
|
|
s["book_type"]=string(val[2]);
|
|
j["result"].push_back(s);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
|
|
}while(0);
|
|
}
|
|
|
|
void BookGetInfo(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(class_id);
|
|
int class_id_real=ParseInt(class_id);
|
|
if(class_id_real<0)
|
|
{
|
|
jsonfail(err_parameter,"Failed to parse class_id");
|
|
break;
|
|
}
|
|
|
|
startdb();
|
|
|
|
if(conn.exec(make_str("select name,isbn,book_type,author,publisher,publish_time,status from bs_book where class_id=",
|
|
class_id_real),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
/// define ref
|
|
json& x=j;
|
|
|
|
x["book_name"]=string(val[0]);
|
|
x["book_isbn"]=string(val[1]);
|
|
x["book_type"]=string(val[2]);
|
|
x["book_author"]=string(val[3]);
|
|
x["book_publisher"]=string(val[4]);
|
|
x["book_pubdate"]=string(val[5]);
|
|
x["book_status"]=ParseInt(val[6]);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookGetObjInfo(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(class_id);
|
|
int class_id_real=ParseInt(class_id);
|
|
if(class_id_real<0)
|
|
{
|
|
jsonfail(err_parameter,"Failed to parse class_id");
|
|
break;
|
|
}
|
|
|
|
startdb();
|
|
|
|
if(conn.exec(make_str("select book_id,position,status from bs_bookstatus where class_id=",class_id_real),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
json x;
|
|
x["obj_id"]=string(val[0]);
|
|
x["book_pos"]=string(len[1]>0?val[1]:"");
|
|
x["book_status"]=string(val[2]);
|
|
|
|
j["result"].push_back(x);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookBorrow(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(obj_id);
|
|
int obj_id_real=ParseInt(obj_id);
|
|
if(obj_id_real<0)
|
|
{
|
|
jsonfail(err_parameter,"Failed to parse obj_id");
|
|
break;
|
|
}
|
|
|
|
startdb();
|
|
|
|
/// Start transaction
|
|
Transaction ts(conn);
|
|
if(!ts.isReady())
|
|
{
|
|
jsonfail(err_sql_logic,"Failed to start transaction.");
|
|
break;
|
|
}
|
|
|
|
/// Check if user can borrow...
|
|
int cntval;
|
|
if(conn.exec(make_str("select count(username) from bs_reader where username='",
|
|
se.getUser(),
|
|
"'"),
|
|
SQLParseInt(cntval))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(cntval!=1)
|
|
{
|
|
jsonfail(err_permission_denied,"You are not in reader list!");
|
|
break;
|
|
}
|
|
|
|
int borrow_limit,borrow_used,borrow_time_limit;
|
|
if(conn.exec(make_str("select borrow_limit,borrow_used,borrow_time_limit from bs_reader where username='",
|
|
se.getUser(),
|
|
"'"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
borrow_limit=ParseInt(val[0]);
|
|
borrow_used=ParseInt(val[1]);
|
|
borrow_time_limit=ParseInt(val[2]);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 2");
|
|
break;
|
|
}
|
|
|
|
if(borrow_limit-borrow_used<=0)
|
|
{
|
|
jsonfail(err_general,"Reach Borrow Limit");
|
|
break;
|
|
}
|
|
|
|
int bid_real=obj_id_real;
|
|
|
|
/// Verify bid
|
|
if(conn.exec(make_str("select count(book_id) from bs_bookstatus where book_id=",
|
|
bid_real),
|
|
SQLParseInt(cntval))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 3");
|
|
break;
|
|
}
|
|
|
|
if(cntval!=1)
|
|
{
|
|
jsonfail(err_parameter,"Failed to verify bid");
|
|
break;
|
|
}
|
|
|
|
/// Check if bid is allowed to be borrowed.
|
|
int book_status;
|
|
if(conn.exec(make_str("select status from bs_bookstatus where book_id=",bid_real),
|
|
SQLParseInt(book_status))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 4");
|
|
break;
|
|
}
|
|
|
|
if(book_status!=2)
|
|
{
|
|
jsonfail(err_data,"Book is not allowed to borrow");
|
|
break;
|
|
}
|
|
|
|
/// DO UPDATE
|
|
if(conn.exec(make_str("update bs_reader set borrow_used=borrow_used+1 where username='",
|
|
se.getUser(),
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_bookstatus set status=0 where book_id=",bid_real),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 2");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("insert into bs_borrow values ('",
|
|
se.getUser(),
|
|
"',",
|
|
bid_real,
|
|
",curdate(),date_add(curdate(),interval ",
|
|
borrow_time_limit,
|
|
" day),null)"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 3");
|
|
break;
|
|
}
|
|
|
|
/// Commit it
|
|
if(ts.commit()<0)
|
|
{
|
|
jsonfail(err_sql_logic,"Commit failed");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookReturn(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(obj_id);
|
|
int obj_id_real=ParseInt(obj_id);
|
|
if(obj_id_real<0)
|
|
{
|
|
jsonfail(err_parameter,"Failed to parse obj_id");
|
|
break;
|
|
}
|
|
|
|
startdb();
|
|
|
|
/// Start transaction
|
|
Transaction ts(conn);
|
|
if(!ts.isReady())
|
|
{
|
|
jsonfail(err_sql_logic,"Failed to start transaction.");
|
|
break;
|
|
}
|
|
|
|
/// Check if this deal exists.
|
|
int count_val;
|
|
if(conn.exec(make_str("select count(username) from bs_borrow where username='",
|
|
se.getUser(),
|
|
"' and book_id=",
|
|
obj_id_real,
|
|
" and return_time is null"),
|
|
SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_val==0)
|
|
{
|
|
jsonfail(err_general,"Failed to return book. Deal does not exist or closed.");
|
|
break;
|
|
}
|
|
|
|
/// Update return time
|
|
if(conn.exec(make_str("update bs_borrow set return_time=curdate() where username='",
|
|
se.getUser(),
|
|
"' and book_id=",
|
|
obj_id_real,
|
|
" and return_time is null"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1");
|
|
break;
|
|
}
|
|
|
|
/// Update bookstatus
|
|
if(conn.exec(make_str("update bs_bookstatus set status=2 where book_id=",obj_id_real),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 2");
|
|
break;
|
|
}
|
|
|
|
/// Update reader borrowed count
|
|
if(conn.exec(make_str("update bs_reader set borrow_used=borrow_used-1 where username='",
|
|
se.getUser(),
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 3");
|
|
break;
|
|
}
|
|
|
|
/// Commit it
|
|
if(ts.commit()<0)
|
|
{
|
|
jsonfail(err_sql_logic,"Commit failed");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookGetBorrowed(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
startdb();
|
|
|
|
if(conn.exec(make_str("select name,book_id from bs_bookdup where book_id in (select book_id from bs_borrow where username='",
|
|
se.getUser(),
|
|
"' and return_time is null) "),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
json x;
|
|
x["name"]=string(len[0]?val[0]:"");
|
|
x["obj_id"]=ParseInt(val[1]);
|
|
|
|
j["result"].push_back(x);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookTypeGet(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
startdb();
|
|
|
|
if(conn.exec("select book_type from bs_booktype",
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
j["result"].push_back(string(len[0]?val[0]:""));
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookTypeAdd(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
postval(new_typename);
|
|
startdb();
|
|
|
|
/// Start transaction
|
|
Transaction ts(conn);
|
|
if(!ts.isReady())
|
|
{
|
|
jsonfail(err_sql_logic,"Failed to start transaction.");
|
|
break;
|
|
}
|
|
|
|
int count_val;
|
|
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
|
|
new_typename,
|
|
"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=0)
|
|
{
|
|
jsonfail(err_sql_logic,"Step 2");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("insert into bs_booktype values ('",new_typename,"')"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1");
|
|
break;
|
|
}
|
|
|
|
/// Commit it
|
|
if(ts.commit()<0)
|
|
{
|
|
jsonfail(err_sql_logic,"Commit failed");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookTypeEdit(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
postval(old_typename);
|
|
postval(new_typename);
|
|
startdb();
|
|
|
|
/// Start transaction
|
|
Transaction ts(conn);
|
|
if(!ts.isReady())
|
|
{
|
|
jsonfail(err_sql_logic,"Failed to start transaction.");
|
|
break;
|
|
}
|
|
|
|
int count_val;
|
|
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
|
|
old_typename,
|
|
"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_val==0)
|
|
{
|
|
jsonfail(err_sql_logic,"Step 2");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
|
|
new_typename,
|
|
"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 3");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=0)
|
|
{
|
|
jsonfail(err_sql_logic,"Step 4");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("select count(book_type) from bs_book where book_type='",
|
|
old_typename,
|
|
"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 5");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=0)
|
|
{
|
|
jsonfail(err_sql_logic,"Step 6");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_booktype set book_type='",new_typename,"' where book_type='",old_typename,"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1");
|
|
break;
|
|
}
|
|
|
|
/// Commit it
|
|
if(ts.commit()<0)
|
|
{
|
|
jsonfail(err_sql_logic,"Commit failed");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookTypeRemove(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
postval(old_typename);
|
|
startdb();
|
|
|
|
/// Start transaction
|
|
Transaction ts(conn);
|
|
if(!ts.isReady())
|
|
{
|
|
jsonfail(err_sql_logic,"Failed to start transaction.");
|
|
break;
|
|
}
|
|
|
|
int count_val;
|
|
if(conn.exec(make_str("select count(book_type) from bs_booktype where book_type='",
|
|
old_typename,
|
|
"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_val==0)
|
|
{
|
|
jsonfail(err_sql_logic,"Step 2");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("select count(book_type) from bs_book where book_type='",
|
|
old_typename,
|
|
"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 3");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=0)
|
|
{
|
|
jsonfail(err_sql_logic,"Step 4");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("delete from bs_booktype where book_type='",old_typename,"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Delete 1");
|
|
break;
|
|
}
|
|
|
|
/// Commit it
|
|
if(ts.commit()<0)
|
|
{
|
|
jsonfail(err_sql_logic,"Commit failed");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookAdd(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(book_isbn);
|
|
postval(book_type);
|
|
postval(book_name);
|
|
postval(book_author);
|
|
postval(book_publish);
|
|
postval(book_pubdate);
|
|
postval(book_status);
|
|
|
|
int book_status_real=ParseInt(book_status);
|
|
if(book_status_real<0)
|
|
{
|
|
jsonfail(err_parameter,"Failed to parse status");
|
|
break;
|
|
}
|
|
|
|
if(book_status_real<0||book_status_real>2)
|
|
{
|
|
jsonfail(err_parameter,"Invalid Status");
|
|
break;
|
|
}
|
|
|
|
startdb();
|
|
|
|
/// Check Permission
|
|
int permission_level=-1;
|
|
get_user_permission(permission_level,se.getUser());
|
|
|
|
if(permission_level<0)
|
|
{
|
|
jsonfail(err_data,"Failed to get permission level");
|
|
break;
|
|
}
|
|
|
|
if(permission_level>2)
|
|
{
|
|
jsonfail(err_permission_denied,"Permission Not Reach Required Level");
|
|
break;
|
|
}
|
|
|
|
int result_code=-1;
|
|
if(conn.exec(make_str("call newbook('",
|
|
book_isbn,
|
|
"','",
|
|
book_name,
|
|
"','",
|
|
book_type,
|
|
"','",
|
|
book_author,
|
|
"','",
|
|
book_publish,
|
|
"','",
|
|
book_pubdate,
|
|
"',",
|
|
book_status_real,
|
|
")"),
|
|
SQLParseInt(result_code))<0)
|
|
{
|
|
jsonfail(err_sql,"Procedure 1");
|
|
break;
|
|
}
|
|
|
|
if(result_code==1)
|
|
{
|
|
/// Failed
|
|
jsonfail(err_sql_logic,"SQL Operation Failed");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
|
|
}while(0);
|
|
}
|
|
|
|
void BookEdit(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(book_key);
|
|
int book_key_real=ParseInt(book_key);
|
|
if(book_key_real<0)
|
|
{
|
|
jsonfail(err_parameter,"Failed to parse book_key");
|
|
break;
|
|
}
|
|
|
|
startdb();
|
|
startts();
|
|
need_at_least_permission(2);
|
|
|
|
/// Try to verify book_key (class_id)
|
|
int count_class_id_val;
|
|
if(conn.exec(make_str("select count(class_id) from bs_book where class_id=",
|
|
book_key_real),
|
|
SQLParseInt(count_class_id_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_class_id_val!=1)
|
|
{
|
|
/// Failed to verify
|
|
jsonfail(err_data,"Cannot verify book key.");
|
|
break;
|
|
}
|
|
|
|
#define gpostval(NAME) NAME=new string;*NAME=req.post[#NAME]
|
|
#define tpostval(NAME) string* NAME=nullptr; do { if(req.post.find(#NAME)!=req.post.end()) { gpostval(NAME); } }while(0)
|
|
|
|
tpostval(isbn);
|
|
tpostval(bookname);
|
|
tpostval(booktype);
|
|
tpostval(author);
|
|
tpostval(publisher);
|
|
tpostval(pubdate);
|
|
tpostval(status);
|
|
|
|
if(status)
|
|
{
|
|
int _in_status=ParseInt(*status);
|
|
if(_in_status<0)
|
|
{
|
|
jsonfail(err_parameter,"Status parse failed.");
|
|
break;
|
|
}
|
|
|
|
/// Verify status
|
|
int status_cnt;
|
|
if(conn.exec(make_str("select count(status) from bs_meta_book where status=",
|
|
_in_status),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
status_cnt=ParseInt(val[0]);
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 2");
|
|
break;
|
|
}
|
|
|
|
if(status_cnt!=1)
|
|
{
|
|
jsonfail(err_data,"Cannot verify status");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_book set status=",_in_status," where class_id=",book_key_real),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1 status");
|
|
break;
|
|
}
|
|
}
|
|
|
|
#define doUpdate(NAME,SETNAME) \
|
|
if(NAME) \
|
|
{\
|
|
if((*NAME).empty()) \
|
|
{\
|
|
*NAME="null";\
|
|
}\
|
|
else\
|
|
{\
|
|
*NAME=make_str("'",(*NAME),"'");\
|
|
}\
|
|
if(conn.exec(make_str("update bs_book set ",SETNAME,"=",\
|
|
*NAME,\
|
|
" where class_id=",\
|
|
book_key_real),nullptr)<0)\
|
|
{\
|
|
jsonfail(err_sql,make_str("Update 1 ",SETNAME));\
|
|
break;\
|
|
}\
|
|
}
|
|
|
|
doUpdate(isbn,"isbn");
|
|
doUpdate(bookname,"name");
|
|
doUpdate(booktype,"book_type");
|
|
doUpdate(author,"author");
|
|
doUpdate(publisher,"publisher");
|
|
doUpdate(pubdate,"publish_time");
|
|
|
|
committs();
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void BookRemove(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(book_key);
|
|
int book_key_real=ParseInt(book_key);
|
|
if(book_key_real<0)
|
|
{
|
|
jsonfail(err_parameter,"Failed to parse book_key");
|
|
break;
|
|
}
|
|
|
|
startdb();
|
|
startts();
|
|
need_at_least_permission(2);
|
|
|
|
int count_val=-1;
|
|
/// verify book_key
|
|
if(conn.exec(make_str("select count(class_id) from bs_book where class_id=",
|
|
book_key_real),
|
|
SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=1)
|
|
{
|
|
jsonfail(err_data,"Cannot verify book key.");
|
|
break;
|
|
}
|
|
|
|
/// check if exists borrowed book.
|
|
if(conn.exec(make_str("select count(book_id) from bs_bookstatus where class_id=",
|
|
book_key_real),
|
|
SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 2");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=0)
|
|
{
|
|
jsonfail(err_data,"Still borrowed books exist.");
|
|
break;
|
|
}
|
|
|
|
/// do delete
|
|
if(conn.exec(make_str("delete from bs_borrow where book_id in (select book_id from bs_bookstatus where class_id=",
|
|
book_key_real,
|
|
")"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("delete from bs_bookstatus where class_id=",
|
|
book_key_real),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 2");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("delete from bs_book where class_id=",
|
|
book_key_real),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 3");
|
|
break;
|
|
}
|
|
|
|
committs();
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void UserReaderAdd(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(username);
|
|
postval(password);
|
|
postval(nickname);
|
|
postval(realname);
|
|
postval(realid);
|
|
postval(realphone);
|
|
|
|
startdb();
|
|
startts();
|
|
|
|
need_at_least_permission(1);
|
|
|
|
/// Check if user already exists.
|
|
int count_val;
|
|
if(conn.exec(make_str("select count(username) from bs_user where username='",
|
|
username,
|
|
"'"),
|
|
SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("insert into bs_user values ('",
|
|
username,
|
|
"','",
|
|
password,
|
|
"','",
|
|
nickname,
|
|
"',3,3)"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("insert into bs_reader values ('",
|
|
username,
|
|
"','",
|
|
realname,
|
|
"','",
|
|
realid,
|
|
"','",
|
|
realphone,
|
|
"',1,0,3,0,10,0,0)"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 2");
|
|
break;
|
|
}
|
|
|
|
committs();
|
|
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void UserReaderEdit(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(username);
|
|
postval(password);
|
|
postval(nickname);
|
|
postval(realname);
|
|
postval(realid);
|
|
postval(realphone);
|
|
|
|
startdb();
|
|
startts();
|
|
|
|
/// Check this user, target user.
|
|
int count_val;
|
|
if(conn.exec(make_str("select count(username) from bs_user where username='",
|
|
se.getUser(),"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=1)
|
|
{
|
|
jsonfail(err_need_login,"Failed to check this user");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("select count(username) from bs_user where username='",
|
|
username,"'"),SQLParseInt(count_val))<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
if(count_val!=1)
|
|
{
|
|
jsonfail(err_data,"Failed to check target user.");
|
|
break;
|
|
}
|
|
|
|
int permission_level_this=-1,permission_level_target=-1;
|
|
|
|
if(se.getUser()!=username)
|
|
{
|
|
get_user_permission(permission_level_this,se.getUser());
|
|
get_user_permission(permission_level_target,username);
|
|
|
|
if(permission_level_this<0||permission_level_target<0||permission_level_this>permission_level_target)
|
|
{
|
|
jsonfail(err_permission_denied);
|
|
break;
|
|
}
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_user set password='",
|
|
password,
|
|
"' where username='",
|
|
username,
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 1");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_user set nickname='",
|
|
nickname,
|
|
"' where username='",
|
|
username,
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 2");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_reader set realname='",
|
|
realname,
|
|
"' where username='",
|
|
username,
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 3");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_reader set realid='",
|
|
realid,
|
|
"' where username='",
|
|
username,
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 4");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("update bs_reader set phonenum='",
|
|
realphone,
|
|
"' where username='",
|
|
username,
|
|
"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Update 5");
|
|
break;
|
|
}
|
|
|
|
committs();
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void UserReaderRemove(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(username);
|
|
|
|
startdb();
|
|
startts();
|
|
|
|
int permission_level_this=-1,permission_level_target=-1;
|
|
get_user_permission(permission_level_this,se.getUser());
|
|
get_user_permission(permission_level_target,username);
|
|
|
|
if(permission_level_this<0||permission_level_target<0||permission_level_this>permission_level_target)
|
|
{
|
|
jsonfail(err_permission_denied);
|
|
break;
|
|
}
|
|
|
|
/// Return books borrowed by this reader.
|
|
vector<int> vec;
|
|
if(conn.exec(make_str("select book_id from bs_borrow where username='",
|
|
username,
|
|
"' and return_time is null"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
vec.push_back(ParseInt(val[0]));
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
bool failed=false;
|
|
for(int i=0;i<(int)vec.size();i++)
|
|
{
|
|
if(conn.exec(make_str("update bs_bookstatus set status=2 where book_id=",vec[i]),nullptr)<0)
|
|
{
|
|
failed=true;
|
|
break;
|
|
}
|
|
}
|
|
if(failed)
|
|
{
|
|
jsonfail(err_sql,"Step 2");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("delete from bs_borrow where username='",username,"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Step 3");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("delete from bs_reader where username='",username,"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Step 4");
|
|
break;
|
|
}
|
|
|
|
if(conn.exec(make_str("delete from bs_user where username='",username,"'"),nullptr)<0)
|
|
{
|
|
jsonfail(err_sql,"Step 5");
|
|
break;
|
|
}
|
|
|
|
committs();
|
|
j["success"]=1;
|
|
}while(0);
|
|
}
|
|
|
|
void UserSearch(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(keyword);
|
|
|
|
startdb();
|
|
need_at_least_permission(2);
|
|
|
|
if(conn.exec(make_str("select username from bs_user where username like '%",keyword,"%' or nickname like '%",keyword,"%'"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
j["result"].push_back(string(len[0]?val[0]:""));
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
|
|
}while(0);
|
|
}
|
|
|
|
void UserReaderGet(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(username);
|
|
|
|
startdb();
|
|
need_at_least_permission(1);
|
|
if(conn.exec(make_str("select username,password,realname,realid,",
|
|
"phonenum,nickname ",
|
|
"from bs_userreader where username='",
|
|
username,"'"),
|
|
[&](MySQLResult& res)
|
|
{
|
|
res.stepRow([&](char** val,unsigned long* len)
|
|
{
|
|
json& x=j;
|
|
x["username"]=string(len[0]?val[0]:"");
|
|
x["password"]=string(len[1]?val[1]:"");
|
|
x["realname"]=string(len[2]?val[2]:"");
|
|
x["realid"]=ParseInt(val[3]);
|
|
x["phonenum"]=string(len[4]?val[4]:"");
|
|
x["nickname"]=string(len[5]?val[5]:"");
|
|
});
|
|
})<0)
|
|
{
|
|
jsonfail(err_sql,"Step 1");
|
|
break;
|
|
}
|
|
|
|
j["success"]=1;
|
|
}
|
|
while(0);
|
|
}
|
|
|
|
void BookObjAdd(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
default_jsonfail();
|
|
|
|
do
|
|
{
|
|
check_session();
|
|
must_login();
|
|
|
|
postval(class_id);
|
|
postval(position);
|
|
|
|
startdb();
|
|
need_at_least_permission(2);
|
|
|
|
|
|
|
|
}while(0);
|
|
}
|
|
|
|
void BookObjEdit(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
|
|
}
|
|
|
|
void BookObjRemove(Request& req, Session& se, Response& res, json& j)
|
|
{
|
|
|
|
}
|