| Code with Finding: |
class DatabaseAdmin {
public static List<String> getAdmins(Connection conn) {
List<String> admins = new ArrayList<String>();
String query = "SELECT username FROM main.users " +
"WHERE role = 'admin' OR role = 'sa'";
Statement stmt = null;
ResultSet result = null;
try {
stmt = conn.createStatement();
result = stmt.executeQuery(query);
while (result.next()) {
admins.add(result.getString("username"));
}
} catch (SQLException e) {
admins = null;
} finally {
DBManager.closeResultSet(result);
DBManager.closeStatement(stmt);
}
return admins;
}
}
class DatabaseAdmin {
/**
* Precondition: user is an admin. If user is an SA, nothing is done and returns -1.
* @param conn
* @param username
* @return
*/
public static int replaceBoardManager(Connection conn, String username) {
int status = -1;
Connection tempConn = DBManager.getConnection();
String sa = saOfUsersGroup(tempConn, username);
DBManager.closeConnection(tempConn);
if (sa == null || sa.equals(username)) {
if (DEBUG) {
System.err.printf("sa = %s, username = %s\n", sa, username);
}
return status;
}
String query = "UPDATE main.boards SET managedby = ? WHERE managedby = ?";
PreparedStatement pstmt = null;
try {
pstmt = conn.prepareStatement(query);
pstmt.setString(1, sa);
pstmt.setString(2, username);
status = pstmt.executeUpdate();
if (DEBUG) System.err.printf("status = %d\n", status);
} catch (SQLException e) {
if (DEBUG) {
System.err.println("failing cuz SQLException");
e.printStackTrace();
}
status = -1;
}
return status;
}
}
|
