| Code with Finding: |
class DatabaseAdmin {
public static boolean isAdmin(Connection conn, String user) {
PreparedStatement pstmt = null;
ResultSet result = null;
String query = "SELECT role FROM main.users WHERE username = ?";
try {
pstmt = conn.prepareStatement(query);
pstmt.setString(1, user);
result = pstmt.executeQuery();
if (result.next()) {
String role = result.getString("role");
if (role.equals("admin") || role.equals("sa")) {
return true;
}
}
} catch (SQLException e) {
return false;
} finally {
DBManager.closePreparedStatement(pstmt);
DBManager.closeResultSet(result);
}
return false;
}
}
class DatabaseAdmin {
/**
* Returns the number of reg requests that the admin has. Return 0 on error
* @param conn
* @param username
* @return
*/
public static int getRegReqCount(Connection conn, String username) {
int requestCount = 0;
PreparedStatement pstmt = null;
ResultSet requests = null;
String query = "SELECT COUNT(username) as count "
+ "FROM main.registrationrequests "
+ "WHERE aid = (SELECT aid FROM main.users WHERE username = ?)";
try {
pstmt = conn.prepareStatement(query);
pstmt.setString(1, username);
requests = pstmt.executeQuery();
while (requests.next()) {
requestCount = requests.getInt("count");
}
} catch (SQLException e) {
requestCount = 0;
} finally {
DBManager.closeResultSet(requests);
DBManager.closePreparedStatement(pstmt);
}
return requestCount;
}
}
class DatabaseAdmin {
public static List<String> getAddableAdmins(Connection conn, String board, String username) {
List<String> addables = new ArrayList<String>();
List<String> friends = getFriends(conn, username);
List<String> admins = getAdmins(conn);
List<String> adminsOfBoard = getAdminsOfBoard(conn, board);
for (String f: friends) {
if (admins.contains(f) && !adminsOfBoard.contains(f)) {
addables.add(f);
}
}
return addables;
}
}
class DatabaseAdmin {
/**
* Precondition: user is an admin. If user is an SA, nothing is done and returns -1.
* @param conn
* @param username
* @return
*/
public static int replaceBoardManager(Connection conn, String username) {
int status = -1;
Connection tempConn = DBManager.getConnection();
String sa = saOfUsersGroup(tempConn, username);
DBManager.closeConnection(tempConn);
if (sa == null || sa.equals(username)) {
if (DEBUG) {
System.err.printf("sa = %s, username = %s\n", sa, username);
}
return status;
}
String query = "UPDATE main.boards SET managedby = ? WHERE managedby = ?";
PreparedStatement pstmt = null;
try {
pstmt = conn.prepareStatement(query);
pstmt.setString(1, sa);
pstmt.setString(2, username);
status = pstmt.executeUpdate();
if (DEBUG) System.err.printf("status = %d\n", status);
} catch (SQLException e) {
if (DEBUG) {
System.err.println("failing cuz SQLException");
e.printStackTrace();
}
status = -1;
}
return status;
}
}
|
