| Code with Finding: |
class SocialNetworkPosts {
public static String authorizedToPost (String username,
String boardName, String regionName) {
String bname = boardName.trim().toLowerCase();
Connection dbconn = DBManager.getConnection();
if (bname.equals("freeforall")) { //regionName might be null
//everyone can post in the freeforall board
return "true";
}
//regionName should not be null
String rname = regionName.trim().toLowerCase();
Boolean boardExists = SocialNetworkBoards.boardExists(bname);
if (boardExists == null) {
return "print Error: Database error while verifying existence of board. " +
"If the problem persists, contact an admin.";
}
else if (boardExists.booleanValue()) {
Boolean regionExists = SocialNetworkRegions.regionExists(bname, rname);
if (regionExists == null) {
return "print Error: Database error while verifying existence of region. " +
"If the problem persists, contact an admin.";
}
else if (regionExists.booleanValue()) {
//AUTHORIZATION FUNCTION
Boolean authPost = SocialNetworkDatabasePosts.authorizedToPostNotFFA(dbconn, username, boardName, regionName);
if (authPost == null) {
DBManager.closeConnection(dbconn);
return "print Error: Database error while creating the post.";
}
else if (!authPost.booleanValue()) {
DBManager.closeConnection(dbconn);
return "print Error: Not authorized to post in this region";
}
DBManager.closeConnection(dbconn);
return "true";
}
else {
return "print Error: Region does not exist. Refresh. " +
"If the problem persists, contact an admin.";
}
}
else {
return "print Error: Board does not exist. Refresh. " +
"If the problem persists, contact an admin.";
}
}
}
|
