1 25 26 29 package net.killingar.forum.internal.managers; 30 31 import it.unimi.dsi.fastutil.longs.Long2ObjectAVLTreeMap; 32 import it.unimi.dsi.fastutil.longs.LongArrayList; 33 import net.killingar.forum.internal.*; 34 import net.killingar.forum.internal.caches.MessageCache; 35 36 import java.sql.*; 37 import java.util.ArrayList ; 38 import java.util.List ; 39 40 public final class AreaManager extends AbstractManager implements java.io.Serializable 41 { 42 private int messagesPerPage = 32; 44 private static transient Long2ObjectAVLTreeMap messageCaches = new Long2ObjectAVLTreeMap(); 47 50 public void setMessagesPerPage(int no) 51 { 52 messagesPerPage = no; 53 } 54 55 58 public int getMessagesPerPage() 59 { 60 return messagesPerPage; 61 } 62 63 66 public AreaGroup getAreaGroup(long areaGroupID) throws SQLException 67 { 68 Connection c = null; 69 Statement statement = null; 70 ResultSet result = null; 71 72 try 73 { 74 c = getNewConnection(); 75 statement = c.createStatement(); 76 77 result = statement.executeQuery("select AreaGroup, User, Name from AreaGroups where ID = "+areaGroupID); 78 AreaGroup r = null; 79 if (result.next()) 80 { 81 r = new AreaGroup( 82 areaGroupID, 83 result.getLong(1), 84 result.getLong(2), 85 result.getString(3)); 86 } 87 88 return r; 89 } 90 finally { closeAll(c, statement, result); } 91 } 92 93 96 public long addAreaGroup(AreaGroup areaGroup) throws SQLException, AccessDeniedException 97 { 98 checkMyAccess(areaGroup.parentID, AccessLevel.addAreaGroup); 100 101 Connection c = null; 102 PreparedStatement statement = null; 103 ResultSet result = null; 104 105 try 106 { 107 c = getNewConnection(); 108 statement = c.prepareStatement("select ID from AreaGroups where AreaGroup = ? AND Name = ?"); 109 statement.setLong(1, areaGroup.getParentID()); 110 statement.setString(2, areaGroup.getName()); 111 112 result = statement.executeQuery(); 114 if (result.next()) 115 { 116 throw new AccessDeniedException("an area group with this name already exists"); 117 } 118 119 statement = c.prepareStatement("insert into AreaGroups (AreaGroup, User, Name, LastChanged, LastChangedUser) values (?, ?, ?, NOW(), ?)"); 120 statement.setLong(1, areaGroup.getParentID()); 121 statement.setLong(2, manager.getUserID()); 122 statement.setString(3, areaGroup.getName()); 123 statement.setLong(4, manager.getUserID()); 124 statement.executeUpdate(); 125 126 result = statement.getGeneratedKeys(); 127 result.next(); 128 return result.getLong(1); 129 } 130 finally { closeAll(c, statement, result); } 131 } 132 133 136 public void removeAreaGroup(long areaGroupID) throws SQLException, AccessDeniedException 137 { 138 AreaGroup areaGroup = getAreaGroup(areaGroupID); 139 if (areaGroup.ownerID != manager.getUserID()) 141 checkMyAccess(areaGroup.ID, AccessLevel.removeAreaGroup); 142 143 Connection c = null; 145 Statement statement = null; 146 ResultSet result = null; 147 148 try 149 { 150 c = getNewConnection(); 151 statement = c.createStatement(); 152 153 statement.executeUpdate("remove from AreaGroups where ID = "+areaGroupID); 154 } 155 finally { closeAll(c, statement, result); } 156 } 157 158 161 public void changeAreaGroup(AreaGroup areaGroup) throws SQLException, AccessDeniedException 162 { 163 AreaGroup _areaGroup = getAreaGroup(areaGroup.ID); 164 if (_areaGroup.ownerID != manager.getUserID()) 166 checkMyAccess(areaGroup.ID, AccessLevel.changeAreaGroup); 167 168 if (_areaGroup.parentID != areaGroup.parentID) { 170 _areaGroup = getAreaGroup(areaGroup.parentID); 172 if (_areaGroup.ownerID != manager.getUserID()) 173 checkMyAccess(_areaGroup.ID, AccessLevel.addAreaGroup); 174 } 175 176 if (areaGroup.parentID == areaGroup.ID) 177 throw new AccessDeniedException("attempt to move an areagroup into itself"); 178 179 Connection c = null; 180 PreparedStatement statement = null; 181 ResultSet result = null; 182 183 try 184 { 185 c = getNewConnection(); 186 statement = c.prepareStatement("select ID from AreaGroups where AreaGroup = ? AND Name = ? AND ID != ?"); 187 statement.setLong(1, areaGroup.getParentID()); 188 statement.setString(2, areaGroup.getName()); 189 statement.setLong(3, areaGroup.getId()); 190 191 result = statement.executeQuery(); 192 if (result.next()) 193 throw new AccessDeniedException("an area group with this name already exists"); 194 195 statement = c.prepareStatement("update AreaGroups set User = ?, AreaGroup = ?, Name = ?, LastChanged = NOW(), LastChangedUser = ? where ID = ?"); 197 statement.setLong(1, areaGroup.ownerID); 198 statement.setLong(2, areaGroup.parentID); 199 statement.setString(3, areaGroup.getName()); 200 statement.setLong(4, manager.getUserID()); 201 statement.setLong(5, areaGroup.getId()); 202 statement.executeUpdate(); 203 } 204 finally { closeAll(c, statement, result); } 205 } 206 207 private AreaGroup getAreaGroup(ResultSet result) throws SQLException 208 { 209 return new AreaGroup( 210 result.getLong("ID"), 211 result.getLong("AreaGroup"), 212 result.getLong("User"), 213 result.getString("Name")); 214 } 215 216 219 public AreaGroup[] getAreaGroups(long areaGroupID) throws SQLException 220 { 221 Connection c = null; 222 Statement statement = null; 223 ResultSet result = null; 224 225 try 226 { 227 c = getNewConnection(); 228 statement = c.createStatement(); 229 230 if (areaGroupID == -1) 231 result = statement.executeQuery("select * from AreaGroups where AreaGroup is NULL OR AreaGroup = -1"); 232 else 233 result = statement.executeQuery("select * from AreaGroups where AreaGroup = "+areaGroupID); 234 List v = new ArrayList(); 235 while (result.next()) 236 { 237 v.add(getAreaGroup(result)); 238 } 239 240 AreaGroup r[] = new AreaGroup[v.size()]; 241 v.toArray(r); 242 return r; 243 } 244 finally { closeAll(c, statement, result); } 245 } 246 247 250 public AreaGroup[] getAreaGroups() throws SQLException 251 { 252 Connection c = null; 253 Statement statement = null; 254 ResultSet result = null; 255 256 try 257 { 258 c = getNewConnection(); 259 statement = c.createStatement(); 260 261 result = statement.executeQuery("select * from AreaGroups"); 262 List v = new ArrayList(); 263 while (result.next()) 264 { 265 v.add(getAreaGroup(result)); 266 } 267 268 AreaGroup r[] = new AreaGroup[v.size()]; 269 v.toArray(r); 270 return r; 271 } 272 finally { closeAll(c, statement, result); } 273 } 274 275 private Area getArea(ResultSet r) throws SQLException 276 { 277 return new Area(r.getLong("ID"), r.getLong("AreaGroup"), r.getString("Name"), r.getString("Mode"), r.getString("Description"), r.getString("Custom")); 278 } 279 280 283 public Area[] getAreasInGroup(long areaGroupID) throws SQLException 284 { 285 Connection c = null; 286 Statement statement = null; 287 ResultSet result = null; 288 289 try 290 { 291 c = getNewConnection(); 292 statement = c.createStatement(); 293 294 result = statement.executeQuery("select * from Areas where AreaGroup = "+areaGroupID); 295 List v = new ArrayList(); 296 while (result.next()) 297 { 298 v.add(getArea(result)); 299 } 300 301 Area r[] = new Area[v.size()]; 302 v.toArray(r); 303 return r; 304 } 305 finally { closeAll(c, statement, result); } 306 } 307 308 311 public long addArea(Area area) throws SQLException, AccessDeniedException 312 { 313 AreaGroup areaGroup = getAreaGroup(area.areaGroupID); 314 if (areaGroup == null) 315 throw new AccessDeniedException("create top-level areas forbidden"); 316 317 checkMyAccess(areaGroup.ID, AccessLevel.addArea); 318 319 Connection c = null; 320 PreparedStatement statement = null; 321 ResultSet result = null; 322 323 try 324 { 325 c = getNewConnection(); 326 statement = c.prepareStatement("select ID from Areas where Name = ? AND AreaGroup = ?"); 327 statement.setString(1, area.name); 328 statement.setLong(2, area.areaGroupID); 329 330 result = statement.executeQuery(); 331 if (result.next()) 332 { 333 throw new AccessDeniedException("an area with this name already exists in the specified area group"); 334 } 335 336 statement = c.prepareStatement("insert into Areas (AreaGroup, Name, Mode, Description, LastChanged, LastChangedUser, Custom) values(?, ?, ?, ?, NOW(), ?, ?)"); 337 statement.setLong(1, area.areaGroupID); 338 statement.setString(2, area.name); 339 statement.setString(3, area.description); 340 statement.setString(4, area.mode); 341 statement.setLong(5, manager.getUserID()); 342 statement.setString(6, area.custom); 343 statement.executeUpdate(); 344 345 result = statement.getGeneratedKeys(); 346 result.next(); 347 return result.getLong(1); 348 } 349 finally { closeAll(c, statement, result); } 350 } 351 352 355 public void removeArea(long areaID) throws SQLException, AccessDeniedException 356 { 357 Area area = getArea(areaID); 358 AreaGroup areaGroup = getAreaGroup(area.areaGroupID); 359 if (areaGroup.ownerID != manager.getUserID()) 361 checkMyAccess(areaGroup.ID, AccessLevel.removeArea); 362 363 Connection c = null; 364 Statement statement = null; 365 ResultSet result = null; 366 367 try 368 { 369 c = getNewConnection(); 370 statement = c.createStatement(); 371 372 statement.executeUpdate("remove from Areas where ID = "+area.ID); 374 } 375 finally { closeAll(c, statement, result); } 376 } 377 378 381 public void changeArea(Area area) throws SQLException, AccessDeniedException 382 { 383 long oldAreaGroupID = getArea(area.ID).areaGroupID; AreaGroup areaGroup = getAreaGroup(oldAreaGroupID); 385 if (areaGroup.ownerID != manager.getUserID()) 387 checkMyAccess(areaGroup.ID, AccessLevel.changeArea); 388 if (oldAreaGroupID != area.areaGroupID) { 390 areaGroup = getAreaGroup(area.areaGroupID); 392 if (areaGroup == null) 393 throw new RuntimeException ("areagroup "+area.areaGroupID+" not found"); 394 395 if (areaGroup.ownerID != manager.getUserID()) 396 checkMyAccess(areaGroup.ID, AccessLevel.addArea); 397 } 398 399 Connection c = null; 400 PreparedStatement statement = null; 401 ResultSet result = null; 402 403 try 404 { 405 c = getNewConnection(); 406 statement = c.prepareStatement("select ID from Areas where Name = ? AND AreaGroup = ?"); 407 statement.setString(1, area.name); 408 statement.setLong(2, area.areaGroupID); 409 410 result = statement.executeQuery(); 411 if (result.next() && result.getLong(1) != area.ID) 412 { 413 throw new AccessDeniedException("an area with this name already exists in the specified area group"); 414 } 415 416 if ("".equals(area.description)) 417 area.description = null; 418 419 if ("".equals(area.custom)) 420 area.custom = null; 421 422 statement = c.prepareStatement("update Areas set AreaGroup = ?, Name = ?, Mode = ?, Description = ?, LastChanged = NOW(), LastChangedUser = ?, Custom = ? where ID = ?"); 424 statement.setLong(1, area.areaGroupID); 425 statement.setString(2, area.name); 426 statement.setString(3, area.mode); 427 statement.setString(4, area.description); 428 statement.setLong(5, manager.getUserID()); 429 statement.setString(6, area.custom); 430 statement.setLong(7, area.ID); 431 System.err.println("areamanager: "+area.custom); 432 statement.executeUpdate(); 433 } 434 finally { closeAll(c, statement, result); } 435 } 436 437 438 441 public Timestamp getTimeOnArea(long areaID) throws Exception 442 { 443 return ((TimeManager)manager.getManager(TimeManager.class.getName())).getUserDataTime(TimeManager.systemAreas, areaID); 444 } 445 446 449 public boolean isUnreadArea(long areaID) throws Exception 450 { 451 TimeManager times = ((TimeManager)manager.getManager(TimeManager.class.getName())); 452 return times.getUserDataTime(TimeManager.systemAreas, areaID).before(times.getTime(TimeManager.systemAreas, areaID)); 453 } 454 455 458 public Area[] getAreas() throws SQLException 459 { 460 Connection c = null; 461 Statement statement = null; 462 ResultSet result = null; 463 464 try 465 { 466 c = getNewConnection(); 467 statement = c.createStatement(); 468 469 result = statement.executeQuery("select * from Areas"); 470 List v = new ArrayList(); 471 while (result.next()) 472 { 473 v.add(getArea(result)); 474 } 475 476 Area r[] = new Area[v.size()]; 477 v.toArray(r); 478 return r; 479 } 480 finally { closeAll(c, statement, result); } 481 } 482 483 486 public Area getArea(long areaID) throws SQLException 487 { 488 Connection c = null; 489 Statement statement = null; 490 ResultSet result = null; 491 492 try 493 { 494 c = getNewConnection(); 495 statement = c.createStatement(); 496 497 result = statement.executeQuery("select * from Areas where ID = "+areaID); 498 if (result.next()) 499 return getArea(result); 500 501 return null; 502 } 503 finally { closeAll(c, statement, result); } 504 } 505 506 509 public void setRead(long areaID, Timestamp timestamp) throws SQLException, AccessDeniedException, ClassNotFoundException , InstantiationException , IllegalAccessException 510 { 511 TimeManager times = ((TimeManager)manager.getManager(TimeManager.class.getName())); 512 times.setUserTime(TimeManager.systemWelcome); 513 times.setUserDataTime(TimeManager.systemAreas, areaID, timestamp); 514 } 515 516 public void setRead(long areaID) throws SQLException, AccessDeniedException, ClassNotFoundException , InstantiationException , IllegalAccessException {setRead(areaID, new Timestamp(System.currentTimeMillis()));} 517 518 521 public void addMessage(Message message) throws Exception 522 { 523 AreaGroup areaGroup = getAreaGroup(getArea(message.areaID).areaGroupID); 524 checkMyAccess(areaGroup.ID, AccessLevel.addMessage); 525 long userID = manager.getUserID(); 528 if (userID == -1) 529 throw new RuntimeException ("not logged in"); 530 531 Connection c = null; 532 PreparedStatement statement = null; 533 ResultSet result = null; 534 535 try 536 { 537 c = getNewConnection(); 538 539 if (message.body == null)message.body = ""; 540 if (message.subject == null)message.subject = ""; 541 542 message.subject = message.subject.trim(); 543 message.body = message.body.trim(); 544 545 if (message.getParentID() != -1 && getMessage(message.getParentID()).visible == false) 546 { 547 throw new AccessDeniedException("attempt to reply to a deleted message denied"); 548 } 551 552 statement = c.prepareStatement("insert into Messages (ID, Parent, Area, Subject, User, Timecreated, Body, Words, Visible, LastChanged, LastChangedUser) values(null, ?, ?, ?, ?, NOW(), ?, ?, ?, NOW(), ?)"); 553 if (message.getParentID() == -1) 554 statement.setObject(1, null); 555 else 556 statement.setLong(1, message.getParentID()); 557 statement.setLong(2, message.getAreaID()); 558 statement.setString(3, message.getSubject()); 559 statement.setLong(4, userID); 560 statement.setString(5, message.getBody()); 561 statement.setInt(6, Utils.nrWords(message.getBody())); 562 statement.setInt(7, 1); 563 statement.setLong(8, manager.getUserID()); 564 statement.executeUpdate(); 565 566 ((TimeManager)manager.getManager(TimeManager.class.getName())).setTime(TimeManager.systemAreas, message.areaID); 567 } 568 finally { closeAll(c, statement, result); } 569 } 570 571 public void changeMessage(Message message) throws Exception 572 { 573 Message m = getMessage(message.getId()); 574 575 checkMyAccess(getAreaGroup(getArea(m.areaID).areaGroupID).getId(), AccessLevel.addMessage); 576 577 if (manager.getUserID() != message.getOwnerID()) 578 throw new AccessDeniedException("attempt to edit another users messages"); 579 580 Connection c = null; 581 PreparedStatement statement = null; 582 ResultSet result = null; 583 584 try 585 { 586 c = getNewConnection(); 587 statement = c.prepareStatement("select count(*) from Messages where Parent = ?"); 588 statement.setLong(1, message.getId()); 589 590 result = statement.executeQuery(); 591 result.next(); 592 if (result.getInt(1) != 0) 593 throw new AccessDeniedException("message cannot be edited, it has already been replied to"); 594 595 if (message.body == null)message.body = ""; 596 if (message.subject == null)message.subject = ""; 597 598 message.subject = message.subject.trim(); 599 message.body = message.body.trim(); 600 601 statement = c.prepareStatement("update messages set Subject = ?, Body = ?, LastChanged = NOW(), LastChangedUser = ? where ID = ?"); 602 statement.setString(1, message.getSubject()); 603 statement.setString(2, message.getBody()); 604 statement.setLong(3, manager.getUserID()); 605 statement.setLong(4, message.getId()); 606 607 statement.executeUpdate(); 608 609 ((TimeManager)manager.getManager(TimeManager.class.getName())).setTime(TimeManager.systemAreas, message.areaID); 610 } 611 finally { closeAll(c, statement, result); } 612 } 613 614 617 public void removeMessage(long messageID) throws SQLException, AccessDeniedException 618 { 619 Message message = getMessage(messageID); 620 if (message.ownerID != manager.getUserID()) 621 { 622 AreaGroup areaGroup = getAreaGroup(getArea(message.areaID).areaGroupID); 623 checkMyAccess(areaGroup.ID, AccessLevel.removeMessage); 624 } 625 626 removeMessageImpl(messageID); 627 } 628 629 protected void removeMessageImpl(long messageID) throws SQLException, AccessDeniedException 631 { 632 Connection c = null; 633 Statement statement = null; 634 ResultSet result = null; 635 636 LongArrayList l = new LongArrayList(); 637 638 try 639 { 640 c = getNewConnection(); 641 statement = c.createStatement(); 642 643 result = statement.executeQuery("select ID from Messages where Parent = "+messageID); 644 645 while (result.next()) 647 l.add(result.getLong(1)); 648 649 statement.executeUpdate("update Messages set Visible = 0, LastChangedUser = "+manager.getUserID()+", LastChanged = NOW() where ID = " + messageID); 650 } 651 finally { closeAll(c, statement, result); } 652 653 for (int i = 0; i < l.size(); i++) 654 { 655 removeMessageImpl(l.getLong(i)); 656 } 657 } 658 659 662 public Message[] getPage(long areaID, int page, boolean getHidden) throws SQLException, AccessDeniedException 663 { 664 Connection c = null; 665 Statement statement = null; 666 ResultSet result = null; 667 668 try 669 { 670 c = getNewConnection(); 671 statement = c.createStatement(); 672 673 result = statement.executeQuery("select AreaGroups.ID from Areas, AreaGroups where Areas.AreaGroup = AreaGroups.ID AND Areas.ID = "+areaID); 674 675 if (!result.next())return new Message[0]; 676 677 checkMyAccess(result.getLong(1), AccessLevel.readArea); 678 679 result = statement.executeQuery("select ID, Parent, User, Timecreated, LastChanged, LastChangedUser, Subject, Body, Words, Visible from Messages where Area = " + areaID + (getHidden?"": " AND Visible = 1") +" order by ID desc limit " + (page*messagesPerPage) + ", " + messagesPerPage); 680 List v = new ArrayList(); 681 while (result.next()) 682 { 683 v.add(new Message( 684 result.getLong(1), 685 result.getLong(2), 686 areaID, 687 result.getLong(3), 688 result.getTimestamp(4), 689 result.getTimestamp(5), 690 result.getLong(6), 691 result.getString(7), 692 result.getString(8), 693 result.getLong(9), 694 result.getInt(10) == 1)); 695 } 696 697 Message r[] = new Message[v.size()]; 698 v.toArray(r); 699 return r; 700 } 701 finally { closeAll(c, statement, result); } 702 } 703 public Message[] getPage(long areaID, int page) throws SQLException, AccessDeniedException { return getPage(areaID, page, false); } 704 705 708 public Message[] getMessages(long areaID, boolean getHidden) throws SQLException, AccessDeniedException 709 { 710 Connection c = null; 711 Statement statement = null; 712 ResultSet result = null; 713 714 try 715 { 716 c = getNewConnection(); 717 statement = c.createStatement(); 718 719 result = statement.executeQuery("select AreaGroups.ID from Areas, AreaGroups where Areas.AreaGroup = AreaGroups.ID AND Areas.ID = "+areaID); 720 if (!result.next())return new Message[0]; 721 722 checkMyAccess(result.getLong(1), AccessLevel.readArea); 723 724 result = statement.executeQuery("select ID, Parent, Area, User, Timecreated, LastChanged, LastChangedUser, Subject, Body, Words, Visible from Messages where Area = " + areaID + (getHidden?"": " AND Visible = 1") +" order by ID asc"); 725 List v = new ArrayList(); 726 while (result.next()) 727 v.add(getMessageFromRow(result)); 728 729 Message r[] = new Message[v.size()]; 730 v.toArray(r); 731 732 return r; 733 } 734 finally { closeAll(c, statement, result); } 735 } 736 protected Message[] getMessages(long areaID) throws SQLException, AccessDeniedException { return getMessages(areaID, false); } 737 738 public Message getMessageFromRow(ResultSet result) throws SQLException 739 { 740 return new Message( 741 result.getLong(1), 742 result.getObject(2) == null? -1: result.getLong(2), 743 result.getLong(3), 744 result.getLong(4), 745 result.getTimestamp(5), 746 result.getTimestamp(6), 747 result.getLong(7), 748 result.getString(8), 749 result.getString(9), 750 result.getLong(10), 751 result.getInt(11) == 1); 752 } 753 754 757 public Message getMessage(long messageID) throws SQLException, AccessDeniedException 758 { 759 Connection c = null; 760 Statement statement = null; 761 ResultSet result = null; 762 763 long areaID = -1; 764 try 765 { 766 c = getNewConnection(); 767 statement = c.createStatement(); 768 769 result = statement.executeQuery("select AreaGroups.ID from Messages, Areas, AreaGroups where Messages.Area = Areas.ID AND Areas.AreaGroup = AreaGroups.ID AND Messages.ID = "+messageID); 770 if (!result.next())return null; 771 772 areaID = result.getLong(1); 773 774 } 775 finally { closeAll(c, statement, result); } 776 777 checkMyAccess(areaID, AccessLevel.readArea); 778 779 try 780 { 781 c = getNewConnection(); 782 statement = c.createStatement(); 783 result = statement.executeQuery("select ID, Parent, Area, User, Timecreated, LastChanged, LastChangedUser, Subject, Body, Words, Visible from Messages where ID = "+messageID); 784 Message r = null; 785 if (result.next()) 786 r = getMessageFromRow(result); 787 788 return r; 789 } 790 finally { closeAll(c, statement, result); } 791 } 792 793 796 public ParentIDItemTreeNode getMessagesTree(long areaID) throws SQLException, AccessDeniedException 797 { 798 checkMyAccess(getArea(areaID).areaGroupID, AccessLevel.readArea); 799 800 MessageCache cache; 801 802 synchronized(messageCaches) 803 { 804 cache = (MessageCache)messageCaches.get(areaID); 805 806 if (cache == null) 807 { 808 cache = new MessageCache(areaID, this); 810 811 messageCaches.put(areaID, cache); 812 } 813 } 814 815 return cache.getMessagesTree(); 816 817 } 819 820 public ParentIDItemTreeNode getMessageSubtree(long areaID, long messageID) throws SQLException, AccessDeniedException 821 { 822 checkMyAccess(getArea(areaID).areaGroupID, AccessLevel.readArea); 823 824 MessageCache cache; 825 826 synchronized(messageCaches) 827 { 828 cache = (MessageCache)messageCaches.get(areaID); 829 830 if (cache == null) 831 { 832 cache = new MessageCache(areaID, this); 834 835 messageCaches.put(areaID, cache); 836 } 837 } 838 839 return cache.getParentIDItemTreeNode(messageID); 840 } 841 842 845 public long getNoMessages() throws SQLException 846 { 847 Connection c = null; 848 Statement statement = null; 849 ResultSet result = null; 850 851 try 852 { 853 c = getNewConnection(); 854 statement = c.createStatement(); 855 856 result = statement.executeQuery("select count(*) from Messages where Visible != 0"); 857 long r = Long.MAX_VALUE; 858 if (result.next()) 859 r = result.getLong(1); 860 return r; 861 } 862 finally { closeAll(c, statement, result); } 863 } 864 865 868 public long getNoMessagesByUser(long userID) throws SQLException 869 { 870 Connection c = null; 871 Statement statement = null; 872 ResultSet result = null; 873 874 try 875 { 876 c = getNewConnection(); 877 statement = c.createStatement(); 878 879 result = statement.executeQuery("select count(*) from Messages where Visible != 0 AND User = "+userID); 880 long r = Long.MAX_VALUE; 881 if (result.next()) 882 r = result.getLong(1); 883 return r; 884 } 885 finally { closeAll(c, statement, result); } 886 } 887 888 891 public long getNoWordsByUser(long userID) throws SQLException 892 { 893 Connection c = null; 894 Statement statement = null; 895 ResultSet result = null; 896 897 try 898 { 899 c = getNewConnection(); 900 statement = c.createStatement(); 901 902 result = statement.executeQuery("select sum(Words) from Messages where Visible != 0 AND User = "+userID); 903 long r = Long.MAX_VALUE; 904 if (result.next()) 905 r = result.getLong(1); 906 return r; 907 } 908 finally { closeAll(c, statement, result); } 909 } 910 911 914 public long getNoBytesByUser(long userID) throws SQLException 915 { 916 Connection c = null; 917 Statement statement = null; 918 ResultSet result = null; 919 920 try 921 { 922 c = getNewConnection(); 923 statement = c.createStatement(); 924 925 result = statement.executeQuery("select sum(length(Body)) from Messages where Visible != 0 AND User = "+userID); 926 long r = Long.MAX_VALUE; 927 if (result.next()) 928 r = result.getLong(1); 929 return r; 930 } 931 finally { closeAll(c, statement, result); } 932 } 933 934 937 public boolean hasAccess(long userID, long areaGroupID, long accessLevel) throws SQLException, AccessDeniedException 938 { 939 if ((getUserAccess(userID, areaGroupID) & accessLevel) == accessLevel) 940 return true; 941 return manager.hasAccess(manager.getUserID(), accessLevel); 942 } 943 944 947 public void checkMyAccess(long areaGroupID, long accessLevel) throws SQLException, AccessDeniedException 948 { 949 if ( 950 !hasAccess(manager.getUserID(), areaGroupID, accessLevel)) 951 throw new AccessDeniedException("access denied ("+AccessLevel.toString(accessLevel)+")"); 952 } 953 954 957 public long getUserAccess(long userID, long areaGroupID) throws SQLException, AccessDeniedException 958 { 959 991 992 if (manager.hasAccess(manager.getUserID(), AccessLevel.everything)) 993 return AccessLevel.everything; 994 995 { 996 AreaGroup ag = getAreaGroup(areaGroupID); 997 if (ag != null && ag.getOwnerID() == userID) 998 return AccessLevel.everything; 999 } 1000 1001 String groupsString; 1003 { 1004 Group groups[] = manager.getGroupsOfUser(userID); 1005 if (groups.length != 0) 1006 { 1007 StringBuffer s = new StringBuffer ("("); 1008 for (int i = 0; i < groups.length; i++) 1009 { 1010 if (i != 0) 1011 s.append(" OR "); 1012 s.append(" Groups.ID = "); 1013 s.append(groups[i].ID); 1014 } 1015 1016 s.append(") AND "); 1017 groupsString = s.toString(); 1018 } 1019 1020 else 1021 groupsString = ""; 1022 } 1023 1024 Connection c = null; 1025 Statement statement = null; 1026 ResultSet result = null; 1027 1028 try 1029 { 1030 c = getNewConnection(); 1031 statement = c.createStatement(); 1032 1033 result = statement.executeQuery("select AreaGroupAccess.Access from AreaGroupAccess, Groups where "+groupsString+" AreaGroupAccess.UserGroup = Groups.ID AND AreaGroup = "+areaGroupID); 1034 long a = 0; 1035 while(true) 1036 { 1037 if (!result.next())break; 1038 a |= result.getLong(1); 1039 } 1040 1041 1043 1049 1050 return a; 1051 } 1052 finally { closeAll(c, statement, result); } 1053 } 1055 1056 1059 public long getAreaGroupAccess(long userGroupID, long areaGroupID) throws SQLException 1060 { 1061 Connection c = null; 1062 Statement statement = null; 1063 ResultSet result = null; 1064 1065 try 1066 { 1067 c = getNewConnection(); 1068 statement = c.createStatement(); 1069 1070 result = statement.executeQuery("select Access from AreaGroupAccess where UserGroup = "+userGroupID+" AND AreaGroup = "+areaGroupID); 1071 long r = AccessLevel.none; 1072 if (result.next()) 1073 r = result.getLong(1); 1074 return r; 1075 } 1076 finally { closeAll(c, statement, result); } 1077 } 1078 1079 1082 public void changeAreaGroupAccess(long userGroupID, long areaGroupID, long accessLevel) throws SQLException, AccessDeniedException 1083 { 1084 AreaGroup areaGroup = getAreaGroup(areaGroupID); 1085 if (areaGroup.ownerID != manager.getUserID()) 1087 checkMyAccess(areaGroupID, AccessLevel.changeAreaGroup); 1088 1089 Connection c = null; 1090 Statement statement = null; 1091 ResultSet result = null; 1092 1093 try 1094 { 1095 c = getNewConnection(); 1096 statement = c.createStatement(); 1097 1098 if (accessLevel == AccessLevel.none) 1099 statement.executeUpdate("delete from AreaGroupAccess where UserGroup = "+userGroupID+" AND AreaGroup = "+areaGroupID); 1100 else 1101 { 1102 if (getAreaGroupAccess(userGroupID, areaGroupID) == AccessLevel.none) 1103 statement.executeUpdate("insert into AreaGroupAccess (UserGroup, AreaGroup, Access) values ("+userGroupID+", "+areaGroupID+", "+accessLevel+")"); 1104 else 1105 statement.executeUpdate("update AreaGroupAccess set Access = "+accessLevel+", LastChanged = NOW(), LastChangedUser = "+manager.getUserID()+" where UserGroup = "+userGroupID+" AND AreaGroup = "+areaGroupID); 1106 } 1107 } 1108 finally { closeAll(c, statement, result); } 1109 } 1110 1111 1114 public Message[] search(String search, long areaID, boolean searchSubject, boolean searchBody) throws SQLException, AccessDeniedException 1115 { 1116 if (!searchSubject && !searchBody)return new Message[0]; 1117 1118 checkMyAccess(getArea(areaID).areaGroupID, AccessLevel.readArea); 1119 String 1120 where, 1121 against = " against ('"+Utils.disableSQL(search)+"')"; 1122 if (searchSubject) 1123 { 1124 if (searchBody) 1125 where = "match(Subject) "+against+" or match(Body) "+against; 1126 else 1127 where = "match(Subject) "+against; 1128 } 1129 else 1130 where = "match(Body) "+against; 1131 1132 Connection c = null; 1133 Statement statement = null; 1134 ResultSet result = null; 1135 1136 try 1137 { 1138 c = getNewConnection(); 1139 statement = c.createStatement(); 1140 1141 result = statement.executeQuery("select ID, Parent, Area, User, Timecreated, LastChanged, LastChangedUser, Subject, Body, Words, Visible from Messages where Area = "+areaID+" AND ("+where+")"); 1142 List list = new ArrayList(); 1143 while(result.next()) 1144 list.add(getMessageFromRow(result)); 1145 1146 Message r[] = new Message[list.size()]; 1147 list.toArray(r); 1148 return r; 1149 } 1150 finally { closeAll(c, statement, result); } 1151 } 1152} | Popular Tags |