1 25 26 29 package net.killingar.forum.internal.managers; 30 31 import net.killingar.forum.internal.*; 32 33 import java.sql.Connection ; 34 import java.sql.ResultSet ; 35 import java.sql.SQLException ; 36 import java.sql.Statement ; 37 import java.util.ArrayList ; 38 import java.util.List ; 39 40 public class SkinManager extends AbstractManager implements java.io.Serializable 41 { 42 45 public void addSkin(Skin skin) throws SQLException , AccessDeniedException 46 { 47 manager.checkMyAccess(AccessLevel.addSkin); 48 if (skin.groupID == -1) 49 manager.checkMyAccess(AccessLevel.addGlobalSkin); 50 if (skin.groupID != -1 && !manager.isUserInGroup(manager.getUserID(), skin.groupID)) 51 throw new AccessDeniedException("attempt to add a skin to a restricted group"); 52 53 Connection c = null; 54 Statement statement = null; 55 ResultSet result = null; 56 57 try 58 { 59 c = getNewConnection(); 60 statement = c.createStatement(); 61 62 statement.executeUpdate( 63 "insert into Skins(User, UserGroup, Name, Time) values ("+ 64 manager.getUserID()+", "+ 65 ((skin.groupID == -1)?"null":Long.toString(skin.groupID))+", '"+ 66 Utils.disableSQL(skin.name)+"', now())"); 67 } 68 finally { closeAll(c, statement, result); } 69 } 70 71 74 protected void addSkinData(SkinData skinData) throws SQLException , AccessDeniedException 75 { 76 Skin skin = getSkin(skinData.skinID); 77 if (skin.ownerID != manager.getUserID()) 78 manager.checkMyAccess(AccessLevel.changeSkin); 79 80 Connection c = null; 81 Statement statement = null; 82 ResultSet result = null; 83 84 try 85 { 86 c = getNewConnection(); 87 statement = c.createStatement(); 88 89 statement.executeUpdate("insert into SkinData(Skin, Name, Data) values ("+skinData.skinID+", '"+Utils.disableSQL(skinData.name)+"', '"+Utils.disableSQL(skinData.data)+"')"); 90 } 91 finally { closeAll(c, statement, result); } 92 } 93 94 97 public void removeSkin(long skinID) throws SQLException , AccessDeniedException 98 { 99 Skin skin = getSkin(skinID); 100 if (skin.ownerID != manager.getUserID()) 101 manager.checkMyAccess(AccessLevel.removeSkin); 102 103 Connection c = null; 104 Statement statement = null; 105 ResultSet result = null; 106 107 try 108 { 109 c = getNewConnection(); 110 statement = c.createStatement(); 111 112 statement.executeUpdate("delete from Skins where ID = "+skinID); 113 statement.executeUpdate("delete from SkinData where Skin = "+skinID); 114 } 115 finally { closeAll(c, statement, result); } 116 } 117 118 121 protected void removeSkinData(SkinData skinData) throws SQLException , AccessDeniedException 122 { 123 Skin skin = getSkin(skinData.skinID); 124 if (skin.ownerID != manager.getUserID()) 125 manager.checkMyAccess(AccessLevel.changeSkin); 126 127 Connection c = null; 128 Statement statement = null; 129 ResultSet result = null; 130 131 try 132 { 133 c = getNewConnection(); 134 statement = c.createStatement(); 135 136 statement.executeUpdate("delete from SkinData where Skin = "+skinData.skinID+" AND Name = '"+Utils.disableSQL(skinData.name)+"'"); 137 } 138 finally { closeAll(c, statement, result); } 139 } 140 141 144 public void changeSkin(Skin skin) throws SQLException , AccessDeniedException 145 { 146 Skin _skin = getSkin(skin.ID); 147 if (_skin.ownerID != manager.getUserID()) 148 manager.checkMyAccess(AccessLevel.changeSkin); 149 150 Connection c = null; 151 Statement statement = null; 152 ResultSet result = null; 153 154 try 155 { 156 c = getNewConnection(); 157 statement = c.createStatement(); 158 159 statement.executeUpdate("update Skins set UserGroup = "+skin.groupID+", Name = '"+Utils.disableSQL(skin.name)+"', Time = now() where ID = "+skin.ID); 160 } 161 finally { closeAll(c, statement, result); } 162 } 163 164 167 protected void changeSkinData(SkinData skinData) throws SQLException , AccessDeniedException 168 { 169 Skin skin = getSkin(skinData.skinID); 170 if (skin.ownerID != manager.getUserID()) 171 manager.checkMyAccess(AccessLevel.changeSkin); 172 173 Connection c = null; 174 Statement statement = null; 175 ResultSet result = null; 176 177 try 178 { 179 c = getNewConnection(); 180 statement = c.createStatement(); 181 182 statement.executeUpdate("update SkinData set Data = '"+Utils.disableSQL(skinData.data)+"' where Name = '"+Utils.disableSQL(skinData.name)+"' AND Skin = "+skinData.skinID); 183 } 184 finally { closeAll(c, statement, result); } 185 } 186 187 190 public Skin[] getSkins() throws SQLException 191 { 192 Connection c = null; 193 Statement statement = null; 194 ResultSet result = null; 195 196 try 197 { 198 c = getNewConnection(); 199 statement = c.createStatement(); 200 201 result = statement.executeQuery("select ID, Name, User, UserGroup, Time from Skins order by ID desc"); 202 ArrayList list = new ArrayList (); 203 boolean globalViewAccess = manager.hasAccess(manager.getUserID(), AccessLevel.viewSkin); 204 while (result.next()) 205 { 206 Skin skin = new Skin( 207 result.getLong(1), 208 result.getString(2), 209 result.getLong(3), 210 result.getLong(4), 211 result.getTimestamp(5)); 212 if (skin.groupID != -1 && !globalViewAccess && !manager.isUserInGroup(manager.getUserID(), skin.groupID)) 213 continue; 214 else 215 list.add(skin); 216 } 217 218 Skin r[] = new Skin[list.size()]; 219 list.toArray(r); 220 return r; 221 } 222 finally { closeAll(c, statement, result); } 223 } 224 225 228 public Skin getSkin(long skinID) throws SQLException , AccessDeniedException 229 { 230 Connection c = null; 231 Statement statement = null; 232 ResultSet result = null; 233 234 try 235 { 236 c = getNewConnection(); 237 statement = c.createStatement(); 238 239 result = statement.executeQuery("select ID, Name, User, UserGroup, Time from Skins where ID = "+skinID); 240 result.next(); 241 Skin skin = new Skin( 242 result.getLong(1), 243 result.getString(2), 244 result.getLong(3), 245 result.getLong(4), 246 result.getTimestamp(5)); 247 if (skin.groupID != -1 && !manager.isUserInGroup(manager.getUserID(), skin.groupID)) 248 manager.checkMyAccess(AccessLevel.viewSkin); 249 return skin; 250 } 251 finally { closeAll(c, statement, result); } 252 } 253 254 257 protected List getAllSkinData(long skinID) throws SQLException , AccessDeniedException 258 { 259 Skin skin = getSkin(skinID); 260 if (skin.groupID != -1 && !manager.isUserInGroup(manager.getUserID(), skin.groupID)) 261 manager.checkMyAccess(AccessLevel.viewSkin); 262 263 Connection c = null; 264 Statement statement = null; 265 ResultSet result = null; 266 267 try 268 { 269 c = getNewConnection(); 270 statement = c.createStatement(); 271 272 result = statement.executeQuery( 273 "select Name, Data from SkinData where Skin = "+skinID); 274 275 ArrayList list = new ArrayList (); 276 while (result.next()) 277 list.add(new SkinData(skinID, result.getString(1), result.getString(2))); 278 279 return list; 280 } 281 finally { closeAll(c, statement, result); } 282 } 283 284 287 protected SkinData getSkinData(long skinID, String name) throws SQLException , AccessDeniedException 288 { 289 Skin skin = getSkin(skinID); 290 if (skin.groupID != -1 && !manager.isUserInGroup(manager.getUserID(), skin.groupID)) 291 manager.checkMyAccess(AccessLevel.viewSkin); 292 293 Connection c = null; 294 Statement statement = null; 295 ResultSet result = null; 296 297 try 298 { 299 c = getNewConnection(); 300 statement = c.createStatement(); 301 302 result = statement.executeQuery( 303 "select Data from SkinData where Skin = "+skinID+" AND Name = '"+Utils.disableSQL(name)+"'"); 304 305 if (result.next()) 306 return new SkinData(skinID, name, result.getString(1)); 307 308 return null; 309 } 310 finally { closeAll(c, statement, result); } 311 } 312 } 313 | Popular Tags |