Commit 1f851bc1 authored by Abdelmoujib Megzari's avatar Abdelmoujib Megzari
Browse files

publish story not tested yet

parent a96abfa4
......@@ -105,6 +105,7 @@ public class AssociateParagraphChoice extends HttpServlet {
if (session == null || session.getAttribute("username") == null) {
return;//TODO
}
//TODO SECURITY LEAK CAN CHANGE THE PARAGRAPHE ASSOCIATED TO A CHOICE EVEN IF HE THERE IS ALREADY ONE AND HE ISN'T THE AUTHOR
System.out.println("choice_id: " + request.getParameter("choice_id"));
int choiceID = Integer.parseInt(request.getParameter("choice_id"));
int paragraphFollowerID;
......
......@@ -60,7 +60,11 @@ public class Login extends HttpServlet {
if (login != null && pass != null && userDAO.isLoginValid(login, pass)) {
HttpSession session = request.getSession();
session.setAttribute("username", login);
response.sendRedirect("index.jsp");
if(request.getParameterMap().containsKey("sourcePage")){
response.sendRedirect(request.getParameter("sourcePage"));
}else {
response.sendRedirect("index.jsp");
}
} else {
errorLogin(request, response, "Invalid Login Credentials");
}
......
......@@ -13,6 +13,8 @@ import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.websocket.Session;
/**
*
......@@ -90,11 +92,30 @@ public class PublishStory extends HttpServlet {
HttpServletResponse response,
StoryDAO histoireDAO)
throws ServletException, IOException {
//TODO VERIFY RIGHTS
HttpSession session = request.getSession(false);
int storyId =Integer.parseInt(request.getParameter("story_id"));
if (session==null || session.getAttribute("username")==null){
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
out.println(-1);
}
return;
}
if(!histoireDAO.isOwner((String) session.getAttribute("username"),storyId)){
response.setContentType("text/html;charset=UTF-8");
try (PrintWriter out = response.getWriter()) {
out.println(-1);
}
return;
}
histoireDAO.publishStory(storyId);
try (PrintWriter out = response.getWriter()) {
out.println(1);
}
return;
}
private void actionUnpublishStory(HttpServletRequest request,
HttpServletResponse response,
StoryDAO histoireDAO)
......
......@@ -39,9 +39,9 @@ public class Register extends HttpServlet {
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Utilisateur utilisateur = new Utilisateur(request.getParameter("username"), request.getParameter("mdp"));
Utilisateur utilisateur = new Utilisateur(request.getParameter("login"), request.getParameter("password"));
new UtilisateurDAO(ds).register(utilisateur);
response.sendRedirect("index.jsp");
this.getServletContext().getRequestDispatcher("/Login").forward(request,response);
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
......
......@@ -5,11 +5,15 @@
*/
package dao;
import modele.Choix;
import modele.Paragraph;
import javax.sql.DataSource;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.List;
/**
*
......@@ -20,12 +24,12 @@ public class ChoixDAO extends AbstractDAO {
public ChoixDAO(DataSource ds) {
super(ds);
}
/**
* Get id for the choice (next sequence number of id_choix_seq)
*/
private int getNextIdSequence() {
try ( Connection conn = getConn(); PreparedStatement st = conn.prepareStatement("SELECT id_choix_seq.nextval FROM dual")) {
try (Connection conn = getConn(); PreparedStatement st = conn.prepareStatement("SELECT id_choix_seq.nextval FROM dual")) {
ResultSet rs = st.executeQuery();
rs.next();
int idChoice = rs.getInt("nextval");
......@@ -36,20 +40,20 @@ public class ChoixDAO extends AbstractDAO {
}
public int addChoice(int paragraph_id, String choice) {
int choiceID = getNextIdSequence();
try (Connection conn = getConn()) {
PreparedStatement st = conn.prepareStatement("INSERT INTO choix (id_choix, id_paragraphe_a_continuer, " +
"titre, id_paragraphe_suite,publie) VALUES (?, ?, ?, NULL,0)");
st.setInt(1, choiceID);
st.setInt(2, paragraph_id);
st.setString(3, choice);
st.executeQuery();
return choiceID;
} catch (SQLException e) {
throw new DAOException("add choice Database access error :( : " + e.getMessage(), e);
}
int choiceID = getNextIdSequence();
try (Connection conn = getConn()) {
PreparedStatement st = conn.prepareStatement("INSERT INTO choix (id_choix, id_paragraphe_a_continuer, " +
"titre, id_paragraphe_suite,publie) VALUES (?, ?, ?, NULL,0)");
st.setInt(1, choiceID);
st.setInt(2, paragraph_id);
st.setString(3, choice);
st.executeQuery();
return choiceID;
} catch (SQLException e) {
throw new DAOException("add choice Database access error :( : " + e.getMessage(), e);
}
}
public boolean isLigitim(String username, int id) {
try (Connection conn = getConn()) {
PreparedStatement st = conn.prepareStatement("SELECT * FROM paragraphe WHERE id_paragraphe = ? AND auteur = ?");
......@@ -61,9 +65,9 @@ public class ChoixDAO extends AbstractDAO {
throw new DAOException("choix is legitim Database access error :( : " + e.getMessage(), e);
}
}
public boolean canLock(String username, int choiceID) {
try ( Connection conn = getConn()) {
try (Connection conn = getConn()) {
boolean can = true;
PreparedStatement st = conn.prepareStatement("SELECT * FROM choix WHERE id_choix=? AND NOT id_paragraphe_suite=NULL");
st.setInt(1, choiceID);
......@@ -82,4 +86,52 @@ public class ChoixDAO extends AbstractDAO {
}
}
}
public boolean publishChoice(int choiceId) {
boolean publish = false;
Paragraph paragraph= getChoiceParagraph(choiceId);
if(paragraph==null){
return false;
}
if (paragraph.getIsConclusion()) {
publish = true;
publishChoiceDAO(choiceId);
}else{
List<Choix> choices = new ParagraphDAO(dataSource).getChoicesParagraph(paragraph.getId());
for(Choix choix: choices){
if(publishChoice(choix.getId())){
publish = true;
}
}
}
return publish;
}
private void publishChoiceDAO(int choiceId) {
try (Connection conn = getConn()) {
PreparedStatement st = conn.prepareStatement(" UPDATE choix SET publie=1 WHERE id_choix=?");
st.setInt(1, choiceId);
st.executeQuery();
} catch (SQLException exception) {
exception.printStackTrace();
}
}
private Paragraph getChoiceParagraph(int choiceId){
try (Connection conn = getConn()) {
PreparedStatement st = conn.prepareStatement("SELECT * FROM choix WHERE id_choix=? AND id_paragraphe_suite IS NOT NULL");
st.setInt(1, choiceId);
ResultSet rs = st.executeQuery();
if (rs.next()) {
Paragraph paragraph = new ParagraphDAO(dataSource).getParagraph(rs.getInt("id_paragraphe_suite"));
return paragraph;
} else {
return null;
}
} catch (SQLException e) {
throw new DAOException("publish choice Database access error :( : " + e.getMessage(), e);
}
}
}
\ No newline at end of file
......@@ -10,6 +10,7 @@ import java.sql.*;
import java.util.ArrayList;
import java.util.List;
import modele.Choix;
import modele.Story;
import modele.Utilisateur;
......@@ -294,4 +295,34 @@ public class StoryDAO extends AbstractDAO {
throw new DAOException("isOwner Database access error :( : " + e.getMessage(), e);
}
}
public boolean publishStory(int storyId){
Story story = getStory(storyId);
List<Choix> choices = new ParagraphDAO(dataSource).getChoicesParagraph(story.getIdPremierParagraphe());
boolean publish =false;
for (Choix choice :
choices) {
if(new ChoixDAO(dataSource).publishChoice(choice.getId())){
publish = true;
}
}
if(new ParagraphDAO(dataSource).getParagraph(story.getIdPremierParagraphe()).getIsConclusion()){
publish = true;
}
if(publish){
publishDAO(storyId);
}
return publish;
}
private void publishDAO(int storyId) {
try(Connection conn = getConn()){
PreparedStatement st = conn.prepareStatement(" UPDATE histoire SET publiee=1 WHERE id_paragraphe=?");
st.setInt(1, storyId);
st.executeQuery();
} catch (SQLException exception) {
exception.printStackTrace();
}
}
}
......@@ -5,6 +5,8 @@
*/
package modele;
import java.util.Iterator;
/**
*
* @author pangpangguy
......
......@@ -253,3 +253,16 @@ function associate(id){
}
//TODO i dont know where but when i lock a choice and click the choice a second time it tels me that it has been already locked
function publish(story_id){
$.post("PublishStory", {story_id: story_id}).done(function (data) {
if(parseInt(data)===1) {
alert("story published succesfuly");
}else {
alert("you dont have the rignht to perform this action or an error has occured")
}
}
).fail(function (jqXHR, textStatus, errorThrown) {
return console.error(errorThrown);
});
}
......@@ -8,17 +8,25 @@
<label>Password</label><br/>
<input type="password" name="password" required/><br/>
<input type="submit" value="Log In" required>
<input type="hidden" name="sourcePage" id="urlc" value="">
<script>
document.getElementById("urlc").value=window.location.href;
</script>
</form>
</span>
<span class="inscription_form">
<p>Create An Account</p>
<form method="Post" action="Register">
<label>Username</label><br/>
<input type="text" name="username" required/><br/>
<input type="text" name="login" required/><br/>
<label>Password</label><br/>
<input type="password" name="mdp" required/><br/>
<input type="password" name="password" required/><br/>
<label>Confirm Your Password</label><br/>
<input type="password" name="confirm_password" required/><br/>
<input type="hidden" name="sourcePage" id="urls" value="">
<script>
document.getElementById("urls").value=window.location.href;
</script>
<input type="submit" value="Register" required>
</form>
</span>
......
......@@ -19,7 +19,7 @@
<div class="edit_mode" id="switch_mode" onclick="switchMode()"><button>edit_mode</button></div>
</c:if>
<c:if test="${owner}" var="maVariable" scope="request">
<div class="edit_mode" id="switch_mode" onclick="Publish()"><button>publish</button></div>
<div class="edit_mode" id="switch_mode" onclick="Publish(${story.id})"><button>publish</button></div>
<c:if test="${!publicStory}" var="maVariable" scope="request">
<input type="text" placeholder="login du nouveau auteur" id="user_to_invite"></form>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment