김명현 / Classroom-Reservation

Go to a project
Toggle navigation Toggle navigation pinning
freckie
bf95995c 1 parent aed9cf38

Update: fix bug

Inline Side-by-side
Showing 2 changed files with 64 additions and 41 deletions
...@@ -57,24 +57,33 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute ...@@ -57,24 +57,33 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
57 } 57 }
58 58
59 // Check Permission 59 // Check Permission
60 - var _timetable, _email string 60 + var _count int64
61 timetable := fmt.Sprintf("%s,%s", fileID, sheetID) 61 timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
62 row := e.DB.QueryRow(` 62 row := e.DB.QueryRow(`
63 - SELECT a.timetable_id, u.email 63 + SELECT count(timetable_id)
64 - FROM allowlist AS a, users AS u 64 + FROM allowlist
65 - WHERE a.timetable_id=? 65 + WHERE timetable_id=?;
66 - AND a.user_id=u.id;
67 `, timetable) 66 `, timetable)
68 - if err := row.Scan(&_timetable, &_email); err != nil { 67 + if err := row.Scan(&_count); err == nil {
69 - if err == sql.ErrNoRows { 68 + if _count <= 0 {
70 - functions.ResponseError(w, 404, "존재하지 않 timetable.") 69 + functions.ResponseError(w, 404, "존재하지 않 timetable.")
71 return 70 return
72 } 71 }
73 } 72 }
74 - if _email != email { 73 +
75 - functions.ResponseError(w, 403, "timetable 접근 권한 부족") 74 + row = e.DB.QueryRow(`
75 + SELECT count(a.timetable_id)
76 + FROM allowlist AS a, users AS u
77 + WHERE a.user_id=u.id
78 + AND a.timetable_id=?
79 + AND u.email=?;
80 + `, timetable, email)
81 + if err := row.Scan(&_count); err == nil {
82 + if _count <= 0 {
83 + functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
76 return 84 return
77 } 85 }
86 + }
78 87
79 // Result Resp 88 // Result Resp
80 resp := models.CellGetResponse{} 89 resp := models.CellGetResponse{}
...@@ -85,10 +94,9 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute ...@@ -85,10 +94,9 @@ func (e *Endpoints) CellGet(w http.ResponseWriter, r *http.Request, ps httproute
85 SELECT u.email, u.id, t.cell_column, t.cell_start, t.cell_end, t.lecture, t.professor, t.transaction_id, t.created_at, t.capacity 94 SELECT u.email, u.id, t.cell_column, t.cell_start, t.cell_end, t.lecture, t.professor, t.transaction_id, t.created_at, t.capacity
86 FROM transactions AS t, users AS u 95 FROM transactions AS t, users AS u
87 WHERE t.user_id=u.id 96 WHERE t.user_id=u.id
88 - AND u.email=?
89 AND t.transaction_type=1 97 AND t.transaction_type=1
90 AND t.timetable_id=? 98 AND t.timetable_id=?
91 - AND t.cell_column=?;`, email, timetable, cellColumn) 99 + AND t.cell_column=?;`, timetable, cellColumn)
92 if err != nil { 100 if err != nil {
93 if err == sql.ErrNoRows { 101 if err == sql.ErrNoRows {
94 resp.CellsCount = 0 102 resp.CellsCount = 0
......
...@@ -29,27 +29,33 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h ...@@ -29,27 +29,33 @@ func (e *Endpoints) ReservationPost(w http.ResponseWriter, r *http.Request, ps h
29 sheetID := ps.ByName("sheet_id") 29 sheetID := ps.ByName("sheet_id")
30 30
31 // Check Permission 31 // Check Permission
32 - var _timetable, _email string 32 + var _count int64
33 - var userID int
34 timetable := fmt.Sprintf("%s,%s", fileID, sheetID) 33 timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
35 row := e.DB.QueryRow(` 34 row := e.DB.QueryRow(`
36 - SELECT a.timetable_id, u.email, u.id 35 + SELECT count(timetable_id)
37 - FROM allowlist AS a, users AS u 36 + FROM allowlist
38 - WHERE a.timetable_id=? 37 + WHERE timetable_id=?;
39 - AND a.user_id=u.id;
40 `, timetable) 38 `, timetable)
41 - if err := row.Scan(&_timetable, &_email, &userID); err != nil { 39 + if err := row.Scan(&_count); err == nil {
42 - if err == sql.ErrNoRows { 40 + if _count <= 0 {
43 - functions.ResponseError(w, 404, "존재하지 않는 timetable") 41 + functions.ResponseError(w, 404, "존재하지 않는 timetable.")
44 return 42 return
45 } 43 }
46 - functions.ResponseError(w, 500, "예기치 못한 에러 발생 : "+err.Error())
47 - return
48 } 44 }
49 - if _email != email { 45 +
50 - functions.ResponseError(w, 403, "timetable 접근 권한 부족") 46 + row = e.DB.QueryRow(`
47 + SELECT count(a.timetable_id)
48 + FROM allowlist AS a, users AS u
49 + WHERE a.user_id=u.id
50 + AND a.timetable_id=?
51 + AND u.email=?;
52 + `, timetable, email)
53 + if err := row.Scan(&_count); err == nil {
54 + if _count <= 0 {
55 + functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
51 return 56 return
52 } 57 }
58 + }
53 59
54 // Parse Request Data 60 // Parse Request Data
55 type reqDataStruct struct { 61 type reqDataStruct struct {
...@@ -116,8 +122,10 @@ loopCheckingValidation: ...@@ -116,8 +122,10 @@ loopCheckingValidation:
116 // Querying (Making a Transaction) 122 // Querying (Making a Transaction)
117 res, err := e.DB.Exec(` 123 res, err := e.DB.Exec(`
118 INSERT INTO transactions (transaction_type, user_id, timetable_id, lecture, capacity, cell_column, cell_start, cell_end, professor) 124 INSERT INTO transactions (transaction_type, user_id, timetable_id, lecture, capacity, cell_column, cell_start, cell_end, professor)
119 - VALUES (1, ?, ?, ?, ?, ?, ?, ?, ?); 125 + VALUES (1, (
120 - `, userID, timetable, *(reqData.Lecture), *(reqData.Capacity), *(reqData.Column), *(reqData.Start), *(reqData.End), *(reqData.Professor)) 126 + SELECT id FROM users WHERE email=?
127 + ), ?, ?, ?, ?, ?, ?, ?);
128 + `, email, timetable, *(reqData.Lecture), *(reqData.Capacity), *(reqData.Column), *(reqData.Start), *(reqData.End), *(reqData.Professor))
121 if err != nil { 129 if err != nil {
122 functions.ResponseError(w, 500, err.Error()) 130 functions.ResponseError(w, 500, err.Error())
123 return 131 return
...@@ -155,31 +163,38 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps ...@@ -155,31 +163,38 @@ func (e *Endpoints) ReservationDelete(w http.ResponseWriter, r *http.Request, ps
155 sheetID := ps.ByName("sheet_id") 163 sheetID := ps.ByName("sheet_id")
156 reservationID := ps.ByName("reservation_id") 164 reservationID := ps.ByName("reservation_id")
157 165
158 - // Check Timetable Permission 166 + // Check Permission
159 - var _timetable, _email string 167 + var _count int64
160 - var userID int
161 timetable := fmt.Sprintf("%s,%s", fileID, sheetID) 168 timetable := fmt.Sprintf("%s,%s", fileID, sheetID)
162 row := e.DB.QueryRow(` 169 row := e.DB.QueryRow(`
163 - SELECT a.timetable_id, u.email, u.id 170 + SELECT count(timetable_id)
164 - FROM allowlist AS a, users AS u 171 + FROM allowlist
165 - WHERE a.timetable_id=? 172 + WHERE timetable_id=?;
166 - AND a.user_id=u.id;
167 `, timetable) 173 `, timetable)
168 - if err := row.Scan(&_timetable, &_email, &userID); err != nil { 174 + if err := row.Scan(&_count); err == nil {
169 - if err == sql.ErrNoRows { 175 + if _count <= 0 {
170 - functions.ResponseError(w, 404, "존재하지 않는 timetable") 176 + functions.ResponseError(w, 404, "존재하지 않는 timetable.")
171 return 177 return
172 } 178 }
173 - functions.ResponseError(w, 500, "예기치 못한 에러 발생 : "+err.Error())
174 - return
175 } 179 }
176 - if _email != email { 180 +
177 - functions.ResponseError(w, 403, "timetable 접근 권한 부족") 181 + row = e.DB.QueryRow(`
182 + SELECT count(a.timetable_id)
183 + FROM allowlist AS a, users AS u
184 + WHERE a.user_id=u.id
185 + AND a.timetable_id=?
186 + AND u.email=?;
187 + `, timetable, email)
188 + if err := row.Scan(&_count); err == nil {
189 + if _count <= 0 {
190 + functions.ResponseError(w, 403, "timetable에 접근할 권한이 부족합니다.")
178 return 191 return
179 } 192 }
193 + }
180 194
181 // Check Transaction Permission 195 // Check Transaction Permission
182 var _transactionType int64 196 var _transactionType int64
197 + var _email string
183 row = e.DB.QueryRow(` 198 row = e.DB.QueryRow(`
184 SELECT u.email, t.transaction_type 199 SELECT u.email, t.transaction_type
185 FROM transactions AS t, users AS u 200 FROM transactions AS t, users AS u
......