-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdelete.class.php
More file actions
176 lines (145 loc) · 6.14 KB
/
delete.class.php
File metadata and controls
176 lines (145 loc) · 6.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
<?php
require_once 'config.php';
class DataDelete
{
static function delete($table, $id, $not_found_errorhandling = Response::ID_NOT_FOUND, $foreign_key_errorhandling = Response::FOREIGN_KEY_ERROR)
{
global $pdo;
$identityColumn = self::getIdentityColumn($table);
$sql = "SELECT * FROM $table WHERE $identityColumn = '$id'";
$stmt = $pdo->prepare($sql);
$stmt->execute();
$row = $stmt->fetch();
if ($row == false) // check if id exists
Response::error($not_found_errorhandling, ["id"]);
try {
$sql = "DELETE FROM $table WHERE $identityColumn = :id";
$sth = $pdo->prepare($sql);
$result = $sth->execute(["id" => $id]);
} catch (PDOException $e) {
if ($e->errorInfo[1] == 1451) // check for constraint error
Response::error($foreign_key_errorhandling, ["id"]);
else
throw $e;
}
}
static function deleteToken($id, $own_token_id)
{
global $pdo;
$identityColumn = self::getIdentityColumn("token");
// check if id is valid
$sql = "SELECT * FROM token WHERE $identityColumn = :id";
$stmt = $pdo->prepare($sql);
$stmt->execute(["id" => $id]);
$row = $stmt->fetch();
if (!$row)
Response::error(Response::TOKEN_NOT_FOUND, ["id"]);
else if ($id == $own_token_id)
Response::error(Response::DELETE_OWN_TOKEN_NOT_ALLOWED, ["id"]);
try {
// delete linked permissions
$sql = "DELETE FROM token_link_permissions WHERE link_token_id = :id";
$sth = $pdo->prepare($sql);
$result = $sth->execute(["id" => $id]);
// delete token itself
$sql = "DELETE FROM token WHERE $identityColumn = :id";
$sth = $pdo->prepare($sql);
$result = $sth->execute(["id" => $id]);
} catch (PDOException $e) {
if ($e->errorInfo[1] == 1451) // foreign key error (token_link_permissions)
Response::error(Response::FOREIGN_KEY_ERROR, ["id"]);
else // other error
throw $e;
}
}
static function deletePrebook($id, $own_token_id)
{
global $pdo;
// check if user is allowed to delete prebook (user of token is owner of prebook, or user has CRUD_prebook permission)
$sql = "SELECT * FROM token WHERE token_id = :token_id";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
"token_id" => $own_token_id
));
$token_user = $stmt->fetch(PDO::FETCH_ASSOC)["token_user_id"];
// get user_id of prebook
$sql = "SELECT * FROM prebook WHERE prebook_id = :id";
$stmt = $pdo->prepare($sql);
$stmt->execute(array(
"id" => $id
));
$user_id = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$user_id)
Response::error(Response::PREBOOK_NOT_FOUND, ["id"]);
$user_id = $user_id["prebook_user_id"];
if (($user_id != $token_user || authorize()["permissions"]["prebook"]) && !isset(authorize()["permissions"]["CRUD_prebook"]))
{
// user is not allowed to delete prebook for others
Response::error(Response::NOT_ALLOWED);
}
self::delete("prebook", $id, Response::PREBOOK_NOT_FOUND, Response::FOREIGN_KEY_ERROR);
}
static function reset($table, bool $reset_primary, $condition = null)
{
global $pdo;
$sql = "SELECT COUNT(1) FROM $table";
$sql .= ($condition) ? " WHERE $condition" : "";
$sth = $pdo->query($sql);
$countCondition = $sth->fetchAll();
$sql = "SELECT COUNT(1) FROM $table";
$sth = $pdo->query($sql);
$countAll = $sth->fetchAll();
$sql = ($reset_primary && !$condition) ? "TRUNCATE TABLE $table" : "DELETE FROM $table";
$sql .= ($condition) ? " WHERE $condition" : "";
if ($countCondition[0]["COUNT(1)"] == $countAll[0]["COUNT(1)"] && $reset_primary)
$sql = "TRUNCATE TABLE $table";
$sth = $pdo->prepare($sql);
$sth->execute();
return $countCondition[0]["COUNT(1)"];
}
static function clearEvent() // delete active events
{
global $pdo;
// set device_lend_user_id to 0 for all devices that are currently lent
$sql = "UPDATE devices SET device_lend_user_id = NULL WHERE device_lend_user_id != NULL";
$sth = $pdo->prepare($sql);
$sth->execute();
// delete all events that are currently active
$sql = "DELETE FROM event WHERE event_end IS NULL";
$sth = $pdo->prepare($sql);
$sth->execute();
// return number of deleted rows
return $sth->rowCount();
}
static function clearUserEvent($user_id) // delete active events of user
{
global $pdo;
// check for user
$sql = "SELECT * FROM user WHERE user_id = :id";
$sth = $pdo->prepare($sql);
$sth->execute(["id" => $user_id]);
if (!$sth->fetch())
Response::error(Response::USER_NOT_FOUND, ["id"]);
// set device_lend_user_id to 0 for all devices that are currently lent
$sql = "UPDATE devices SET device_lend_user_id = 0 WHERE device_lend_user_id = :id";
$sth = $pdo->prepare($sql);
$sth->execute(["id" => $user_id]);
// delete all events that are currently active of user
$sql = "DELETE FROM event WHERE event_end IS NULL AND event_user_id = :id";
$sth = $pdo->prepare($sql);
$sth->execute(["id" => $user_id]);
// return number of deleted rows
return $sth->rowCount();
}
private static function getIdentityColumn($table)
{
global $pdo;
$sql = "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = :table_name AND COLUMN_KEY = 'PRI'";
$sth = $pdo->prepare($sql);
$sth->execute(["table_name" => $table]);
$result = $sth->fetch(PDO::FETCH_ASSOC);
if (!$result)
Response::error(Response::INTERNAL_SERVER_ERROR);
return $result["COLUMN_NAME"];
}
}