/*
* Copyright 1998-2016 Linux.org.ru
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package ru.org.linux.spring;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import ru.org.linux.csrf.CSRFNoAuto;
import ru.org.linux.site.Template;
import ru.org.linux.user.User;
import ru.org.linux.user.UserErrorException;
import javax.servlet.http.HttpServletRequest;
import javax.sql.DataSource;
import java.util.List;
@Controller
public class DevconfController {
private JdbcTemplate jdbcTemplate;
@Autowired
public void setDataSource(DataSource ds) {
jdbcTemplate = new JdbcTemplate(ds);
}
@RequestMapping(value = "/devconf", method = RequestMethod.POST)
@CSRFNoAuto
public ModelAndView add(HttpServletRequest request, @RequestParam("msg") String msg) throws Exception {
Template tmpl = Template.getTemplate(request);
if (!tmpl.isSessionAuthorized()) {
throw new UserErrorException("Not authorized");
}
User user = tmpl.getCurrentUser();
if (!"devconf2016".equals(msg)) {
throw new UserErrorException("Неправильный код, прочитайте текст новости");
}
List<Integer> found = jdbcTemplate.queryForList("SELECT * FROM devconf2011 WHERE userid=?", Integer.class, user.getId());
if (found.isEmpty()) {
jdbcTemplate.update("INSERT INTO devconf2011 VALUES(?)", user.getId());
}
return new ModelAndView("action-done", "message", "OK");
}
}