From 4bd1e5e1f69256d990ef19a33c56ceee77b0cd6a Mon Sep 17 00:00:00 2001
From: Anton Bagliy <taccessviolation@gmail.com>
Date: Fri, 8 Feb 2019 18:30:27 +0300
Subject: [PATCH] PATCH: fix grading_credit unsafe #362
---
db/postgresql/TEMP_hotfix2.3.8.sql | 40 +++++++++++++++++++
.../classes/Controller/Api/V0/StudyPlan.php | 3 ++
.../application/classes/Model/Discipline.php | 12 ++++++
3 files changed, 55 insertions(+)
create mode 100644 db/postgresql/TEMP_hotfix2.3.8.sql
diff --git a/db/postgresql/TEMP_hotfix2.3.8.sql b/db/postgresql/TEMP_hotfix2.3.8.sql
new file mode 100644
index 000000000..0a40d4c27
--- /dev/null
+++ b/db/postgresql/TEMP_hotfix2.3.8.sql
@@ -0,0 +1,40 @@
+-- РќР• ДОБАВЛЯЙТЕ РТРФУНКЦРР Р’ БАЗУ !!!!
+
+CREATE OR REPLACE FUNCTION public.discipline_find(pstudyplanid integer, psemesterid integer, psubjectid integer, pexamtype exam_credit_grading_credit)
+ RETURNS SETOF integer
+LANGUAGE sql
+AS $function$
+--select public.discipline_find(
+-- :pstudyplanid, -- put the pstudyplanid parameter value instead of 'pstudyplanid' (int4)
+-- :psemesterid, -- put the psemesterid parameter value instead of 'psemesterid' (int4)
+-- :psubjectid, -- put the psubjectid parameter value instead of 'psubjectid' (int4)
+-- :pexamtype -- put the pexamtype parameter value instead of 'pexamtype' (exam_credit_grading_credit)
+--);
+SELECT disciplines.ID
+FROM disciplines
+ INNER JOIN disciplines_study_plans ON disciplines.ID = disciplines_study_plans.DisciplineID
+WHERE disciplines_study_plans.StudyPlanID = pStudyPlanID AND
+ disciplines.SemesterID = pSemesterID AND
+ disciplines.SubjectID = pSubjectID AND
+ (disciplines.ExamType = pExamType or
+ (disciplines.ExamType = 'credit' and pExamType = 'grading_credit'));
+$function$;
+
+-- РќР• ДОБАВЛЯЙТЕ РТРФУНКЦРР Р’ БАЗУ !!!!
+
+CREATE OR REPLACE FUNCTION public.discipline_settypeunsafe(pdisciplineid integer, ptype exam_credit_grading_credit)
+ RETURNS integer
+LANGUAGE plpgsql
+AS $function$
+declare vRow int;
+begin
+ UPDATE disciplines
+ SET examtype = ptype
+ WHERE ID = pDisciplineID ;
+ get diagnostics vRow = ROW_COUNT;
+ RETURN vRow-1;
+ EXCEPTION
+ when others then RETURN -1;
+END
+$function$
+;
diff --git a/~dev_rating/application/classes/Controller/Api/V0/StudyPlan.php b/~dev_rating/application/classes/Controller/Api/V0/StudyPlan.php
index ab3046930..2d7bc3a8a 100644
--- a/~dev_rating/application/classes/Controller/Api/V0/StudyPlan.php
+++ b/~dev_rating/application/classes/Controller/Api/V0/StudyPlan.php
@@ -57,6 +57,9 @@ class Controller_Api_V0_StudyPlan extends Controller_Handler_Api
if (isset($disciplineData->gradeID)) {
$discipline->changeGradeUnsafe($disciplineData->gradeID);
}
+ if (isset($disciplineData->type) && $disciplineData->type === 'grading_credit') {
+ $discipline->changeTypeUnsafe($disciplineData->type);
+ }
} else {
if (empty($disciplineData->teacherIDs)) {
throw new InvalidArgumentException('Cannot create discipline without teachers');
diff --git a/~dev_rating/application/classes/Model/Discipline.php b/~dev_rating/application/classes/Model/Discipline.php
index 5ca6eb90d..5fb649f3d 100644
--- a/~dev_rating/application/classes/Model/Discipline.php
+++ b/~dev_rating/application/classes/Model/Discipline.php
@@ -186,6 +186,18 @@ class Model_Discipline extends Model_Container
])->execute()->get('"ErrorCode"');
}
+ public function changeTypeUnsafe($type) {
+ if ($this->Type == $type)
+ return 0;
+
+ $sql = 'SELECT * FROM Discipline_SetTypeUnsafe(:discipline, :type) AS "ErrorCode"';
+ return DB::query(Database::SELECT, $sql)
+ ->parameters([
+ ':discipline' => $this->ID,
+ ':type' => $type,
+ ])->execute()->get('"ErrorCode"');
+ }
+
public function changeGrade($teacherID, $grade) {
if (($this->AuthorID == $teacherID) && $this->IsLocked !== true){
return $this->changeGradeUnsafe($grade);
--
GitLab