From 93e61f97b46643f9b5328845d7bec2083f5b40fc Mon Sep 17 00:00:00 2001
From: PavelBegunkov <asml.Silence@gmail.com>
Date: Sat, 6 Dec 2014 21:52:39 +0300
Subject: [PATCH] sql restrict
---
db/StoredProcedures.sql | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/db/StoredProcedures.sql b/db/StoredProcedures.sql
index 298771938..3ce85f839 100644
--- a/db/StoredProcedures.sql
+++ b/db/StoredProcedures.sql
@@ -2170,7 +2170,8 @@ BEGIN
DECLARE checker INT;
-- 1. check if AccessedTeacher is author
- IF NOT InternalIsTeacherAuthor(TeacherID,DisciplineID)
+ IF NOT InternalIsTeacherAuthor(TeacherID,DisciplineID) OR
+ InternalIsMapLocked(disciplineID)
THEN
RETURN -1;
END IF;
@@ -2278,7 +2279,8 @@ CREATE FUNCTION `UnbindGroup` ( `TeacherID` INT,
) RETURNS int(11)
NO SQL
BEGIN
- IF NOT InternalIsTeacherAuthor(TeacherID,DisciplineID)
+ IF NOT InternalIsTeacherAuthor(TeacherID,DisciplineID) OR
+ InternalIsMapLocked(disciplineID)
THEN
RETURN -1;
END IF;
@@ -3268,7 +3270,7 @@ CREATE FUNCTION `SetStudentRate`( `TeacherID` INT,
RETURNS int(11)
NO SQL
BEGIN
- DECLARE checker, DisciplineID, groupID, rateID INT;
+ DECLARE checker, DisciplineID, groupID, rateID, maxRate INT;
DECLARE isLocked, isUsed tinyint;
SET groupID = -1;
@@ -3283,8 +3285,8 @@ BEGIN
SET isLocked = 0;
SET DisciplineID = -1;
- SELECT modules.DisciplineID, disciplines.isLocked, rating_table.StudentID, submodules.isUsed
- INTO DisciplineID, isLocked, rateID, isUsed
+ SELECT modules.DisciplineID, disciplines.isLocked, rating_table.StudentID, submodules.isUsed, submodules.MaxRate
+ INTO DisciplineID, isLocked, rateID, isUsed, maxRate
FROM `submodules`
INNER JOIN `modules` ON submodules.ModuleID = modules.ID
INNER JOIN `disciplines` ON modules.DisciplineID = disciplines.ID
@@ -3302,7 +3304,7 @@ BEGIN
disciplines_groups.ID IS NOT NULL
)
LIMIT 1;
- IF DisciplineID <= 0 THEN
+ IF DisciplineID <= 0 OR Rate > maxRate THEN
RETURN -1;
END IF;
--
GitLab