From 2468fdc1e1d4066eee5794e21ddb362d9203648a Mon Sep 17 00:00:00 2001 From: josteitv Date: Wed, 20 May 2015 11:57:15 +0200 Subject: [PATCH] Added user check when deleting items --- src/main/java/Repository.java | 5 +++-- src/main/java/TodoServlet.java | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/main/java/Repository.java b/src/main/java/Repository.java index 890dd4c..a5698c4 100644 --- a/src/main/java/Repository.java +++ b/src/main/java/Repository.java @@ -249,13 +249,14 @@ public static void updateTodoItem(TodoItem todoItem) { } - public static void deleteTodoItem(String id) { - String sql = "delete from TODO_ITEM where id = ?"; + public static void deleteTodoItem(String id, String user) { + String sql = "delete from TODO_ITEM where id = ? and user = ?"; Connection connection = getDBConnection(); try { PreparedStatement ps = connection.prepareStatement(sql); ps.setString(1, id); + ps.setString(2, user); ps.executeUpdate(); } catch (SQLException e) { throw new RuntimeException(e); diff --git a/src/main/java/TodoServlet.java b/src/main/java/TodoServlet.java index bbd55ea..89c9582 100644 --- a/src/main/java/TodoServlet.java +++ b/src/main/java/TodoServlet.java @@ -20,6 +20,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t String todo = request.getParameter("todo"); String delete = request.getParameter("delete"); + // UTF8-problem i chrome... + // String html = "

TODO for bruker '" + user + "'

"; String html = "

TODO

"; String todoText = ""; @@ -27,7 +29,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t if (!isNullOrEmpty(id) && !isNullOrEmpty(delete)) { // Delete todo item - Repository.deleteTodoItem(id); + Repository.deleteTodoItem(id, user); } else if (!isNullOrEmpty(id) && isNullOrEmpty(todo)) { // View todo item