Skip to content

Commit fa183c8

Browse files
wow-such-codewow-such-code
committed
clean inputs and inform user of inputs that are too long
1 parent c5b9739 commit fa183c8

File tree

4 files changed

+130
-95
lines changed

4 files changed

+130
-95
lines changed

src/main/java/life/qbic/portal/portlet/UserDBPortletUI.java

Lines changed: 22 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
package life.qbic.portal.portlet;
22

3+
import java.sql.SQLException;
34
import java.util.ArrayList;
4-
55
import java.util.Arrays;
66
import java.util.HashMap;
77
import java.util.List;
@@ -73,7 +73,7 @@ public class UserDBPortletUI extends QBiCPortletUI {
7373
public static String tmpFolder;
7474

7575
private IOpenBisClient openbis;
76-
private final boolean development = false;
76+
private final boolean development = true;
7777

7878
@Override
7979
protected Layout getPortletContent(final VaadinRequest request) {
@@ -153,18 +153,22 @@ private void initTabs() {
153153
} else {
154154
affiMap = dbControl.getAffiliationMap();
155155
personMap = dbControl.getPersonMap();
156+
Map<String, Integer> colNamesToMaxLength = fillMaxInputLengthMap();
157+
156158
Set<String> instituteNames = dbControl.getInstituteNames();
157159
List<String> facultyEnums =
158160
dbControl.getPossibleEnumsForColumnsInTable("organizations", "faculty");
159161
List<String> affiliationRoles =
160162
dbControl.getPossibleEnumsForColumnsInTable("persons_organizations", "occupation");
161163
List<String> titleEnums = dbControl.getPossibleEnumsForColumnsInTable("persons", "title");
162164

163-
PersonInput addUserTab = new PersonInput(titleEnums, affiMap, affiliationRoles,
164-
new AffiliationInput(instituteNames, facultyEnums, personMap));
165+
PersonInput addUserTab =
166+
new PersonInput(titleEnums, affiMap, affiliationRoles, colNamesToMaxLength,
167+
new AffiliationInput(instituteNames, facultyEnums, personMap, colNamesToMaxLength));
165168
options.addTab(addUserTab, "New Person");
166169

167-
AffiliationInput addAffilTab = new AffiliationInput(instituteNames, facultyEnums, personMap);
170+
AffiliationInput addAffilTab =
171+
new AffiliationInput(instituteNames, facultyEnums, personMap, colNamesToMaxLength);
168172
options.addTab(addAffilTab, "New Affiliation");
169173

170174

@@ -243,6 +247,18 @@ private void initTabs() {
243247
}
244248
}
245249

250+
private Map<String, Integer> fillMaxInputLengthMap() {
251+
Map<String, Integer> res = new HashMap<>();
252+
try {
253+
res.putAll(dbControl.getColsMaxLengthsForTable("persons"));
254+
res.putAll(dbControl.getColsMaxLengthsForTable("organizations"));
255+
} catch (SQLException e) {
256+
// TODO Auto-generated catch block
257+
e.printStackTrace();
258+
}
259+
return res;
260+
}
261+
246262
private boolean canUsePortlet() {
247263
try {
248264
User user = PortalUtils.getUser();
@@ -570,7 +586,7 @@ public void buttonClick(ClickEvent event) {
570586
public void valueChange(ValueChangeEvent event) {
571587
if (multiAffilTab.getPersonBox().getValue() != null) {
572588
String personName = multiAffilTab.getPersonBox().getValue().toString();
573-
multiAffilTab.reactToPersonSelection(personName,
589+
multiAffilTab.reactToPersonSelection(personName,
574590
dbControl.getPersonWithAffiliations(personMap.get(personName)));
575591
multiAffilTab.getAddButton().setEnabled(multiAffilTab.newAffiliationPossible());
576592
}

src/main/java/life/qbic/userdb/DBManager.java

Lines changed: 44 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,10 @@ private void logout(Connection conn) {
5959
}
6060
}
6161

62+
private String prepareStringInput(String input) {
63+
return input.trim();
64+
}
65+
6266
private void printAffiliations() {
6367
String sql = "SELECT * FROM organizations";
6468
Connection conn = login();
@@ -80,6 +84,7 @@ private void printAffiliations() {
8084
}
8185

8286
public String getProjectName(String projectIdentifier) {
87+
projectIdentifier = prepareStringInput(projectIdentifier);
8388
String sql = "SELECT short_title from projects WHERE openbis_project_identifier = ?";
8489
String res = "";
8590
Connection conn = login();
@@ -176,6 +181,7 @@ private Connection login() {
176181
}
177182

178183
public void addOrChangeSecondaryNameForProject(int projectID, String secondaryName) {
184+
secondaryName = prepareStringInput(secondaryName);
179185
logger.info(
180186
"Adding/Updating secondary name of project with id " + projectID + " to " + secondaryName);
181187
boolean saved = saveOldSecondaryNameForProjects(projectID);
@@ -333,6 +339,7 @@ public List<String> getPossibleSetOptionsForColumnsInTable(String table, String
333339
}
334340

335341
public boolean isProjectInDB(String projectIdentifier) {
342+
projectIdentifier = prepareStringInput(projectIdentifier);
336343
logger.info("Looking for project " + projectIdentifier + " in the DB");
337344
String sql = "SELECT * from projects WHERE openbis_project_identifier = ?";
338345
boolean res = false;
@@ -356,6 +363,8 @@ public boolean isProjectInDB(String projectIdentifier) {
356363
}
357364

358365
public int addProjectToDB(String projectIdentifier, String projectName) {
366+
projectIdentifier = prepareStringInput(projectIdentifier);
367+
projectName = prepareStringInput(projectName);
359368
if (!isProjectInDB(projectIdentifier)) {
360369
logger.info("Trying to add project " + projectIdentifier + " to the person DB");
361370
String sql = "INSERT INTO projects (openbis_project_identifier, short_title) VALUES(?, ?)";
@@ -384,6 +393,7 @@ public int addProjectToDB(String projectIdentifier, String projectName) {
384393
}
385394

386395
public boolean hasPersonRoleInProject(int personID, int projectID, String role) {
396+
role = prepareStringInput(role);
387397
logger.info("Checking if person already has this role in the project.");
388398
String sql =
389399
"SELECT * from projects_persons WHERE person_id = ? AND project_id = ? and project_role = ?";
@@ -410,6 +420,7 @@ public boolean hasPersonRoleInProject(int personID, int projectID, String role)
410420
}
411421

412422
public void addOrUpdatePersonToProject(int projectID, int personID, String role) {
423+
role = prepareStringInput(role);
413424
if (!hasPersonRoleInProject(personID, projectID, role)) {
414425
logger.info("Trying to add person with role " + role + " to a project.");
415426
if (!roleForProjectTaken(projectID, role)) {
@@ -455,6 +466,7 @@ public void addOrUpdatePersonToProject(int projectID, int personID, String role)
455466
}
456467

457468
private boolean roleForProjectTaken(int projectID, String role) {
469+
role = prepareStringInput(role);
458470
boolean res = false;
459471
String sql = "SELECT person_ID FROM projects_persons WHERE project_id = ? AND project_role = ?";
460472
Connection conn = login();
@@ -764,25 +776,6 @@ public boolean addNewPerson(Person person) {
764776
return res;
765777
}
766778

767-
// public List<String> getPersons() {
768-
// List<String> res = new ArrayList<String>();
769-
// String sql = "SELECT * FROM person";
770-
// Connection conn = login();
771-
// try (PreparedStatement statement = conn.prepareStatement(sql)) {
772-
// ResultSet rs = statement.executeQuery();
773-
// while (rs.next()) {
774-
// String first = Integer.toString(rs.getInt("first_name"));
775-
// String last = Integer.toString(rs.getInt("last_name"));
776-
// res.add(first + " " + last);
777-
// }
778-
// } catch (SQLException e) {
779-
// e.printStackTrace();
780-
// } finally {
781-
// endQuery(conn, statement);
782-
// }
783-
// return res;
784-
// }
785-
786779
public Map<String, Integer> getPersonMap() {
787780
Map<String, Integer> res = new HashMap<String, Integer>();
788781
String sql = "SELECT * FROM persons";
@@ -805,6 +798,20 @@ public Map<String, Integer> getPersonMap() {
805798
return res;
806799
}
807800

801+
public Map<String, Integer> getColsMaxLengthsForTable(String table) throws SQLException {
802+
Connection conn = login();
803+
DatabaseMetaData md = conn.getMetaData();
804+
Map<String, Integer> res = new HashMap<>();
805+
ResultSet rs = md.getColumns(null, null, table, null);
806+
while (rs.next()) {
807+
String cName = rs.getString("COLUMN_NAME");
808+
int length = rs.getInt("COLUMN_SIZE");
809+
res.put(cName, new Integer(length));
810+
}
811+
logout(conn);
812+
return res;
813+
}
814+
808815
public void printTableNames() throws SQLException {
809816
Connection conn = login();
810817
DatabaseMetaData md = conn.getMetaData();
@@ -982,6 +989,7 @@ public Set<String> getInstituteNames() {
982989
}
983990

984991
public Affiliation getOrganizationInfosFromInstitute(String institute) {
992+
institute = prepareStringInput(institute);
985993
Affiliation res = null;
986994
String sql = "SELECT * FROM organizations WHERE institute LIKE ?";
987995
Connection conn = login();
@@ -1034,6 +1042,7 @@ public Affiliation getOrganizationInfosFromInstitute(String institute) {
10341042
}
10351043

10361044
public Affiliation getOrganizationInfosFromOrg(String organization) {
1045+
organization = prepareStringInput(organization);
10371046
Affiliation res = null, maybe = null;
10381047
String sql = "SELECT * FROM organizations WHERE umbrella_organization LIKE ?";
10391048
Connection conn = login();
@@ -1118,53 +1127,12 @@ public List<Affiliation> getAffiliationTable() {
11181127
return res;
11191128
}
11201129

1121-
11221130
public String getInvestigatorForProject(String projectIdentifier) {
1131+
projectIdentifier = prepareStringInput(projectIdentifier);
11231132
String details = getPersonDetailsForProject(projectIdentifier, "PI");
11241133
return details.split("\n")[0].trim();
11251134
}
11261135

1127-
// public Person getPersonForProject(String projectIdentifier, String role) {
1128-
// String sql =
1129-
// "SELECT * FROM persons LEFT JOIN projects_persons ON persons.id = projects_persons.person_id "
1130-
// + "LEFT JOIN projects ON projects_persons.project_id = projects.id WHERE "
1131-
// + "projects.openbis_project_identifier = ? AND projects_persons.project_role = ?";
1132-
// Person res = null;
1133-
//
1134-
// Connection conn = login();
1135-
// try (PreparedStatement statement = conn.prepareStatement(sql)) {
1136-
// statement.setString(1, projectIdentifier);
1137-
// statement.setString(2, role);
1138-
//
1139-
// ResultSet rs = statement.executeQuery();
1140-
//
1141-
//
1142-
// while (rs.next()) {
1143-
// String title = rs.getString("title");
1144-
// String zdvID = rs.getString("username");
1145-
// String first = rs.getString("first_name");
1146-
// String last = rs.getString("family_name");
1147-
// String email = rs.getString("email");
1148-
// String tel = rs.getString("phone");
1149-
// Affiliation affiliation = getAffiliationFromProjectIDAndRole(projectIdentifier, role);
1150-
// int instituteID = -1;// TODO fetch correct id
1151-
//
1152-
//
1153-
// res = new Person(zdvID, title, first, last, email, tel, instituteID, affiliation);
1154-
// }
1155-
// } catch (SQLException e) {
1156-
// LOG.error("Could not get person for project due to database error", e);
1157-
// } finally {
1158-
// logout(conn);
1159-
// }
1160-
//
1161-
// return res;
1162-
// }
1163-
1164-
//
1165-
// int affiliationID = getAffiliationIDForPersonID(id);
1166-
// affiliationOfPerson = getAffiliationWithID(affiliationID);
1167-
//
11681136
/**
11691137
*
11701138
* @param personID
@@ -1197,6 +1165,8 @@ public int getAffiliationIDForPersonID(Integer personID) {
11971165
}
11981166

11991167
public String getPersonDetailsForProject(String projectIdentifier, String role) {
1168+
projectIdentifier = prepareStringInput(projectIdentifier);
1169+
role = prepareStringInput(role);
12001170
String sql =
12011171
"SELECT projects_persons.*, projects.* FROM projects_persons, projects WHERE projects.openbis_project_identifier = ?"
12021172
+ " AND projects.id = projects_persons.project_id AND projects_persons.project_role = ?";
@@ -1377,6 +1347,7 @@ private void endQuery(Connection c, PreparedStatement p) {
13771347
}
13781348

13791349
public void setAffiliationVIP(int affi, int person, String role) {
1350+
role = prepareStringInput(role);
13801351
logger.info("Trying to set/change affiliation-specific role " + role);
13811352
String sql = "UPDATE organizations SET " + role + "=? WHERE id = ?";
13821353
Connection conn = login();
@@ -1396,6 +1367,8 @@ public void setAffiliationVIP(int affi, int person, String role) {
13961367
}
13971368

13981369
public List<Person> getPersonsByName(String one, String two) {
1370+
one = prepareStringInput(one);
1371+
two = prepareStringInput(two);
13991372
List<Person> res = new ArrayList<Person>();
14001373

14011374
String sql = "SELECT * from persons where (first_name LIKE ? AND family_name LIKE ?) OR "
@@ -1599,6 +1572,7 @@ public Map<String, ProjectInfo> getProjectMap() {
15991572
}
16001573

16011574
public List<CollaboratorWithResponsibility> getCollaboratorsOfProject(String project) {
1575+
project = prepareStringInput(project);
16021576
List<CollaboratorWithResponsibility> res = new ArrayList<CollaboratorWithResponsibility>();
16031577
// for experiments
16041578
String sql =
@@ -1651,6 +1625,7 @@ public List<CollaboratorWithResponsibility> getCollaboratorsOfProject(String pro
16511625
}
16521626

16531627
public int addExperimentToDB(String openbisIdentifier) {
1628+
openbisIdentifier = prepareStringInput(openbisIdentifier);
16541629
int exists = isExpInDB(openbisIdentifier);
16551630
if (exists < 0) {
16561631
logger.info("Trying to add experiment " + openbisIdentifier + " to the person DB");
@@ -1676,14 +1651,15 @@ public int addExperimentToDB(String openbisIdentifier) {
16761651
return exists;
16771652
}
16781653

1679-
private int isExpInDB(String id) {
1680-
logger.info("Looking for experiment " + id + " in the DB");
1654+
private int isExpInDB(String expID) {
1655+
expID = prepareStringInput(expID);
1656+
logger.info("Looking for experiment " + expID + " in the DB");
16811657
String sql = "SELECT * from experiments WHERE openbis_experiment_identifier = ?";
16821658
int res = -1;
16831659
Connection conn = login();
16841660
try {
16851661
PreparedStatement statement = conn.prepareStatement(sql);
1686-
statement.setString(1, id);
1662+
statement.setString(1, expID);
16871663
ResultSet rs = statement.executeQuery();
16881664
if (rs.next()) {
16891665
logger.info("project found!");
@@ -1698,6 +1674,7 @@ private int isExpInDB(String id) {
16981674
}
16991675

17001676
public void addPersonToExperiment(int expID, int personID, String role) {
1677+
role = prepareStringInput(role);
17011678
if (expID == 0 || personID == 0)
17021679
return;
17031680

@@ -1746,6 +1723,7 @@ private boolean hasPersonRoleInExperiment(int personID, int expID, String role)
17461723
}
17471724

17481725
public int getProjectIDFromCode(String code) {
1726+
code = prepareStringInput(code);
17491727
int res = -1;
17501728
String sql = "SELECT id from projects WHERE openbis_project_identifier LIKE ?";
17511729
Connection conn = login();
@@ -1766,6 +1744,7 @@ public int getProjectIDFromCode(String code) {
17661744
}
17671745

17681746
public void removePersonFromProject(int id, String role) {
1747+
role = prepareStringInput(role);
17691748
logger.info("Trying to remove person with role " + role + " from project with id " + id);
17701749
String sql = "DELETE FROM projects_persons WHERE project_id = ? AND project_role = ?";
17711750
Connection conn = login();
@@ -1802,6 +1781,7 @@ public void removePersonFromExperiment(int experimentID) {
18021781
}
18031782

18041783
public void addOrUpdatePersonToExperiment(int experimentID, int personID, String role) {
1784+
role = prepareStringInput(role);
18051785
if (!hasPersonRoleInExperiment(personID, experimentID, role)) {
18061786
logger.info("Trying to add person with role " + role + " to an experiment.");
18071787
if (!roleForExperimentTaken(experimentID, role)) {

0 commit comments

Comments
 (0)