package de.superx.servlet;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
import org.dbforms.config.DbFormsConfig;
import org.dbforms.config.FieldValues;
import org.dbforms.config.Table;
import org.dbforms.config.ValidationException;
import org.dbforms.event.DbEventInterceptorSupport;

/* loaded from: input_file:de/superx/servlet/DbformInterceptor.class */
public class DbformInterceptor extends DbEventInterceptorSupport {
    protected int checkRights(String str, String str2, Connection connection, int i) throws ValidationException {
        try {
            Statement createStatement = connection.createStatement();
            ResultSet executeQuery = createStatement.executeQuery("select sp_get_dbform_right('" + str2 + "'," + str + ") from xdummy");
            String string = executeQuery.next() ? executeQuery.getString(1) : "0";
            executeQuery.close();
            createStatement.close();
            if (string.equals("1")) {
                return 0;
            }
            return (string.equals("2") && i == 2) ? 0 : 1;
        } catch (SQLException e) {
            throw new ValidationException("Fehler bei Rechteermittlung DETAILS: " + e.toString());
        }
    }

    public int preInsert(HttpServletRequest httpServletRequest, Table table, FieldValues fieldValues, DbFormsConfig dbFormsConfig, Connection connection) throws ValidationException {
        int checkRights = checkRights(httpServletRequest.getSession().getAttribute("UserID").toString(), table.getName(), connection, 1);
        if (table.getName().equals("unload_params") && fieldValues.get("param_val").getFieldValue().indexOf(";") > -1) {
            checkRights = 1;
        }
        return checkRights;
    }

    public int preUpdate(HttpServletRequest httpServletRequest, Table table, FieldValues fieldValues, DbFormsConfig dbFormsConfig, Connection connection) throws ValidationException {
        int checkRights = checkRights(httpServletRequest.getSession().getAttribute("UserID").toString(), table.getName(), connection, 1);
        if (table.getName().equals("unload_params") && fieldValues.get("param_val").getFieldValue().indexOf(";") > -1) {
            checkRights = 1;
        }
        return checkRights;
    }

    public int preDelete(HttpServletRequest httpServletRequest, Table table, FieldValues fieldValues, DbFormsConfig dbFormsConfig, Connection connection) throws ValidationException {
        return checkRights(httpServletRequest.getSession().getAttribute("UserID").toString(), table.getName(), connection, 1);
    }

    public int preSelect(HttpServletRequest httpServletRequest, Table table, FieldValues fieldValues, DbFormsConfig dbFormsConfig, Connection connection) throws ValidationException {
        return checkRights(httpServletRequest.getSession().getAttribute("UserID").toString(), table.getName(), connection, 2);
    }
}
