From 9010502f7e50688b72300b60646eac5b89a80d9e Mon Sep 17 00:00:00 2001
From: Ugnich Anton
Date: Sun, 16 Dec 2012 12:00:31 +0700
Subject: messages privacy fix

---
 src/com/juick/server/MessagesQueries.java | 139 +++++++++++++++---------------
 1 file changed, 70 insertions(+), 69 deletions(-)

diff --git a/src/com/juick/server/MessagesQueries.java b/src/com/juick/server/MessagesQueries.java
index 90c90ceb..c17b9d3d 100644
--- a/src/com/juick/server/MessagesQueries.java
+++ b/src/com/juick/server/MessagesQueries.java
@@ -28,12 +28,12 @@ import java.util.ArrayList;
  * @author Ugnich Anton
  */
 public class MessagesQueries {
-    
+
     public static boolean canViewThread(Connection sql, int mid, int uid) {
-        
+
         int privacy = 0;
         int owner_uid = 0;
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -49,15 +49,16 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return privacy >= 0
-                || (privacy == -1 && uid > 0 && UserQueries.isInWL(sql, owner_uid, uid))
-                || (privacy == -2 && (uid == owner_uid || hasAccessToMessage(sql, mid, uid)));
+                || uid == owner_uid
+                || ((privacy == -1 || privacy == -2) && uid > 0 && UserQueries.isInWL(sql, owner_uid, uid))
+                || (privacy == -3 && uid > 0 && hasAccessToMessage(sql, mid, uid));
     }
-    
+
     public static boolean hasAccessToMessage(Connection sql, int mid, int uid) {
         boolean ret = false;
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -73,13 +74,13 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return ret;
     }
-    
+
     public static boolean isReadOnly(Connection sql, int mid) {
         boolean ret = false;
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -96,10 +97,10 @@ public class MessagesQueries {
         }
         return ret;
     }
-    
+
     public static boolean isSubscribed(Connection sql, int uid, int mid) {
         boolean ret = false;
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -117,10 +118,10 @@ public class MessagesQueries {
         }
         return ret;
     }
-    
+
     public static com.juick.Message getMessage(Connection sql, int mid) {
         com.juick.Message msg = null;
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -153,11 +154,11 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         if (msg == null) {
             return null;
         }
-        
+
         try {
             stmt = sql.prepareStatement("SELECT tags,repliesby,txt FROM messages_txt WHERE message_id=?");
             stmt.setInt(1, mid);
@@ -174,13 +175,13 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return msg;
     }
-    
+
     public static com.juick.Message getReply(Connection sql, int mid, int rid) {
         com.juick.Message msg = null;
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -205,13 +206,13 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return msg;
     }
-    
+
     public static com.juick.User getMessageAuthor(Connection sql, int mid) {
         com.juick.User user = null;
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -230,10 +231,10 @@ public class MessagesQueries {
         }
         return user;
     }
-    
+
     public static ArrayList<String> getMessageRecommendations(Connection sql, int mid) {
         ArrayList<String> users = new ArrayList<String>();
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -249,13 +250,13 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return users;
     }
-    
+
     public static ArrayList<Integer> getAll(Connection sql, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -277,10 +278,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getTag(Connection sql, int tid, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -304,7 +305,7 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getMyFeed(Connection sql, int uid, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
         PreparedStatement stmt = null;
@@ -334,10 +335,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getPrivate(Connection sql, int uid, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -364,10 +365,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getDiscussions(Connection sql, int uid, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -389,13 +390,13 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return mids;
     }
-    
+
     public static ArrayList<Integer> getRecommended(Connection sql, int uid, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -417,14 +418,14 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
-        
+
+
         return mids;
     }
-    
+
     public static ArrayList<Integer> getPopular(Connection sql, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -446,10 +447,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getPhotos(Connection sql, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -471,10 +472,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getSearch(Connection sql, Connection sqlSearch, String search, int before) {
         ArrayList<Integer> mids0 = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -496,7 +497,7 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
         if (mids0.size() > 0) {
             try {
@@ -512,13 +513,13 @@ public class MessagesQueries {
                 Utils.finishSQL(rs, stmt);
             }
         }
-        
+
         return mids;
     }
-    
+
     public static ArrayList<Integer> getUserBlog(Connection sql, int UID, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -542,10 +543,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getUserTag(Connection sql, int UID, int TID, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -571,10 +572,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getUserRecommendations(Connection sql, int UID, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -598,10 +599,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getUserPhotos(Connection sql, int UID, int before) {
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -625,10 +626,10 @@ public class MessagesQueries {
         }
         return mids;
     }
-    
+
     public static ArrayList<Integer> getUserSearch(Connection sql, Connection sqlSearch, int UID, String search, int before) {
         ArrayList<Integer> mids0 = new ArrayList<Integer>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -652,7 +653,7 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         ArrayList<Integer> mids = new ArrayList<Integer>(20);
         if (mids0.size() > 0) {
             try {
@@ -668,13 +669,13 @@ public class MessagesQueries {
                 Utils.finishSQL(rs, stmt);
             }
         }
-        
+
         return mids;
     }
-    
+
     public static ArrayList<com.juick.Message> getMessages(Connection sql, ArrayList<Integer> mids) {
         ArrayList<com.juick.Message> msgs = new ArrayList<com.juick.Message>(20);
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -684,7 +685,7 @@ public class MessagesQueries {
             while (rs.next()) {
                 com.juick.Message msg = new com.juick.Message();
                 msg.User = new com.juick.User();
-                
+
                 msg.MID = rs.getInt(1);
                 msg.User.UID = rs.getInt(2);
                 msg.User.UName = rs.getString(3);
@@ -706,7 +707,7 @@ public class MessagesQueries {
                     msg.Place.lat = rs.getDouble(15);
                     msg.Place.lon = rs.getDouble(16);
                 }
-                
+
                 msgs.add(msg);
             }
         } catch (SQLException e) {
@@ -714,13 +715,13 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return msgs;
     }
-    
+
     public static ArrayList<com.juick.Message> getReplies(Connection sql, int mid) {
         ArrayList<com.juick.Message> replies = new ArrayList<com.juick.Message>();
-        
+
         PreparedStatement stmt = null;
         ResultSet rs = null;
         try {
@@ -740,7 +741,7 @@ public class MessagesQueries {
                 msg.TimeAgo = rs.getInt(6);
                 msg.TimestampString = rs.getString(7);
                 msg.AttachmentType = rs.getString(8);
-                
+
                 replies.add(msg);
             }
         } catch (SQLException e) {
@@ -748,7 +749,7 @@ public class MessagesQueries {
         } finally {
             Utils.finishSQL(rs, stmt);
         }
-        
+
         return replies;
     }
 }
-- 
cgit v1.2.3