diff --git a/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/dao/impl/DelegatedAccessDaoImpl.java b/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/dao/impl/DelegatedAccessDaoImpl.java index 45e8a1f0773c..409797dbe82a 100644 --- a/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/dao/impl/DelegatedAccessDaoImpl.java +++ b/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/dao/impl/DelegatedAccessDaoImpl.java @@ -144,14 +144,17 @@ public Map> getNodesBySiteRef(String[] siteRefs, String hie String query = getStatement("select.hierarchyNode"); String inParams = "("; for(int i = 0; i < subSiteRefs.length; i++){ - inParams += "'" + subSiteRefs[i].replace("'", "''") + "'"; //escape apostrophe + inParams += "?"; if(i < subSiteRefs.length - 1){ inParams += ","; } } inParams += ")"; - query = query.replace("(?)", inParams); - List results = (List) getJdbcTemplate().query(query, new Object[]{hierarchyId}, new RowMapper() { + query = query.replace("(?)", inParams); + List parameters = new ArrayList(); + parameters.add(hierarchyId); + parameters.addAll(Arrays.asList(subSiteRefs)); + List results = (List) getJdbcTemplate().query(query, parameters.toArray(), new RowMapper() { public Object mapRow(ResultSet resultSet, int i) throws SQLException { return new String[]{resultSet.getString("title"), resultSet.getString("ID")}; @@ -253,14 +256,17 @@ public void removeSiteProperty(String[] siteIds, String propertyName){ String inParams = "("; for(int i = 0; i < subSiteRefs.length; i++){ - inParams += "'" + subSiteRefs[i].replace("'", "''") + "'"; + inParams += "?"; if(i < subSiteRefs.length - 1){ inParams += ","; } } inParams += ")"; - query1 = query1.replace("(?)", inParams); - getJdbcTemplate().update(query1, new Object[]{propertyName}); + query1 = query1.replace("(?)", inParams); + List parameters = new ArrayList(); + parameters.add(propertyName); + parameters.addAll(Arrays.asList(subSiteRefs)); + getJdbcTemplate().update(query1, parameters.toArray()); subArrayIndex = subArrayIndex + subArraySize; }while(subArrayIndex < siteIds.length); }catch (DataAccessException ex) { @@ -418,14 +424,17 @@ public Map> getNodesAndPermsForUser(String userId, String[] String query = getStatement("select.nodes.and.perms.for.user"); String inParams = "("; for(int i = 0; i < subSiteRefs.length; i++){ - inParams += "'" + subSiteRefs[i].replace("'", "''") + "'"; + inParams += "?"; if(i < subSiteRefs.length - 1){ inParams += ","; } } inParams += ")"; - query = query.replace("(?)", inParams); - List results = (List) getJdbcTemplate().query(query, new Object[]{userId}, new RowMapper() { + query = query.replace("(?)", inParams); + List parameters = new ArrayList(); + parameters.add(userId); + parameters.addAll(Arrays.asList(subSiteRefs)); + List results = (List) getJdbcTemplate().query(query, parameters.toArray(), new RowMapper() { public Object mapRow(ResultSet resultSet, int i) throws SQLException { return new String[]{resultSet.getString("NODEID"), resultSet.getString("PERMISSION")}; @@ -474,14 +483,14 @@ public List findActiveSites(String[] siteIds){ String query = getStatement("select.activeSites"); String inParams = "("; for(int i = 0; i < subSiteRefs.length; i++){ - inParams += "'" + subSiteRefs[i].replace("'", "''") + "'"; + inParams += "?"; if(i < subSiteRefs.length - 1){ inParams += ","; } } inParams += ")"; query = query.replace("(?)", inParams); - List results = (List) getJdbcTemplate().query(query, new RowMapper() { + List results = (List) getJdbcTemplate().query(query,subSiteRefs,new RowMapper() { public Object mapRow(ResultSet resultSet, int i) throws SQLException { return resultSet.getString("SITE_ID"); } @@ -518,7 +527,7 @@ public void removeAnonAndAuthRoles(String[] siteRefs){ String inParams = "("; for(int i = 0; i < subSiteRefs.length; i++){ - inParams += "'" + subSiteRefs[i].replace("'", "''") + "'"; + inParams += "?"; if(i < subSiteRefs.length - 1){ inParams += ","; } @@ -526,8 +535,8 @@ public void removeAnonAndAuthRoles(String[] siteRefs){ inParams += ")"; query1 = query1.replace("(?)", inParams); query2 = query2.replace("(?)", inParams); - getJdbcTemplate().update(query1); - getJdbcTemplate().update(query2); + getJdbcTemplate().update(query1,subSiteRefs); + getJdbcTemplate().update(query2,subSiteRefs); subArrayIndex = subArrayIndex + subArraySize; }while(subArrayIndex < siteRefs.length); }catch (DataAccessException ex) { @@ -553,7 +562,7 @@ public void copyRole(String fromRealm, String fromRole, String[] toRealm, String String inParams = "("; for(int i = 0; i < subSiteRefs.length; i++){ - inParams += "'" + subSiteRefs[i].replace("'", "''") + "'"; + inParams += "?"; if(i < subSiteRefs.length - 1){ inParams += ","; } @@ -561,8 +570,16 @@ public void copyRole(String fromRealm, String fromRole, String[] toRealm, String inParams += ")"; query1 = query1.replace("(?)", inParams); query2 = query2.replace("(?)", inParams); - getJdbcTemplate().update(query1, new Object[]{fromRealm, fromRole, toRole}); - getJdbcTemplate().update(query2, new Object[]{toRole}); + List parameters1 = new ArrayList(); + parameters1.addAll(Arrays.asList(subSiteRefs)); + parameters1.add(fromRealm); + parameters1.add(fromRole); + parameters1.add(toRole); + List parameters2 = new ArrayList(); + parameters2.addAll(Arrays.asList(subSiteRefs)); + parameters2.add(toRole); + getJdbcTemplate().update(query1, parameters1.toArray()); + getJdbcTemplate().update(query2, parameters2.toArray()); subArrayIndex = subArrayIndex + subArraySize; }while(subArrayIndex < toRealm.length); }catch (DataAccessException ex) { @@ -601,14 +618,14 @@ public List getSitesWithDelegatedAccessTool(String[] siteIds){ String query = getStatement("select.delegatedaccess.user.hasworkspacetool"); String inParams = "("; for(int i = 0; i < subSiteRefs.length; i++){ - inParams += "'" + subSiteRefs[i].replace("'", "''") + "'"; + inParams += "?"; if(i < subSiteRefs.length - 1){ inParams += ","; } } inParams += ")"; query = query.replace("(?)", inParams); - List results = (List) getJdbcTemplate().query(query, new RowMapper() { + List results = (List) getJdbcTemplate().query(query, subSiteRefs, new RowMapper() { public Object mapRow(ResultSet resultSet, int i) throws SQLException { return resultSet.getString("SITE_ID"); } diff --git a/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/logic/ProjectLogicImpl.java b/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/logic/ProjectLogicImpl.java index 52ea0b431033..30eebd8964f8 100644 --- a/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/logic/ProjectLogicImpl.java +++ b/delegatedaccess/impl/src/java/org/sakaiproject/delegatedaccess/logic/ProjectLogicImpl.java @@ -23,6 +23,7 @@ import java.util.Collections; import java.util.Comparator; import java.util.Date; +import java.util.concurrent.ConcurrentHashMap; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; @@ -1769,7 +1770,7 @@ private Map grantAccessToSites(List siteRefs, boolea if(useSession){ session = sakaiProxy.getCurrentSession(); } - Map deniedAuthToolsMap = new HashMap(); + Map deniedAuthToolsMap = new ConcurrentHashMap(); if(useSession){ //only worry about the session for non shopping period queries Object sessionDeniedToolsMap = session.getAttribute(DelegatedAccessConstants.SESSION_ATTRIBUTE_DENIED_TOOLS); @@ -1778,7 +1779,7 @@ private Map grantAccessToSites(List siteRefs, boolea } } - Map deniedPublicToolsMap = new HashMap(); + Map deniedPublicToolsMap = new ConcurrentHashMap(); if(useSession){ //only worry about the session for non shopping period queries Object sessionDeniedTools2Map = session.getAttribute(DelegatedAccessConstants.SESSION_ATTRIBUTE_DENIED_TOOLS2); @@ -1787,7 +1788,7 @@ private Map grantAccessToSites(List siteRefs, boolea } } - Map accessMap = new HashMap(); + Map accessMap = new ConcurrentHashMap(); if(useSession){ //only worry about the session for non shopping period queries Object sessionaccessMap = session.getAttribute(DelegatedAccessConstants.SESSION_ATTRIBUTE_ACCESS_MAP);