package de.cismet.web.timetracker.servlets;

import com.google.gwt.user.server.rpc.impl.SerializedInstanceReference;
import de.cismet.web.timetracker.Database;
import java.io.IOException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Hashtable;
import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.hibernate.secure.HibernatePermission;

/* loaded from: input_file:WEB-INF/lib/time-tracker-1.0-20170427.155454-3.jar:de/cismet/web/timetracker/servlets/Timesheet.class */
public class Timesheet extends HttpServlet {
    ServletContext application;

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.GenericServlet, javax.servlet.Servlet
    public String getServletInfo() {
        return "Short description";
    }

    @Override // javax.servlet.GenericServlet, javax.servlet.Servlet
    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.application = servletConfig.getServletContext();
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Database database = new Database(this.application.getRealPath(SerializedInstanceReference.SERIALIZED_REFERENCE_SEPARATOR).replace('\\', '/'));
        String str = "";
        if (!database.isConnectionOk()) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("Timesheet.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=Fehler beim Verbinden mit der Datenbank: " + database.getErrorMessage()));
            return;
        }
        String parameter = httpServletRequest.getParameter("u_id") == null ? "" : httpServletRequest.getParameter("u_id");
        try {
            if (httpServletRequest.getParameter("act") != null && httpServletRequest.getParameter("act").equals("uebernehmen") && httpServletRequest.getParameter("mods") != null) {
                if (isActionAllowed(parameter, httpServletRequest.getSession(), database, httpServletRequest)) {
                    Hashtable hashtable = new Hashtable();
                    StringTokenizer stringTokenizer = new StringTokenizer(httpServletRequest.getParameter("mods"), "|");
                    while (stringTokenizer.countTokens() >= 3) {
                        String nextToken = stringTokenizer.nextToken();
                        String nextToken2 = stringTokenizer.nextToken();
                        String nextToken3 = stringTokenizer.nextToken();
                        String str2 = (String) httpServletRequest.getSession().getAttribute("role");
                        str = nextToken2.indexOf("New") != -1 ? str + insertNewData(nextToken3, nextToken, database, str2, hashtable) : nextToken2.equals(HibernatePermission.DELETE) ? str + deleteData(nextToken, database, str2) : str + changeData(nextToken3, nextToken, nextToken2, database, str2, hashtable);
                    }
                } else {
                    str = str + "<script language='javascript'>alert('Diese Aktion darf nur vom Benutzer selbst oder vom zustaendigen Admin ausgefuehrt werden.')</script>";
                }
            }
        } catch (SQLException e) {
            str = str + e.getMessage();
        }
        database.close();
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("Timesheet.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&KWvon=" + httpServletRequest.getParameter("KWvon") + "&KWbis=" + httpServletRequest.getParameter("KWbis") + "&jahr=" + httpServletRequest.getParameter("jahr") + "&errorMsg=" + str));
    }

    private String changeData(String str, String str2, String str3, Database database, String str4, Hashtable hashtable) {
        ResultSet execute;
        if (str2.indexOf("New") != -1 && hashtable.get(str2) != null) {
            str2 = (String) hashtable.get(str2);
        }
        if ((str3.equals("annotation") || str3.equals("time")) && !str.equals("null")) {
            str = "'" + str + "'";
        }
        try {
            boolean z = false;
            ResultSet execute2 = database.execute(new StringBuffer("SELECT admin FROM tt_timesheet_action ta, tt_timesheet ts WHERE ta.id = ts.action AND ts.oid=" + str2).toString());
            ResultSet execute3 = database.execute(new StringBuffer("SELECT admin FROM tt_timesheet_action WHERE description=" + ((str == null || str.startsWith("'")) ? str : "'" + str + "'")).toString());
            if (execute2 == null || !execute2.next()) {
                return "<script language='javascript'>alert('Es konnte nicht erkannt werden, ob es sich um einen Admin-Datensatz handelt. Aktion wurde ignoriert')</script>";
            }
            if (execute2.getBoolean(1) && !str4.equals("admin")) {
                return "<script language='javascript'>alert('Zur &Auml;nderung, L&ouml;schung oder Anlegung eines Admin-Datensatzes werden Admin-Rechte ben&ouml;tigt. Aktion wurde ignoriert')</script>";
            }
            if (execute3.next() && execute3.getBoolean(1) && !str4.equals("admin")) {
                return "<script language='javascript'>alert('Zur &Auml;nderung, L&ouml;schung oder Anlegung eines Admin-Datensatzes werden Admin-Rechte ben&ouml;tigt. Aktion wurde ignoriert')</script>";
            }
            if (str3.equals("action") && (execute = database.execute(new StringBuffer("SELECT id FROM tt_timesheet_action WHERE description='" + str + "'").toString())) != null && execute.next()) {
                str = execute.getString(1);
            }
            if (str3.equals("project_id") && !str.equals("null")) {
                ResultSet execute4 = database.execute(new StringBuffer("SELECT id FROM tt_projects WHERE title='" + str + "'").toString());
                if (execute4 == null || !execute4.next()) {
                    z = true;
                } else {
                    str = execute4.getString(1);
                }
            }
            if (!z) {
                StringBuffer stringBuffer = new StringBuffer("UPDATE tt_timesheet SET ");
                stringBuffer.append(str3 + "=" + str);
                stringBuffer.append(", manual=true");
                stringBuffer.append(" WHERE oid = " + str2);
                database.executeUpdate(stringBuffer.toString());
            }
            return "";
        } catch (SQLException e) {
            System.err.println(e.getMessage());
            return "Fehler beim &Auml;ndern";
        }
    }

    private String deleteData(String str, Database database, String str2) {
        try {
            ResultSet execute = database.execute(new StringBuffer("SELECT admin FROM tt_timesheet_action ta, tt_timesheet ts WHERE ta.id = ts.action AND ts.oid=" + str).toString());
            if (execute == null || !execute.next()) {
                return "<script language='javascript'>alert('Es konnte nicht erkannt werden, ob es sich um einen Admin-Datensatz handelt. Aktion wurde ignoriert')</script>";
            }
            if (execute.getBoolean(1) && !str2.equals("admin")) {
                return "<script language='javascript'>alert('Zur &Auml;nderung, L&ouml;schung oder Anlegung eines Admin-Datensatzes werden Admin-Rechte ben&ouml;tigt. Aktion wurde ignoriert')</script>";
            }
            StringBuffer stringBuffer = new StringBuffer("DELETE FROM tt_timesheet WHERE oid=");
            stringBuffer.append("" + str);
            database.executeUpdate(stringBuffer.toString());
            return "";
        } catch (SQLException e) {
            System.err.println(e.getMessage());
            return "Fehler beim L&ouml;schen";
        }
    }

    private String insertNewData(String str, String str2, Database database, String str3, Hashtable hashtable) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        if (stringTokenizer.countTokens() != 3) {
            return "";
        }
        String nextToken = stringTokenizer.nextToken();
        String nextToken2 = stringTokenizer.nextToken();
        String nextToken3 = stringTokenizer.nextToken();
        try {
            StringBuffer stringBuffer = new StringBuffer("SELECT id, admin FROM tt_timesheet_action WHERE description=" + ((nextToken == null || nextToken.startsWith("'")) ? nextToken : "'" + nextToken + "'"));
            ResultSet execute = database.execute(stringBuffer.toString());
            if (execute == null || !execute.next()) {
                return "<script language='javascript'>alert('Datenbankfehler. Es konnte nicht erkannt werden, ob es sich um einen Admin-Datensatz handelt. Aktion wurde ignoriert')</script>";
            }
            if (execute.getBoolean(2) && !str3.equals("admin")) {
                return "<script language='javascript'>alert('Zur &Auml;nderung, L&ouml;schung oder Anlegung eines Admin-Datensatzes werden Admin-Rechte ben&ouml;tigt. Aktion wurde ignoriert')</script>";
            }
            ResultSet execute2 = database.execute(stringBuffer.toString());
            if (execute2 == null || !execute2.next()) {
                return "ActionId konnte nicht ermittelt werden";
            }
            String string = execute2.getString(1);
            StringBuffer stringBuffer2 = new StringBuffer("INSERT INTO tt_timesheet (action, time, u_id, manual) VALUES(");
            stringBuffer2.append(string + ", '" + nextToken2 + "', " + nextToken3 + ", true)");
            database.executeUpdate(stringBuffer2.toString());
            StringBuffer stringBuffer3 = new StringBuffer("SELECT oid FROM tt_timesheet WHERE u_id=" + nextToken3);
            stringBuffer3.append(" AND time='" + nextToken2 + "' ORDER BY oid DESC");
            ResultSet execute3 = database.execute(stringBuffer3.toString());
            if (execute3 == null || !execute3.next()) {
                return "";
            }
            hashtable.put(str2, execute3.getString(1));
            return "";
        } catch (SQLException e) {
            System.err.println(e.getMessage());
            return "Fehler beim Einf&uuml;gen";
        }
    }

    private boolean isActionAllowed(String str, HttpSession httpSession, Database database, HttpServletRequest httpServletRequest) throws SQLException {
        boolean z = false;
        if (!str.equals("")) {
            String str2 = (String) httpSession.getAttribute("id");
            String str3 = "";
            ResultSet execute = database.execute("SELECT company FROM tt_user WHERE id = " + str);
            if (execute != null && execute.next()) {
                str3 = execute.getString(1);
            }
            if (str2.equals(str) || (httpSession.getAttribute("role").equals("admin") && ((String) httpSession.getAttribute("company")).equalsIgnoreCase(str3))) {
                z = true;
            } else if (httpServletRequest.getParameter("act") != null && httpServletRequest.getParameter("act").equals("uebernehmen") && httpServletRequest.getParameter("mods") != null) {
                return false;
            }
        }
        return z;
    }
}
