package de.cismet.web.timetracker.servlets;

import de.cismet.web.timetracker.Database;
import java.io.IOException;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:de/cismet/web/timetracker/servlets/Contracts.class */
public class Contracts extends HttpServlet {
    ServletContext application;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    public String getServletInfo() {
        return "Short description";
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.application = servletConfig.getServletContext();
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Database database = new Database(this.application.getRealPath("/").replace('\\', '/'));
        if (!database.isConnectionOk()) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("Contracts.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=Fehler beim Verbinden mit der Datenbank: " + database.getErrorMessage()));
            database.close();
            return;
        }
        String parameter = httpServletRequest.getParameter("contractId");
        if (parameter != null && !parameter.equals("")) {
            try {
                String parameter2 = httpServletRequest.getParameter("u_id");
                String parameter3 = httpServletRequest.getParameter("to_date");
                String parameter4 = httpServletRequest.getParameter("from_date");
                String parameter5 = httpServletRequest.getParameter("ydoh");
                String parameter6 = httpServletRequest.getParameter("whow");
                String str = (String) httpServletRequest.getSession().getAttribute("id");
                String str2 = "";
                String str3 = parameter3.equals("") ? "null" : "'" + parameter3 + "'";
                String str4 = parameter4.equals("") ? "null" : "'" + parameter4 + "'";
                String str5 = (parameter5 == null || !parameter5.equals("")) ? parameter5 : null;
                String str6 = (parameter6 == null || !parameter6.equals("")) ? parameter6 : null;
                ResultSet execute = database.execute("SELECT company FROM tt_user WHERE id = " + parameter2);
                if (execute != null && execute.next()) {
                    str2 = execute.getString(1);
                }
                if (!hasPermission(str, parameter2, (String) httpServletRequest.getSession().getAttribute("company"), str2, httpServletRequest.getSession().getAttribute("role").equals("admin"))) {
                    httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("Contracts.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=Sie sind nicht befugt, diese Aktion auszufuehren. Das darf nur ein Administrator."));
                    database.close();
                    return;
                }
                if (httpServletRequest.getParameter("contractId").equals("new")) {
                    StringBuffer stringBuffer = new StringBuffer("INSERT INTO tt_contracts (id, u_id, from_date, to_date, whow, ydoh) VALUES(");
                    stringBuffer.append((database.getMaxId("tt_contracts") + 1) + ", ");
                    stringBuffer.append(parameter2 + ", ");
                    stringBuffer.append(str4 + ", ");
                    stringBuffer.append(str3 + ", ");
                    stringBuffer.append(str6 + ", ");
                    stringBuffer.append(str5 + ")");
                    database.executeUpdate(stringBuffer.toString());
                } else {
                    StringBuffer stringBuffer2 = new StringBuffer("UPDATE tt_contracts SET ");
                    stringBuffer2.append("from_date = " + str4);
                    stringBuffer2.append(", to_date = " + str3);
                    stringBuffer2.append(", whow = " + str6);
                    stringBuffer2.append(", ydoh = " + str5);
                    stringBuffer2.append(" WHERE id = " + httpServletRequest.getParameter("contractId"));
                    database.executeUpdate(stringBuffer2.toString());
                }
            } catch (SQLException e) {
                httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("Contracts.jsp?u_id=" + httpServletRequest.getParameter("u_id") + "&errorMsg=Folgender Fehler ist aufgetreten: " + e.getMessage()));
                database.close();
                return;
            }
        }
        database.close();
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL("Contracts.jsp?u_id=" + httpServletRequest.getParameter("u_id")));
    }

    private boolean hasPermission(String str, String str2, String str3, String str4, boolean z) {
        return str.equals(str2.trim()) || (z && str3.equalsIgnoreCase(str4));
    }
}
