package kr.co.kihyun.beans.user;

//import kr.co.kihyun.tree.*;
import java.io.PrintWriter;
import java.net.URLEncoder;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kr.co.kihyun.beans.entity.SubmitReport;
import kr.co.kihyun.db.DBManager;
import kr.co.kihyun.lang.Encoder;
import kr.co.kihyun.lang.MString;
import kr.co.kihyun.moumi.MoumiConfig;
import kr.co.kihyun.text.html.ServletUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class UserApproSetModify extends DBManager {
    private static final Logger LOG = LoggerFactory.getLogger(UserApproSetModify.class);

    public UserApproSetModify(HttpServletRequest req, HttpServletResponse res) {
        String userId = null;
        String docID = null;
        String deptID = null;
        String userID = null;
        String Appro = null;
        String reportID = null;
        String reportType = null;
        String docType = null;
        String strPage = null;
//        String findOption = null;
//        String findWord = null;

        String findOption = MString.checkNull(Encoder.toJava(req.getParameter("findOption")));
        String findWord = MString.checkNull(Encoder.toJava(req.getParameter("findWord")));

        String[] reportIDList = null;
        String[] userIDList = null;
        String strGubun = null;
        String usID = HttpSSOLogin.getLoginID(req);
        int sysAuth;
        ResultSet rs = null;
        String stDate = MString.checkNull(req.getParameter("stDate"));
        String edDate = MString.checkNull(req.getParameter("edDate"));

        PrintWriter out = null;
        try {
            res.setContentType("text/html;charset=UTF-8");
            out = res.getWriter();
            if (!HttpSSOLogin.isLogin(req)) {
                String connURL = "location='/totsys/login/login.jsp';";
                out.println(ServletUtil.getJavaScript(connURL));
                return;
            }
            reportID = MString.checkNull(req.getParameter("reportID"), "null");
            docType = MString.checkNull(req.getParameter("docType"), "null");
            strPage = Encoder.toJava(req.getParameter("strPage"));
            strGubun = MString.checkNull(req.getParameter("strGubun"), "null");
            reportIDList = reportID.split(",");

            SubmitReport submitReport = new SubmitReport();
            submitReport.getSysAuth(usID);
            sysAuth = submitReport.getAuthNum();
            String tmpSysAuth = Integer.toString(sysAuth);

            for (int i = 0; i < reportIDList.length; i++) {
                String tmpSysAuthRlpc = tmpSysAuth.replace(" ", "");
                String tmpGubun = strGubun.replace(" ", "");

                String sql = "UPDATE MOUMI_TOT_DOC SET ACC_AUTH=? WHERE ID=?";
                execUpdate(sql, tmpGubun, reportIDList[i]);

                if (tmpGubun.equals("1")) {
                    out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModify")));
                } else {
                    out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approCancel")));
                }
                out.println(ServletUtil.getJavaScript("document.location='/totsys/totper/mydocbox/prssbox/doc_list.jsp?docType=" + docType + "&strPage="+ strPage + "&findOption="+ findOption + "&findWord="+ URLEncoder.encode(MString.checkNull(findWord), "UTF-8") + "&stDate=" + stDate + "&edDate=" + edDate + "&method=GET" + "';"));
            }
        } catch (Exception e) {
            e.printStackTrace();
            out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.approModifyCancel")));
            //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN
            // 수정 : 외부 입력값 필터링
            String callbackFunc = "document.location='/totsys/totper/mydocbox/prssbox/doc_list.jsp?docType=" + docType + "&strPage="+ strPage + "&findOption="+ findOption + "&findWord="+ findWord + "&stDate=" + stDate + "&edDate=" + edDate + "';";
            String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll(",","");
            LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : UserApproModify.UserApproModify() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
            out.println(ServletUtil.redirect(filtered_callbackFunc));

        } finally {
            //execClose();
        	 try {
                 if (rs != null) {
                     rs.close();
                 }
             } catch (SQLException ex) {
                 //31.오류 상황 대응 부재_CWE-390 Add by YOUNGJUN,CHO
                 ex.printStackTrace();
                 //++++++++++++++++++++++++++++++++++++++++++++++++
             }
            try {
                if (pstmt != null) {
                	pstmt.close();
                }
            } catch (SQLException ex) {
                //31.오류 상황 대응 부재_CWE-390 Add by YOUNGJUN,CHO
                ex.printStackTrace();
                //++++++++++++++++++++++++++++++++++++++++++++++++
            }
            try {
                if (con != null) {
                    con.close();
                }
            } catch (SQLException ex) {
                //31.오류 상황 대응 부재_CWE-390 Add by YOUNGJUN,CHO
                ex.printStackTrace();
                //++++++++++++++++++++++++++++++++++++++++++++++++
            }

        }
    }
}