Finishes the guest part of the models and UI integration

This commit branch has been muddled with changes that are out of scope and cover more than just the models. Specifically it includes completion of basic guest related models, database access, command line interface integration and preventing SQL injection. Total summary of changes: **IMPORTANT CHANGE: All queries are now parameterized to prevent SQL injections. Prior versions are subject to it since the strings were built. - HotelManager This class is used to provide database operations that are outside of scope from a given model. Furthermore if there is no model to work off of, such as creating a new model based off an existing entry, these functions live outside of the model since it makes no sense for models to contain functions where it would retrieve itself with no context. Realistically this could be placed in an empty constructor and address itself, however, for now this functionality has been moved off the model since it is a one use and is not guaranteed to generate a guest. Some functionality for the coming employee management functions are already in there since they share overlap with the guest module. Specifically GetBaseRate for checking and getting the base rate. - DatabaseManager This class has mostly migrated functionality out or switch to parameterized query generation to prevent SQL injections. - Guest, Reservation, and Transaction Classes Migrated functionality to create the database entry and a new entry of guest upon creation as well as update them. - Program (Terminal app) Fully integrated the guest module. Has not undergone extensive testing but does work as of this commit.
2022-04-15 02:29:55 -04:00
parent 8764c2e57c
commit 34bebca414
7 changed files with 621 additions and 296 deletions
--- a/OpheliasOasis/Managers/HotelManager.cs
+++ b/OpheliasOasis/Managers/HotelManager.cs
@@ -12,12 +12,14 @@ namespace Ophelias.Managers
            {
                using (SQLiteCommand cmd = Manager.con.CreateCommand())
                {
-                    cmd.CommandText = $"SELECT SEQ FROM sqlite_sequence WHERE name='{tableName}';";
+                    cmd.CommandText = $"SELECT SEQ FROM sqlite_sequence WHERE name=@Table;";
                    cmd.ExecuteNonQuery();
+                    cmd.Parameters.AddWithValue("@Table", tableName);
                    using (SQLiteDataReader reader = cmd.ExecuteReader())
                    {
                        reader.Read();
-                        LastId = reader.GetInt32(0);
+                        if (reader.HasRows)
+                            LastId = reader.GetInt32(0);
                    }
                }
            }
@@ -32,13 +34,15 @@ namespace Ophelias.Managers
                {
                    cmd.CommandText = $@"SELECT COUNT(*) 
                                FROM reservations 
-                                WHERE DATE('{Date.Date.ToString("yyyy-MM-dd")}')
+                                WHERE DATE(@Date)
                                BETWEEN StartDate AND EndDate;";
                    cmd.ExecuteNonQuery();
+                    cmd.Parameters.AddWithValue("@Date", Date.Date.ToString("yyyy-MM-dd"));
                    using (SQLiteDataReader reader = cmd.ExecuteReader())
                    {
                        reader.Read();
-                        Occupancies.Add(reader.GetInt32(0));
+                        if (reader.Read())
+                            Occupancies.Add(reader.GetInt32(0));
                    }
                }
            }
@@ -47,7 +51,7 @@ namespace Ophelias.Managers
        internal static int AvgOccupancySpan(DateTime Start, DateTime End)
        {
            int thirtyDayOcc = 0;
-            int days = (int)(Start.Date - End.Date).TotalDays;
+            int days = (int)(End.Date - Start.Date).TotalDays;
            using (DatabaseManager Manager = new DatabaseManager())
            {
                for (int i = 0; i < days; i++)
@@ -56,95 +60,21 @@ namespace Ophelias.Managers
                    {
                        cmd.CommandText = $@"SELECT COUNT(*) 
                                    FROM reservations 
-                                    WHERE DATE('{Start.AddDays(i).Date.ToString("yyyy-MM-dd")}')
+                                    WHERE DATE(@Date)
                                    BETWEEN StartDate AND EndDate;";
                        cmd.ExecuteNonQuery();
+                        cmd.Parameters.AddWithValue("@Date", Start.AddDays(i).Date.ToString("yyyy-MM-dd"));
                        using (SQLiteDataReader reader = cmd.ExecuteReader())
                        {
                            reader.Read();
-                            thirtyDayOcc += reader.GetInt32(0);
+                            if(reader.HasRows)
+                                thirtyDayOcc += reader.GetInt32(0);
                        }
                    }
                }
            }
            return thirtyDayOcc / days;
        }
-        internal static Reservation CreateReservation(Guest Guest, ReservationType Type,
-            DateTime CreationDate, DateTime StartDate, DateTime EndDate, ReservationStatus Status = ReservationStatus.Active)
-        {
-            int id; double Multiplier;
-            switch (Type)
-            {
-                case ReservationType.Conventional: Multiplier = TxFunctions.ConventionalFee; break;
-                case ReservationType.Prepaid: Multiplier = TxFunctions.PrepaidFee; break;
-                case ReservationType.Incentive: Multiplier = TxFunctions.IncentiveFee(StartDate, EndDate); break;
-                case ReservationType.SixtyDayAdvance: Multiplier = TxFunctions.SixtyDayFee; break;
-                default: throw new NotImplementedException();
-            }
-            Transaction t = CreateTransaction(
-                Rate: GetBaseRate(),
-                Owed: TxFunctions.CalculateOwed(GetBaseRate(), (int)(StartDate.Date - EndDate.Date).TotalDays),
-                Multiplier: Multiplier,
-                PayBy: TxFunctions.GetPayByDate(Type, StartDate, EndDate)
-            );
-            using (DatabaseManager Manager = new DatabaseManager())
-            {
-                using (SQLiteCommand cmd = Manager.con.CreateCommand())
-                {
-                    cmd.CommandText = QueryBuilder.CreateReservation(Guest.Id, t.Id, Type,
-                                                                        Status, CreationDate, StartDate, EndDate);
-                    cmd.ExecuteNonQuery();
-                }
-                id = (int)Manager.con.LastInsertRowId;
-            }
-
-            return new Reservation(id, Guest, t, Type, Status, CreationDate, StartDate, EndDate);
-        }
-        internal static Transaction CreateTransaction(double Rate, double Owed,
-            double Multiplier, DateTime PayBy, DateTime? LastPaid = null,
-            DateTime? PaidOn = null, double Refund = 0, double Penalty = 0)
-        {
-            int Id;
-            using (DatabaseManager Manager = new DatabaseManager())
-            {
-                using (SQLiteCommand cmd = Manager.con.CreateCommand())
-                {
-                    cmd.CommandText = QueryBuilder.CreateTransaction(Rate, Owed, Multiplier, PayBy,Refund: Refund, Penalty: Penalty, LastPaid: LastPaid, PaidOn: PaidOn);
-                    cmd.ExecuteNonQuery();
-                }
-                Id = (int)Manager.con.LastInsertRowId;
-            }
-            return new Transaction(Id, Rate, Owed, Multiplier, Penalty: Penalty, RefundAmount: Refund, PayBy: PayBy, PaidOn: PaidOn);
-        }
-        internal static Guest CreateGuest(string FirstName, string LastName, string Email, string? CreditCard = null, string? Expiration = null, string? CCV = null)
-        {
-            int Id;
-            using (DatabaseManager Manager = new DatabaseManager())
-            {
-                using (SQLiteCommand cmd = Manager.con.CreateCommand())
-                {
-                    cmd.CommandText = QueryBuilder.CreateGuest(FirstName, LastName, Email, CreditCard, Expiration, CCV);
-                    cmd.ExecuteNonQuery();
-                }
-                Id = (int)Manager.con.LastInsertRowId;
-            }
-
-            if (CreditCard != null && Expiration != null && CCV != null)
-                return new Guest(Id, FirstName, LastName, Email, CreditCard, Expiration, CCV);
-            else
-                return new Guest(Id, FirstName, LastName, Email);
-        }
-        internal static void UpdateGuest(int Id, string? FirstName = null, string? LastName = null, string? Email = null, string? CreditCard = null, string? Expiration = null, string? CCV = null)
-        {
-            using (DatabaseManager Manager = new DatabaseManager())
-            {
-                using (SQLiteCommand cmd = Manager.con.CreateCommand())
-                {
-                    cmd.CommandText = QueryBuilder.UpdateGuest(Id, FirstName, LastName, Email, CreditCard, Expiration, CCV);
-                    cmd.ExecuteNonQuery();
-                }
-            }
-        }
        internal static Guest? GetGuestByEmail(string Email)
        {
            Guest? g = null;
@@ -152,7 +82,8 @@ namespace Ophelias.Managers
            {
                using (SQLiteCommand cmd = Manager.con.CreateCommand())
                {
-                    cmd.CommandText = $"SELECT * FROM guests WHERE email = '{Email}'";
+                    cmd.CommandText = $"SELECT * FROM guests WHERE Email = @Email";
+                    cmd.Parameters.AddWithValue("@Email", Email);
                    cmd.ExecuteNonQuery();
                    using (SQLiteDataReader reader = cmd.ExecuteReader())
                    {
@@ -173,9 +104,57 @@ namespace Ophelias.Managers
            }
            return g;
        }
-        internal static double GetBaseRate()
+        internal static Reservation? GetResByGuestAndDate(Guest g)
        {
-            double rate;
+            Reservation? r = null;
+            Transaction? t;
+            using (DatabaseManager Manager = new DatabaseManager())
+            {
+                using (SQLiteCommand cmd = Manager.con.CreateCommand())
+                {
+                    int? RoomNumber = null;
+                    DateTime? CheckIn = null, CheckOut = null, DateChanged = null, LastPaid = null, PaidOn = null;
+
+                    cmd.CommandText = @"SELECT * FROM reservations 
+                                         INNER JOIN transactions ON reservations.TransactionID = transactions.ID
+                                         WHERE GuestID = @GuestID AND Status = @Status;";
+                    cmd.Parameters.AddWithValue("@GuestID", g.Id);
+                    cmd.Parameters.AddWithValue("@Status", (int)ReservationStatus.Active);
+                    cmd.ExecuteNonQuery();
+
+                    using (SQLiteDataReader reader = cmd.ExecuteReader())
+                    {
+                        reader.Read();
+                        if (reader.HasRows)
+                        {
+                            if (reader[20].GetType() != typeof(DBNull))
+                                LastPaid = reader.GetDateTime(20);
+                            if (reader[21].GetType() != typeof(DBNull))
+                                PaidOn = reader.GetDateTime(21);
+                            t = new Transaction(reader.GetInt32(13), reader.GetDouble(14), reader.GetDouble(15), reader.GetDouble(17), reader.GetDateTime(19),
+                                LastPaid: LastPaid, PaidOn: PaidOn, RefundAmount: reader.GetDouble(18), Penalty: reader.GetDouble(16));
+
+                            if (reader[1].GetType() != typeof(DBNull))
+                                RoomNumber = reader.GetInt32(1);
+                            if (reader[10].GetType() != typeof(DBNull))
+                                CheckIn = reader.GetDateTime(10);
+                            if (reader[11].GetType() != typeof(DBNull))
+                                CheckOut = reader.GetDateTime(11);
+                            if (reader[12].GetType() != typeof(DBNull))
+                                DateChanged = reader.GetDateTime(12);
+
+                            r = new Reservation(reader.GetInt32(0), g, t, (ReservationType)reader.GetInt32(5), (ReservationStatus)reader.GetInt32(6), 
+                                reader.GetDateTime(7), reader.GetDateTime(8), reader.GetDateTime(9), RoomNum: RoomNumber, IsNoShow: reader.GetBoolean(4),
+                                CheckIn: CheckIn, CheckOut: CheckOut, DateChanged: DateChanged);
+                        }
+                    }
+                }
+            }
+            return r;
+        }
+        internal static double? GetBaseRate()
+        {
+            double? rate;
            using (DatabaseManager Manager = new DatabaseManager())
            {
                using (SQLiteCommand cmd = Manager.con.CreateCommand())
@@ -186,7 +165,10 @@ namespace Ophelias.Managers
                    using (SQLiteDataReader reader = cmd.ExecuteReader())
                    {
                        reader.Read();
-                        rate = reader.GetDouble(0);
+                        if (reader.HasRows)
+                            rate = reader.GetDouble(0);
+                        else
+                            rate = null;
                    }
                }
            }
@@ -199,8 +181,10 @@ namespace Ophelias.Managers
            {
                using (SQLiteCommand cmd = Manager.con.CreateCommand())
                {
-                    string query = $"INSERT INTO rates (Rate, DateSet) VALUES ({Rate}, {DateSet});";
+                    string query = $"INSERT INTO rates (Rate, DateSet) VALUES (@Rate, @DateSet);";
                    cmd.CommandText = query;
+                    cmd.Parameters.AddWithValue("@Rate", Rate);
+                    cmd.Parameters.AddWithValue("@DateSet", DateSet);
                    cmd.ExecuteNonQuery();
                }
            }
@@ -224,8 +208,9 @@ namespace Ophelias.Managers
                int? Id;
                using (SQLiteCommand cmd = Manager.con.CreateCommand())
                {
-                    string query = $"SELECT Id FROM rates WHERE DateSet = {DateTime.Now.Date.ToString("yyyy-MM-dd")};";
+                    string query = "SELECT Id FROM rates WHERE DateSet = @Date;";
                    cmd.CommandText = query;
+                    cmd.Parameters.AddWithValue("@Date", DateTime.Now.Date.ToString("yyyy-MM-dd"));
                    cmd.ExecuteNonQuery();
                    using (SQLiteDataReader reader = cmd.ExecuteReader())
                    {
@@ -237,8 +222,10 @@ namespace Ophelias.Managers
                {
                    using (SQLiteCommand cmd = Manager.con.CreateCommand())
                    {
-                        cmd.CommandText = $@"UPDATE rates SET DefaultRate = NULL WHERE Id = {OldId};
-                                             UPDATE rates SET DefaultRate = 1 WHERE Id = {Id}";
+                        cmd.CommandText = @"UPDATE rates SET DefaultRate = NULL WHERE Id = @OldID;
+                                             UPDATE rates SET DefaultRate = 1 WHERE Id = @ID";
+                        cmd.Parameters.AddWithValue("@OldID", OldId);
+                        cmd.Parameters.AddWithValue("@ID", Id);
                        cmd.ExecuteNonQuery();
                    }
                }