Mk9894 commented on code in PR #3304: URL: https://github.com/apache/fineract/pull/3304#discussion_r1268396026
########## fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java: ########## @@ -1709,98 +1709,93 @@ private Long getLongSqlRowSet(final SqlRowSet rs, final String column) { return val; } - private String dataScopedSQL(final String appTable, final Long appTableId) { + private String dataScopedSQL(String appTable, Long appTableId) { /* * unfortunately have to, one way or another, be able to restrict data to the users office hierarchy. Here, a * few key tables are done. But if additional fields are needed on other tables the same pattern applies */ - final AppUser currentUser = this.context.authenticatedUser(); + String currentUserOfficeHierarchy = currentUser.getOffice().getHierarchy(); + String officeHierarchyCondition = " o.hierarchy like '" + currentUserOfficeHierarchy + "%'"; String scopedSQL = null; /* * m_loan and m_savings_account are connected to an m_office thru either an m_client or an m_group If both it * means it relates to an m_client that is in a group (still an m_client account) */ - if (appTable.equalsIgnoreCase("m_loan")) { - scopedSQL = "select distinct x.* from (" - + " (select o.id as officeId, l.group_id as groupId, l.client_id as clientId, null as savingsId, l.id as loanId, null as entityId from m_loan l " - + " join m_client c on c.id = l.client_id " + " join m_office o on o.id = c.office_id and o.hierarchy like '" - + currentUser.getOffice().getHierarchy() + "%'" + " where l.id = " + appTableId + ")" + " union all " - + " (select o.id as officeId, l.group_id as groupId, l.client_id as clientId, null as savingsId, l.id as loanId, null as entityId from m_loan l " - + " join m_group g on g.id = l.group_id " + " join m_office o on o.id = g.office_id and o.hierarchy like '" - + currentUser.getOffice().getHierarchy() + "%'" + " where l.id = " + appTableId + ")" + " ) as x"; - } - if (appTable.equalsIgnoreCase("m_savings_account")) { - scopedSQL = "select distinct x.* from (" - + " (select o.id as officeId, s.group_id as groupId, s.client_id as clientId, s.id as savingsId, null as loanId, null as entityId from m_savings_account s " - + " join m_client c on c.id = s.client_id " + " join m_office o on o.id = c.office_id and o.hierarchy like '" - + currentUser.getOffice().getHierarchy() + "%'" + " where s.id = " + appTableId + ")" + " union all " - + " (select o.id as officeId, s.group_id as groupId, s.client_id as clientId, s.id as savingsId, null as loanId, null as entityId from m_savings_account s " - + " join m_group g on g.id = s.group_id " + " join m_office o on o.id = g.office_id and o.hierarchy like '" - + currentUser.getOffice().getHierarchy() + "%'" + " where s.id = " + appTableId + ")" + " ) as x"; - } - if (appTable.equalsIgnoreCase("m_client")) { - scopedSQL = "select o.id as officeId, null as groupId, c.id as clientId, null as savingsId, null as loanId, null as entityId from m_client c " - + " join m_office o on o.id = c.office_id and o.hierarchy like '" + currentUser.getOffice().getHierarchy() + "%'" - + " where c.id = " + appTableId; - } - if (appTable.equalsIgnoreCase("m_group") || appTable.equalsIgnoreCase("m_center")) { - scopedSQL = "select o.id as officeId, g.id as groupId, null as clientId, null as savingsId, null as loanId, null as entityId from m_group g " - + " join m_office o on o.id = g.office_id and o.hierarchy like '" + currentUser.getOffice().getHierarchy() + "%'" - + " where g.id = " + appTableId; - } - if (appTable.equalsIgnoreCase("m_office")) { - scopedSQL = "select o.id as officeId, null as groupId, null as clientId, null as savingsId, null as loanId, null as entityId from m_office o " - + " where o.hierarchy like '" + currentUser.getOffice().getHierarchy() + "%'" + " and o.id = " + appTableId; - } - - if (appTable.equalsIgnoreCase("m_product_loan") || appTable.equalsIgnoreCase("m_savings_product") - || appTable.equalsIgnoreCase("m_share_product")) { - scopedSQL = "select null as officeId, null as groupId, null as clientId, null as savingsId, null as loanId, p.id as entityId from " - + appTable + " as p WHERE p.id = " + appTableId; - } - - if (scopedSQL == null) { - throw new PlatformDataIntegrityException("error.msg.invalid.dataScopeCriteria", - "Application Table: " + appTable + " not catered for in data Scoping"); - } + switch (appTable.toLowerCase()) { + case "m_loan": + scopedSQL = "select distinct x.* from (" + + " (select o.id as officeId, l.group_id as groupId, l.client_id as clientId, null as savingsId, l.id as loanId, null as entityId from m_loan l " Review Comment: Done -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@fineract.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org