On Thu, Jul 23, 2020 at 9:27 AM Chirag Gupta <[email protected]> wrote:
> Hey Michael, > > I agree to remove this parameter, we may want to add a few additional > specific parameters to filter out results upon request from users. > > I may be interested in working with the community-app but I am wondering > how we will replace them (I was thinking if we can remove them altogether, > if possible). > Chirag, Manthan meanwhile commented on FINERACT-1095 <https://issues.apache.org/jira/browse/FINERACT-1095>. Looks like you two should 1:1 talk ;) about how to best work together, and who can do what when (perhaps simplest on Slack IM, instead of here). I'm not super familiar with why https://github.com/openMF/community-app/pull/1582 <https://github.com/openMF/community-app/pull/1582/files> for MIFOSX-2712 <https://mifosforge.jira.com/browse/MIFOSX-2712.>, but I'm guessing there was a good reason, so simply removing completely may not be right? But it hopefully shouldn't be that hard for you to add support for filter by status to Fineract's /clients and /loans REST API, and then make the community-app use that, and then remove sqlSearch support. > Best, > Chirag Gupta > > On Thu, Jul 23, 2020 at 5:27 AM Michael Vorburger <[email protected]> > wrote: > >> Manthan, >> >> Thanks for raising this: >> >> On Sat, Jul 18, 2020 at 10:18 PM Manthan Surkar <[email protected]> >> wrote: >> >>> Hello everyone, >>> >>> I am trying to convert String concatenated SQL to prepared SQL statements >>> *,* >>> >> >> just an FYI to others, the background here is >> https://issues.apache.org/jira/browse/FINERACT-854. >> >> >>> wherein I could not figure out the correct use of *sqlSearch *argument. >>> >>> Find it here: https://demo.mifos.io/api-docs/apiLive.htm#groups_list >>> >>> *Problem: * >>> I tried various values for sqlSearch: >>> accountNo = 1010101 (error, SQL injection exception) >>> display_name like "%x%" (works) >>> display_name like "%x%" and display_name like "%x%" (error, SQL >>> injection exception). >>> >>> Are we trying to accept only few types of operators and only a single >>> condition? or this result is not as excepted and requires a fix? >>> >> >> I debugged this, and something like >> https://demo.fineract.dev/fineract-provider/api/v1/clients?paged=true&sqlSearch=c.account_no=000000003&tenantIdentifier=default >> works ... >> >> ... BUT - this is all wrong! :( I was quite surprised to "discover" the >> sqlSearch query parameter of the API, thanks to your question here. It's... >> bad, IMHO. >> >> https://issues.apache.org/jira/browse/FINERACT-1095 proposes to *REMOVE* >> sqlSearch support from the Fineract API. Does anyone have any objections? >> >> If nobody objects to the API removal, and we ideally get some +1 votes of >> support, then (ideally) we would need to replace 2 usages of sqlSearch in >> the community-app UI. Is anyone reading this motivated to help with that? >> >> M. >> >
