int-gui-pgsql - Build # 1523 - Fixed:
Check console output at https://ci.openbravo.com/job/int-gui-pgsql/1523/ to
view the results.
Committers since last success:
Changes for Build #1522
Naroa Iriarte <[email protected]> null
Fixed issue 32610: _where parameter is not accepted by standard datasources
Naroa Iriarte <[email protected]> null
Fixed issue 32610: Standard datasources do not accept _where parameter
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with latest pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The test fixed
The test has been fixed to work in postgres and in oracle.
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The test has been refactored
The test has been refactored and its name changed.
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameter.java
src-test/src/org/openbravo/test/AllWebserviceTests.java
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameterTest.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with latest pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] dummy
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameterTest.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The test position changed in the suite.
The position of the test in the AllWebServiceTests has been changed.
src-test/src/org/openbravo/test/AllWebserviceTests.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The test added in the "AllWebServiceTest" class
The test has been added in the class "AllWebServiceTest".
src-test/src/org/openbravo/test/AllWebserviceTests.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The test has been improved
The test has been improved, now there are much more less parameters than before.
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameterTest.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Test improved
The test for the project.
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameterTest.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Refactor of the code
The "convertParameterToString" method has been changed, now it is a
static method to make it usefull for the "SelectorDataSourceFilter"
and "DefaultDataSourceService" classes.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The exception is shown in the log once
The exception when the preference was set to "N" and a _where parameter
was sent, was being logged 3 times instead of one.
This has been fixed.
modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/KernelUtils.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
src/org/openbravo/base/exception/OBSecurityException.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] A missing bracket added
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Added context to the warn and error messages
Added more context to the warning and the exception thrown if a _where
parameter is
found.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
src-db/database/sourcedata/AD_MESSAGE.xml
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Fixed the whereParameterIsNotBlank method
This method was not taking into account the fact of having a _where parameter
null but as String. So a condition has been added. Now it takes into account not
only that the _where parameter is not null, blank or an empty string, now it
checks
also that is not the "null" string.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with latest pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The warn and exception messages improved
The warning message and the exception message are now translatable and
they add more context info.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
src-db/database/sourcedata/AD_MESSAGE.xml
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Changed the name of the parameter for the
implicit filter
The parameter was firstly called isFilterApplied, that was not a good name, so
the
name has been changed to isImplicitFilterApplied.
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] _where=null supported
Having a _where parameter with null values does not raise an error anymore.
If there is a _where parameter that is null, the where clause will be computed
the same way as when there is not any _where parameter.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The getWhereClause method used again
Previously, the getWhereClause method that was used by the manual datasources
to append the where clause defined in the datasource to the where clause of the
tab
was removed.
This has been fixed by adding the logic to get that where clause and to append
it.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Fixed some incorrect behaviors at the boundaries
In the DataSourceServlet class, if the "filterClass" variable was hardcoded to
null,
the selector filter was never done and the selectors showed too many registers.
In the DefaultDataSourceService class, in the addFetchParameters method, there
was
a condition which checked if it was a selector or not and if it was not a
selector, all
the logic which handles the whereClause was done. The problem was that it was
possible to
send a selector parameter to jump over all the functionality and inject any
wanted where.
These two cases have been fixed by creating a new parameter called
"WHERE_CLAUSE_HAS_BEEN_CHECKED".
This parameter is first initialized to false in the "DataSourceServlet" and
after that, if
the where is set or just checked in the "SelectorDataSourceFilter" class, it is
set to true.
After, in the DefaultDataSourceService, a condition has been added. If this
parameter has the
value set to "true", then it means that it is a Selector and the where clause
has been set and
checked in the "SelectorDataSourceFilter", so it is not neccessary to do all
the chekcs again.
This fixes the two incorrect behaviors because now, if the "filterClass"
variable is set to null,
the logic of the "DefaultDataSourceService" is executed.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Change a comment
A comment has been changed.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Use of ADCS to get tab
In the BaseDataSourceService, the tab is now get by using
ApplicationDictionaryCachedStructures.
The table id of the method "getFilterClause" is now obtained using the proxy
inside the "tab" instance.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Removed unnecessary methods
The getFilterClause and addTransactionalFilter methods of the
OBViewGridComponent
class have been removed because they are not necessary anymore.
modules/org.openbravo.client.application/src/org/openbravo/client/application/window/OBViewGridComponent.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Changed a method of OB-grid
Changed the method "isFilterClauseApplied" of the ob-grid.js
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-grid.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Change the name of a method
The method which was the one used by the ftl to set the isFilter
boolean variable was not correctly named. The name was "getHasFielterClause"
and, as it is a method that returns a boolean, the correct name is
"isHasFilterClause".
modules/org.openbravo.client.application/src/org/openbravo/client/application/window/OBViewGridComponent.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The warn message was shown too many times
In the Selectors, the warn message in the log was shown two times in the case
of having _where and the
preference set to "Yes". This was like this because inside a private method of
the class SelectorDataSourceFilter
the preference's value is checked but the warning was thrown and that was not
necessary at that point because
it has been thrown previously also.
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Refactor of the code which evaluates the
preference
Refactor of the code which evaluates the preference value of the allow where
parameter
preference for the non selector items. Now it is better placed because it does
not depend
on the tabId sent by the client, before it did.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Unneeded brackets removed
Unneeded brackets removed from a condition in the DefaultJsonDataService class.
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Updated the copyright year
The year of the copyright of some classes has been updated.
modules/org.openbravo.client.application/src/org/openbravo/client/application/window/OBViewGridComponent.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/HQLDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorComponent.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Javadoc added to the addFecthParameters method
A javadoc has been added to the addFecthParameters method because now it is
part of the API.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Fixed the way of throwing obsecurity exceptions
The OBSecurityExceptions in the SelectorDataSourceFilter and DataSourceServlet
classes
are no longer wrapped inside the same type, now, there are just thrown.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Removed an unused entity variable
The unused entity variable of the ADAlertDataSourceService has been removed.
modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Fixed the unneeded if nesting
There was an uneeded if nesting in the BDSS.getWhereAndFilterClause method.
It has been fixed by using an else if.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Fixed the setAdminMode in the BDSS
The OBContext.setAdminMode(false) has been changed to
OBContext.setAdminMode(true) because
in the case of the OBDal.getInstance().get(...) the client and organization
filters are not
applied, so it works fine with true and it is more restrictive so, it has been
changed to true.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] An informative comment added
An informative comment about the WHERE_AND_FILTER_CLAUSE constant has been
added.
It was not intuitive why the constant was cleaned up. This is done because this
is
the constant that will contain the where and filter clause and it must be empty
at this
poin because the where and filter clauses will be set and stored there after.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The repeated constants have been reused
There where some contants that where repeated in the BaseDataSourceService and
in
the SelectorDataSourceFilter classes. Now two of them are centralized in the
DefaultDataSourceService class and they are statically called.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The "Allow_Where_Parameter" constant reused
Tha "Allow_where_parameter" constant of CachedPreference, has been reused
in the BaseDataSourceService class.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Unneeded brackets removed from BDSS
In the return statement of the
BaseDataSourceService.isTransactionalFilterApplied
the unneeded brackets have been removed.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] DJDS isRootTab method has been improved
The method isRootTab of the DefaultJsonDataService has been modified.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] A method of DJDS improved
The is FilterApplied method of DefaultJsonDataService has been improved.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The ProductSelectorDataSourceTest has changed
The ProductSelectorDataSourceTest test was using the _where parameter which now
it is not
allowed so, now a criteria has been put instead.
src-test/src/org/openbravo/test/datasource/ProductSelectorDataSourceTest.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] data.whereClause removed from ftl
The "selector-as-link" ftl was invoking the getWhereClause method of the
"SelectorComponent" class.
That method has been deleted because it was no longe used by the selectors. So,
to fix this, every
call from the ftl have been removed.
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/templates/selector-as-link.ftl
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Tests improved
Tests have been improved.
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameterTest.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Comment deleted
A comment has been deleted.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Preference added
The code which handles the allow where parameter preference has been added.
Now, if it comes a _where parameter and the preference is set to Y, this where
clause will be taken into account. If a _where parameter comes but the
preference
is N or it is undefined, a exception is thrown.
modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with latest pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Code cleaning
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Code changes to fix Action regarding selector
The SelectorDataSourceFilter class was not working properly, it was only
taking into account the whereClauses when the selector had a filter expression.
Every selector does not have a filter expression, so, it was not working in
that cases.
Now this is taken into account and when the selector has no filter expression,
the
hql where clause is taken.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] A test has been created
A parameterized test has been created to test the correct behavior of
the project.
src-test/src/org/openbravo/test/datasource/DataSourceWhereParameterTest.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Create a new parameter
A new parameter has been created to contain the where clause.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/HQLDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/ReadOnlyDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Added the new WHERE_AND_FILTER_CLAUSE
The new WHERE_AND_FILTER_CLAUSE parameter has been added to handle the where
and filter clause.
modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Changed a logic added before
Before, a logic in the AdvancedQueryBuilder was added to handle the behavior of
the selectors. The tested selector was the "Action Regarding Document" of the
"Add Details"
popup of the "Payment In window". With this fix, the selector worked fine and
showed only the
expected value. But this fix was breaking the behavior of the FK dorpdaows, for
example the dropdown
of the "Produc"t selector popup of the "lines" subtab of the "Sales Order"
window was broken with this fix.
So, the fix has been reverted.
modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Improved the isTransactionalFilterApplied method
Improved the BaseDataSourceService.isTransactionalFilterApplied method.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Modified the isRootTab method
The isRootTab method of the BaseDataSourceService class has been modified.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Change the boolean setting in the ftl
Change the boolean settings in the "ob-view-grid.js.ftl" and
"ob-pick-and-execute-grid.js.ftl".
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-pick-and-execute-grid.js.ftl
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-view-grid.js.ftl
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Removed the "getWhereClause" method
The "getWhereClause" method has been deleted from the OBViewGridComponent class
because it is not used.
modules/org.openbravo.client.application/src/org/openbravo/client/application/window/OBViewGridComponent.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Remove two methods form SelectorComponent
The getWhereClause and the getHasWhereClause methods of SelectorCoponent
have been deleted. The getWhereClause was used before in the selector.ftl but
it is not longer used.
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorComponent.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Changed the "getHasFilterClause" method
The method has been cleaned up.
modules/org.openbravo.client.application/src/org/openbravo/client/application/window/OBViewGridComponent.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Changed the name of a method
The method named addTransactionalFilter is now called getFilterClause.
This is because before there exists a method called getFilterClause but it
only did a verification that has been moved to the "addTransactionalFilter"
method.
So, now, the addTransacationalFilter method is the one which returns the filter
clause.
Sometimes it has a transactional filter too.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Remove the uneeded method "getFilterClause"
This method only did a validation that could be done in the
"addTransactionalFilter"
method. So, this method has been deleted and the verification has been moved to
the
"addTransactionalFilter" method.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Change the name of isApplyTransactionalFilter
Change the name of BaseDataSourceService.isApplyTransactionalFilter to
isTransactionalFilterApplied.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Remove an argument from a method
The isTransactional argument has been removed from the getFilterClause
method of the BaseDataSourceService class.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Remove an argument from a method
The isFilterApplied argument has been removed from the getWhereAndFilterClause
method.
modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Moved the declaration of filterClause variable
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Initialize the whereAndFilterClause variable to
null
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The whereAndFilterClause is not initialized.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] javadoc for the getWhereAndFilterClause
A javadoc for the getWhereAndFilterClause method of the BaseDataSourceService
class
has been added.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] change the name of obtainWhereAndFilterClause
The name of the BaseDataSourceService.obtainWhereAndFilterClause has been
changed to
getWhereAndFilterClause.
modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] property add to the cached preference
modules/org.openbravo.client.application/src/org/openbravo/client/application/CachedPreference.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] "Payment in" add details process selector fixed
The "Action Regarding Document" selector of the add details process of the
Payment In window wasn't
working properly, it was showing a lot of invalid options.
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The description of the preference changed
The description of the allow where parameter has been changed to a better one.
modules/org.openbravo.service.datasource/src-db/database/sourcedata/AD_REF_LIST.xml
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Update of the copyright year
modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Refactor of the code
The code has been refactored and now the preference values is going to be taken
into account
to get the where clause from the _where parameter or not.
modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
modules/org.openbravo.client.application/src/org/openbravo/client/application/CachedPreference.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Create a new preference
A new preference has been created "Allow Where Parameter". This preference
allows the where parameter in the manual datasources.
modules/org.openbravo.service.datasource/src-db/database/sourcedata/AD_REF_LIST.xml
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Code review fix for Alert Management window
Before, the where clause was being overwritten for every manual dataosurces.
This has been fixed by creating a new method which tells if a datasource is
manual
or not and if it is manual, now, the where parametes is added the same way as
it is
for the selector items.
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Fixed the selector Datasource
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorDataSourceFilter.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Refactor of ob-view-grid and ob-pick-and-execute
The new function isFilterClauseApplied has been moved to the parent class
OBGrid.
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-grid.js
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/process/ob-pick-and-execute-grid.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Create the proper code in the backend
The way of handling the where and filter clauses now it is different. In the
DefaultJsonDataService.java, a
protected method has been created, to be able to invoke it in the same package.
This method is the one which creates the query that, before, was sent in the
_where parameter of the datasouce.
modules/org.openbravo.service.json/src/org/openbravo/service/json/DefaultJsonDataService.java
modules/org.openbravo.service.json/src/org/openbravo/service/json/JsonConstants.java
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Remove the where parameter form selectors
The selectos have only where clause, they do not have a filter clause,
so, the isFilterApplied parameter has no sense in this cases.
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/templates/selector.ftl
modules/org.openbravo.userinterface.selector/web/org.openbravo.userinterface.selector/js/ob-selector-item.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Merge with pi
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Improvements in grid and pick and execute
funtions
Functions have been modified to be more accurate with the result and also the
pick and execute ftl has been modified, the where clause is not anymore shown in
the view.
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-pick-and-execute-grid.js.ftl
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/process/ob-pick-and-execute-grid.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] A new method addded to handle selector ftl
A new method has been added to handle the ftl of the selectors, this method
checks if there exists a whereClause and returns a boolean.
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorComponent.java
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/templates/selector.ftl
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Don't send _where in selectors
The _where parameter is no longer send in the selectors datasource.
Now a boolean parameter is sent, "whereClause" this is true when there
exists a where clause in the selector and false when not.
modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/templates/selector.ftl
modules/org.openbravo.userinterface.selector/web/org.openbravo.userinterface.selector/js/ob-selector-item.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Don't send _where param in Pick and Execute
windows
The _where parameter is not sent in the pick and execute windows' datasource.
Now a boolean parameter is sent, "isFilterApplied", this parameter is true when
there is a filter applied in a pick and execute window and it is false when
there
is not a filter applied or it has been cleaned up.
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-pick-and-execute-grid.js.ftl
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/process/ob-pick-and-execute-grid.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] Send a boolean
Only send a boolean parameter that is true when a filter is applied in
the grid. And do not show the query in the view of the window.
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-view-grid.js.ftl
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] new name for filter clause
existsFilterClause has been created in the ftl to get that name
in the view. The filterClause has been put again to get the query
in the view generation.
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-view-grid.js.ftl
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The isFilterApplied parameter added
If a filter is applied, then this parameter will be true. If a filter is
deleted, thenm this parameter will be false.
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
Naroa Iriarte <[email protected]> null
[pi-security-hqlinjection] The hasFilterClause parameter added
The _where parameter which was showing a query now is not send.
A new parameter called hasFilterClause has been added.
This parameter is a boolean that is true when there exists a whereclause or
a filterClause.
modules/org.openbravo.client.application/src/org/openbravo/client/application/templates/ob-view-grid.js.ftl
modules/org.openbravo.client.application/src/org/openbravo/client/application/window/OBViewGridComponent.java
modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
Naroa Iriarte <[email protected]> null
Fixed issue 32600: Export csv was not working fine
The csv files where not correctly exported from the client if the client was in
a different
timezone.
The problem was that in the AdvancedQueryBuilder class, the way of setting the
date time was
not correct.
The Calendar.HOUR constant was being used instead of Calendar.HOUR_OF_DAY. The
first, is to
set or get the hour indicating the morning or the afternoon, for example the
11:00:00 PM, the
hour is 11. The second one, the one that is used now, is used for the 24 hours
clock, so, if
the time isn 11:00:00 the HOUR_OF_DAY is 23.
modules/org.openbravo.service.json/src/org/openbravo/service/json/AdvancedQueryBuilder.java
Asier Lostalé <[email protected]> null
fixed issue 32570: allow to define cross-organization references
Asier Lostalé <[email protected]> null
[cross-org] adding allow cross org column in sourcedata
modules/org.openbravo.advpaymentmngt/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.client.application/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.client.kernel/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.client.myob/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.client.querylist/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.service.datasource/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.service.integration.google/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.service.integration.openid/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.userinterface.selector/src-db/database/sourcedata/AD_COLUMN.xml
modules/org.openbravo.utility.cleanup.log/src-db/database/sourcedata/AD_COLUMN.xml
src-db/database/sourcedata/AD_COLUMN.xml
Asier Lostalé <[email protected]> null
[cross-org] pi merge
Asier Lostalé <[email protected]> null
[cross-org] Expect exception, GenericJDBCException is thrown in PG not ORA
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] reuse existing ExpectedException rule in parent
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] test cases: reset column with modules in dev
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] remove some clutter
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] recovered unintentionally deleted code
to manage the case admin mode is locally set before having a context
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] format
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] prevent Allowed_Cross_Org_Link modification if mod is not in dev
src-db/database/model/triggers/AD_COLUMN_MOD_TRG.xml
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] removing code duplicities
* Added stakcs to AdminType enum to remove "magic numbers"
* Making use of this enum, generic methods can be implemented instead of
duplicating them for each case
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] handle properly stacks for set/restore cross org admin mode
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] typo
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] updated (c) year
src/org/openbravo/base/model/Property.java
src/org/openbravo/dal/core/OBInterceptor.java
Asier Lostalé <[email protected]> null
[cross-org] javadoc
src/org/openbravo/base/model/Column.java
src/org/openbravo/base/model/Property.java
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] reformat using homogeneously spaces instead of tabs
src/org/openbravo/base/model/Column.hbm.xml
Asier Lostalé <[email protected]> null
[cross-org] pi merge
Asier Lostalé <[email protected]> null
[cross-org] fixed test cleanup
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] added test cases for datasource fetch
src-test/src/org/openbravo/test/AllAntTaskTests.java
src-test/src/org/openbravo/test/AllWebserviceTests.java
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] comments + constants
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] renamed field to be consistent with the rest
src-db/database/sourcedata/AD_ELEMENT.xml
src-db/database/sourcedata/AD_FIELD.xml
Asier Lostalé <[email protected]> null
[cross-org] added boolean DB constraint
src-db/database/model/tables/AD_COLUMN.xml
Asier Lostalé <[email protected]> null
[cross-org] removed unneeded code
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] ADMIN_TRACE_SIZE is not final anymore
* This prevents warn messages for dead code
* A setter has also been created to allow changing it
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] test case for cross org admin mode working as stack
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] javadoc
src/org/openbravo/dal/core/OBContext.java
Asier Lostalé <[email protected]> null
[cross-org] rename for consistency
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
src/org/openbravo/dal/core/OBContext.java
src/org/openbravo/dal/core/OBInterceptor.java
Asier Lostalé <[email protected]> null
[cross-org] removed duplicated test case
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] proper implementation for cross org admin stack
src/org/openbravo/dal/core/OBContext.java
src/org/openbravo/dal/core/OBInterceptor.java
Asier Lostalé <[email protected]> null
[cross-org] test cases for cross org admin mode
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] ALLOWED_CROSS_ORG_LINK onCreateDefault
src-db/database/model/tables/AD_COLUMN.xml
Asier Lostalé <[email protected]> null
[cross-org] pi merge
Asier Lostalé <[email protected]> null
[cross-org] partial backout of changeset ae290995c081
Some column postions were unintentionally changed. This causes conflicts
merging with pi.
src-db/database/sourcedata/AD_COLUMN.xml
Asier Lostalé <[email protected]> null
[cross-org] testing with a more limited role (access only to Spain, no *)
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] test cases covering DAL one-to-many bags fetch
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
src-test/src/org/openbravo/test/security/StandardCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] added test cases for one to many relationships
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] clean up after test execution
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] basic implementation for cross org references:
- Allowed cross org is read in base Column model
- This value is kept in run-time in memory model
- New crossOrgReferenceAdminMode can be set in OBContext
- This admin mode is taken into account to check org of FKs
src/org/openbravo/base/model/Column.hbm.xml
src/org/openbravo/base/model/Column.java
src/org/openbravo/base/model/Property.java
src/org/openbravo/dal/core/OBContext.java
src/org/openbravo/dal/core/OBInterceptor.java
Asier Lostalé <[email protected]> null
[cross-org] test cases for column allowing cross org, but not in org admin
mode
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
src-test/src/org/openbravo/test/security/StandardCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] DB infra to define allowed cross org link
src-db/database/model/tables/AD_COLUMN.xml
src-db/database/sourcedata/AD_COLUMN.xml
src-db/database/sourcedata/AD_ELEMENT.xml
src-db/database/sourcedata/AD_FIELD.xml
Asier Lostalé <[email protected]> null
[cross-org] added test to suite
src-test/src/org/openbravo/test/AllAntTaskTests.java
Asier Lostalé <[email protected]> null
[cross-org] added basic test for cross org reference
src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] add parent test class
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/security/StandardCrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] renamed test class
src-test/src/org/openbravo/test/security/StandardCrossOrganizationReference.java
src-test/src/org/openbravo/test/AllAntTaskTests.java
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
Asier Lostalé <[email protected]> null
[cross-org] added test cases covering current behavior
src-test/src/org/openbravo/test/security/CrossOrganizationReference.java
src-test/src/org/openbravo/test/AllAntTaskTests.java
Changes for Build #1523
Asier Lostalé <[email protected]> null
related to bug 32663: instabilities in int-gui job
Added extra log when trying to log with incorrect client/org
src/org/openbravo/base/secureApp/LoginUtils.java
Last 20 lines of the console output:
[...truncated 10990 lines...]
Total time: 3 seconds
executing script 'Tomcat stop'
[int-gui-pgsql] $ /bin/bash /tmp/build_step_template5448981299045757939.sh
ENABLE
DEBUG: Tomcat stop called with parameters: ENABLED=ENABLE
* Stopping Tomcat servlet engine for Openbravo tomcat
...done.
executing script 'Check log'
[int-gui-pgsql] $ /bin/bash /tmp/build_step_template7987243134191975416.sh
ENABLE
DEBUG: Check log called with parameters: ENABLED=ENABLE
Check log: openbravo log (artifact: int-gui-pgsql.log) is clean
Recording test results
Archiving artifacts
Checking \] ERROR|\] WARN
Email was triggered for: Fixed
Trigger Success was overridden by another trigger and will not send an email.
Sending email for trigger: Fixed
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Openbravo-builds mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-builds
