details: https://code.openbravo.com/erp/devel/pi/rev/77f54a865e67
changeset: 33846:77f54a865e67
user: Augusto Mauch <augusto.mauch <at> openbravo.com>
date: Tue Apr 17 15:16:30 2018 +0200
summary: Fixes issue 38146: OBQuery uses parameters in organization and
client filters
Those HQL queries now use bind-variables in the default client and organization
filter.
diffstat:
src/org/openbravo/dal/service/OBQuery.java | 31 +++++++++++------------------
1 files changed, 12 insertions(+), 19 deletions(-)
diffs (80 lines):
diff -r dfa56c984c8a -r 77f54a865e67 src/org/openbravo/dal/service/OBQuery.java
--- a/src/org/openbravo/dal/service/OBQuery.java Tue Apr 17 08:36:29
2018 +0200
+++ b/src/org/openbravo/dal/service/OBQuery.java Tue Apr 17 15:16:30
2018 +0200
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2008-2017 Openbravo SLU
+ * All portions are Copyright (C) 2008-2018 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -59,6 +59,8 @@
private static final String AS = "as ";
private static final String WHERE = "where";
private static final String ORDERBY = "order by";
+ private static final String DAL_CLIENT_FILTER = "_dal_readableClients_dal_";
+ private static final String DAL_ORG_FILTER =
"_dal_readableOrganizations_dal_";
// computed in createQueryString
private String usedAlias = "";
@@ -391,21 +393,24 @@
boolean addWhereClause = !whereClause.toLowerCase().contains(" where ");
if (isFilterOnReadableOrganization() && entity.isOrganizationPartOfKey()) {
whereClause = (addWhereClause ? " where " : "") + addAnd(whereClause) +
prefix
- + "id.organization.id " +
createInClause(obContext.getReadableOrganizations());
+ + "id.organization.id in (:" + DAL_ORG_FILTER + ")";
+ setNamedParameter(DAL_ORG_FILTER, obContext.getReadableOrganizations());
if (addWhereClause) {
addWhereClause = false;
}
} else if (isFilterOnReadableOrganization() &&
entity.isOrganizationEnabled()) {
whereClause = (addWhereClause ? " where " : "") + addAnd(whereClause) +
prefix
- + "organization.id " +
createInClause(obContext.getReadableOrganizations());
+ + "organization.id in (:" + DAL_ORG_FILTER + ")";
+ setNamedParameter(DAL_ORG_FILTER, obContext.getReadableOrganizations());
if (addWhereClause) {
addWhereClause = false;
}
}
if (isFilterOnReadableClients() && getEntity().isClientEnabled()) {
- whereClause = (addWhereClause ? " where " : "") + addAnd(whereClause) +
prefix + "client.id "
- + createInClause(obContext.getReadableClients());
+ whereClause = (addWhereClause ? " where " : "") + addAnd(whereClause) +
prefix
+ + "client.id in (:" + DAL_CLIENT_FILTER + ")";
+ setNamedParameter(DAL_CLIENT_FILTER, obContext.getReadableClients());
if (addWhereClause) {
addWhereClause = false;
}
@@ -425,20 +430,6 @@
return whereClause;
}
- private String createInClause(String[] values) {
- if (values.length == 0) {
- return " in ('') ";
- }
- final StringBuilder sb = new StringBuilder();
- for (final String v : values) {
- if (sb.length() > 0) {
- sb.append(", ");
- }
- sb.append("'" + v + "'");
- }
- return " in (" + sb.toString() + ")";
- }
-
/**
* @return the Entity queried by the Query object
*/
@@ -467,6 +458,8 @@
qry.setEntity(name, value);
} else if (value instanceof Collection<?>) {
qry.setParameterList(name, (Collection<?>) value);
+ } else if (value instanceof String[]) {
+ qry.setParameterList(name, (String[]) value);
} else {
qry.setParameter(name, value);
}
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
