details: https://code.openbravo.com/erp/devel/pi/rev/10b0c4967951 changeset: 35642:10b0c4967951 user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Thu Apr 11 08:17:54 2019 +0200 summary: fixed bug 40578: Utility.getListValueName is not using bind-parameters
details: https://code.openbravo.com/erp/devel/pi/rev/4e9a59919638 changeset: 35643:4e9a59919638 user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Thu Apr 11 08:28:42 2019 +0200 summary: fixed bug 40580: used bind parameters in alert action handler and datasource details: https://code.openbravo.com/erp/devel/pi/rev/650a871f6cd2 changeset: 35644:650a871f6cd2 user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Thu Apr 11 08:32:00 2019 +0200 summary: fixed issue 40562: HelpWindow.generateWindow is not using bind-variables details: https://code.openbravo.com/erp/devel/pi/rev/eed3ff80f388 changeset: 35645:eed3ff80f388 user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Thu Apr 11 08:34:29 2019 +0200 summary: fixed issue 40564: MyOpenbravoActionHandler.processWidgets is not using bind-variables details: https://code.openbravo.com/erp/devel/pi/rev/b45635db7349 changeset: 35646:b45635db7349 user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Thu Apr 11 08:40:44 2019 +0200 summary: fixed issue 40565: SelectorFieldPropertyCallout.execute is not using bind-variables No need to query for table by id, getting a proxy is enough. diffstat: modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java | 53 ++++++-- modules/org.openbravo.client.application/src/org/openbravo/client/application/AlertActionHandler.java | 54 ++++++--- modules/org.openbravo.client.myob/src/org/openbravo/client/myob/MyOpenbravoActionHandler.java | 5 +- modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorFieldPropertyCallout.java | 7 +- src/org/openbravo/erpCommon/ad_help/HelpWindow.java | 5 +- src/org/openbravo/erpCommon/utility/Utility.java | 55 +++++++-- 6 files changed, 118 insertions(+), 61 deletions(-) diffs (truncated from 334 to 300 lines): diff -r 41ef73c70a53 -r b45635db7349 modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java --- a/modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java Wed Apr 10 17:09:21 2019 +0200 +++ b/modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java Thu Apr 11 08:40:44 2019 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2015-2018 Openbravo SLU + * All portions are Copyright (C) 2015-2019 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -95,20 +95,29 @@ private List<String> getAlertIds(String alertStatus) { // Get alert rules visible for context's the role/user. - final String sql = "SELECT ad_alertrule_id, filterclause" + " FROM ad_alertrule arule" // - + " WHERE EXISTS (SELECT 1" // + // @formatter:off + final String sql = + "SELECT ad_alertrule_id, filterclause" + + " FROM ad_alertrule arule" + + " WHERE EXISTS (SELECT 1" + " FROM ad_alertrecipient arecipient" + " WHERE arule.ad_alertrule_id = arecipient.ad_alertrule_id" + " AND (ad_user_id = :userId" + " OR (ad_user_id is null AND ad_role_id = :roleId)))" - + " AND ad_client_id " + OBDal.getInstance().getReadableClientsInClause() - + " AND ad_org_id " + OBDal.getInstance().getReadableOrganizationsInClause() + + " AND ad_client_id in :clients" + + " AND ad_org_id in :orgs" + " AND isactive='Y'"; + // @formatter:on @SuppressWarnings("rawtypes") - final NativeQuery alertRules = OBDal.getInstance().getSession().createNativeQuery(sql); - alertRules.setParameter("userId", OBContext.getOBContext().getUser().getId()); - alertRules.setParameter("roleId", OBContext.getOBContext().getRole().getId()); + final NativeQuery alertRules = OBDal.getInstance() + .getSession() + .createNativeQuery(sql) + .setParameter("userId", OBContext.getOBContext().getUser().getId()) + .setParameter("roleId", OBContext.getOBContext().getRole().getId()) + .setParameterList("clients", OBContext.getOBContext().getReadableClients()) + .setParameterList("orgs", OBContext.getOBContext().getReadableOrganizations()); + return getAlertIdsFromAlertRules(getAlertRulesGroupedByFilterClause(alertRules), alertStatus); } @@ -151,14 +160,28 @@ } catch (ServletException e) { throw new IllegalStateException(e); } - final String sql = "SELECT ad_alert_id FROM ad_alert WHERE isactive='Y'" - + " AND ad_client_id " + OBDal.getInstance().getReadableClientsInClause() - + " AND ad_org_id " + OBDal.getInstance().getReadableOrganizationsInClause() - + " AND ad_alertrule_id IN (" + commaSeparated(alertRuleList.getValue()) + ")" - + filterClause + " AND coalesce(to_char(status), 'NEW') = :status"; + + // @formatter:off + final String sql = + "SELECT ad_alert_id " + + " FROM ad_alert " + + "WHERE isactive='Y'" + + " AND ad_client_id in :clients" + + " AND ad_org_id in :orgs" + + " AND ad_alertrule_id in :rules " + + " AND coalesce(to_char(status), 'NEW') = :status " + + filterClause; + // @formatter:on + @SuppressWarnings("rawtypes") - final NativeQuery sqlQuery = OBDal.getInstance().getSession().createNativeQuery(sql); - sqlQuery.setParameter("status", alertStatus); + final NativeQuery sqlQuery = OBDal.getInstance() + .getSession() + .createNativeQuery(sql) + .setParameter("status", alertStatus) + .setParameterList("clients", OBContext.getOBContext().getReadableClients()) + .setParameterList("orgs", OBContext.getOBContext().getReadableOrganizations()) + .setParameterList("rules", alertRuleList.getValue()); + try { @SuppressWarnings("unchecked") List<String> alertsFound = sqlQuery.list(); diff -r 41ef73c70a53 -r b45635db7349 modules/org.openbravo.client.application/src/org/openbravo/client/application/AlertActionHandler.java --- a/modules/org.openbravo.client.application/src/org/openbravo/client/application/AlertActionHandler.java Wed Apr 10 17:09:21 2019 +0200 +++ b/modules/org.openbravo.client.application/src/org/openbravo/client/application/AlertActionHandler.java Thu Apr 11 08:40:44 2019 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2009-2018 Openbravo SLU + * All portions are Copyright (C) 2009-2019 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -20,11 +20,8 @@ import static java.util.stream.Collectors.groupingBy; import static java.util.stream.Collectors.toList; -import static org.openbravo.erpCommon.utility.StringCollectionUtils.commaSeparated; import java.io.IOException; -import java.sql.PreparedStatement; -import java.sql.ResultSet; import java.util.List; import java.util.Map; import java.util.Objects; @@ -113,20 +110,26 @@ return 0L; } - final String hql = "select distinct(e.alertRule)" + " from ADAlertRecipient" - + " e where e.alertRule.active = true and (e.userContact.id= :userId " - + " or (e.userContact.id = null and e.role.id = :roleId))" + // @formatter:off + final String hql = + "select distinct(e.alertRule)" + + " from ADAlertRecipient e " + + "where e.alertRule.active = true" + + " and (e.userContact.id= :userId" + + " or (e.userContact.id = null and e.role.id = :roleId))" // select only those rules that are client/org visible from current role - + " and e.alertRule.client.id " + OBDal.getInstance().getReadableClientsInClause() - + " and e.alertRule.organization.id " - + OBDal.getInstance().getReadableOrganizationsInClause(); + + " and e.alertRule.client.id in :clients" + + " and e.alertRule.organization.id in :orgs"; + // @formatter:on final Query<AlertRule> qry = OBDal.getInstance() .getSession() .createQuery(hql, AlertRule.class) .setParameter("userId", OBContext.getOBContext().getUser().getId()) - .setParameter("roleId", OBContext.getOBContext().getRole().getId()); + .setParameter("roleId", OBContext.getOBContext().getRole().getId()) + .setParameterList("clients", OBContext.getOBContext().getReadableClients()) + .setParameterList("orgs", OBContext.getOBContext().getReadableClients()); long total = qry.stream() .collect(groupingBy(rule -> Objects.toString(rule.getFilterClause(), ""))) // null can't be @@ -142,18 +145,27 @@ private long countActiveAlertsForRules(List<AlertRule> rules, VariablesSecureApp vars) { String commonFilterClause = rules.get(0).getFilterClause(); List<String> ruleIds = rules.stream().map(AlertRule::getId).collect(toList()); - final String sql = "select count(*) from AD_ALERT where COALESCE(STATUS, 'NEW')='NEW'" - + " AND AD_CLIENT_ID " + OBDal.getInstance().getReadableClientsInClause() - + " AND AD_ORG_ID " + OBDal.getInstance().getReadableOrganizationsInClause() - + " AND AD_ALERTRULE_ID IN (" + commaSeparated(ruleIds) + ")" // + + // @formatter:off + final String sql = + " select count(*) " + + " from AD_ALERT " + + "where COALESCE(STATUS, 'NEW') = 'NEW'" + + " AND AD_CLIENT_ID IN :clients" + + " AND AD_ORG_ID IN :orgs" + + " AND AD_ALERTRULE_ID IN :rules" + getFilterSQL(commonFilterClause, vars); + // @formatter:on - try (PreparedStatement sqlQuery = new DalConnectionProvider(false).getPreparedStatement(sql)) { - sqlQuery.execute(); - try (ResultSet rs = sqlQuery.getResultSet()) { - rs.next(); - return rs.getLong(1); - } + try { + Number cnt = (Number) OBDal.getInstance() + .getSession() + .createNativeQuery(sql) + .setParameterList("clients", OBContext.getOBContext().getReadableClients()) + .setParameterList("orgs", OBContext.getOBContext().getReadableOrganizations()) + .setParameterList("rules", ruleIds) + .uniqueResult(); + return cnt.longValue(); } catch (Exception e) { log4j.error("An error has ocurred when trying to process the alerts: " + e.getMessage(), e); return 0L; diff -r 41ef73c70a53 -r b45635db7349 modules/org.openbravo.client.myob/src/org/openbravo/client/myob/MyOpenbravoActionHandler.java --- a/modules/org.openbravo.client.myob/src/org/openbravo/client/myob/MyOpenbravoActionHandler.java Wed Apr 10 17:09:21 2019 +0200 +++ b/modules/org.openbravo.client.myob/src/org/openbravo/client/myob/MyOpenbravoActionHandler.java Thu Apr 11 08:40:44 2019 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2010-2017 Openbravo SLU + * All portions are Copyright (C) 2010-2019 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -317,7 +317,8 @@ } else { // Remove all instances of the widget instance that is to be removed OBQuery<WidgetInstance> widgetInstanceQuery = OBDal.getInstance() - .createQuery(WidgetInstance.class, "copiedFrom='" + widgetInstance.getId() + "'"); + .createQuery(WidgetInstance.class, "copiedFrom = :parent"); + widgetInstanceQuery.setNamedParameter("parent", widgetInstance.getId()); widgetInstanceQuery.setFilterOnActive(false); for (WidgetInstance copiedWidgetInstance : widgetInstanceQuery.list()) { OBDal.getInstance().remove(copiedWidgetInstance); diff -r 41ef73c70a53 -r b45635db7349 modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorFieldPropertyCallout.java --- a/modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorFieldPropertyCallout.java Wed Apr 10 17:09:21 2019 +0200 +++ b/modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorFieldPropertyCallout.java Thu Apr 11 08:40:44 2019 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2009-2017 Openbravo SLU + * All portions are Copyright (C) 2009-2019 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -116,10 +116,7 @@ tableId = tableId.substring(0, tableId.length() - 3); } - final Table propertyTable = OBDal.getInstance() - .createQuery(Table.class, Table.PROPERTY_ID + "='" + tableId + "'") - .list() - .get(0); + final Table propertyTable = OBDal.getInstance().getProxy(Table.class, tableId); final OBCriteria<Column> columnCriteria = OBDal.getInstance().createCriteria(Column.class); columnCriteria.add(Restrictions.and(Restrictions.eq(Column.PROPERTY_TABLE, propertyTable), diff -r 41ef73c70a53 -r b45635db7349 src/org/openbravo/erpCommon/ad_help/HelpWindow.java --- a/src/org/openbravo/erpCommon/ad_help/HelpWindow.java Wed Apr 10 17:09:21 2019 +0200 +++ b/src/org/openbravo/erpCommon/ad_help/HelpWindow.java Thu Apr 11 08:40:44 2019 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2001-2018 Openbravo SLU + * All portions are Copyright (C) 2001-2019 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -192,7 +192,8 @@ // Grid Configuration at Tab Level OBQuery<GCTab> tabGridConfigQuery = OBDal.getInstance() - .createQuery(GCTab.class, "tab.window.id = '" + localStrKeyId + "'"); + .createQuery(GCTab.class, "tab.window.id = :windowId"); + tabGridConfigQuery.setNamedParameter("windowId", localStrKeyId); List<GCTab> tabGridConfigList = tabGridConfigQuery.list(); for (GCTab gcTab : tabGridConfigList) { String tabId = gcTab.getTab().getId(); diff -r 41ef73c70a53 -r b45635db7349 src/org/openbravo/erpCommon/utility/Utility.java --- a/src/org/openbravo/erpCommon/utility/Utility.java Wed Apr 10 17:09:21 2019 +0200 +++ b/src/org/openbravo/erpCommon/utility/Utility.java Thu Apr 11 08:40:44 2019 +0200 @@ -11,7 +11,7 @@ * under the License. * The Original Code is Openbravo ERP. * The Initial Developer of the Original Code is Openbravo SLU - * All portions are Copyright (C) 2001-2018 Openbravo SLU + * All portions are Copyright (C) 2001-2019 Openbravo SLU * All Rights Reserved. * Contributor(s): ______________________________________. ************************************************************************ @@ -1948,7 +1948,7 @@ /** * Returns the name for a value in a list reference in the selected language. * - * @param ListName + * @param listName * Name for the reference list to look in * @param value * Value to look for @@ -1957,26 +1957,49 @@ * @return Name for the value, in case the value is not found in the list the return is not the * name but the passed value */ - public static String getListValueName(String ListName, String value, String lang) { + public static String getListValueName(String listName, String value, String lang) { // Try to obtain the translated value - String hql = " select rlt.name as name " + " from ADReference r, " + " ADList rl," - + " ADListTrl rlt" + " where rl.reference = r" + " and rlt.listReference = rl" - + " and rlt.language.language = '" + lang + "'" + " and r.name = '" + ListName + "'" - + " and rl.searchKey = '" + value + "'"; - Query<String> q = OBDal.getInstance().getSession().createQuery(hql, String.class); - q.setMaxResults(1); - String name = (String) q.uniqueResult(); + // @formatter:off + String hql = + " select rlt.name as name " + + " from ADReference r, ADList rl, ADListTrl rlt" + + " where rl.reference = r" + + " and rlt.listReference = rl" + + " and rlt.language.language = :lang" + + " and r.name = :name" + + " and rl.searchKey = :value"; + // @formatter:on + + String name = OBDal.getInstance() + .getSession() + .createQuery(hql, String.class) + .setParameter("lang", lang) + .setParameter("name", listName) _______________________________________________ Openbravo-commits mailing list Openbravo-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openbravo-commits
