IDEMPIERE-5345 Login.getClients not validating role type (#1391)

* IDEMPIERE-5345 Login.getClients not validating role type * Add null validation for whereRoleType
2022-07-14 03:35:36 +02:00 · 2022-07-14 03:35:36 +02:00 · 9ed8c950f7
parent 73aecb1145
commit 9ed8c950f7
1 changed files with 8 additions and 4 deletions
--- a/org.adempiere.base/src/org/compiere/util/Login.java
+++ b/org.adempiere.base/src/org/compiere/util/Login.java
@ -1420,14 +1420,18 @@ public class Login
 					}
 				}
 												
-				StringBuilder sql= new StringBuilder("SELECT  DISTINCT cli.AD_Client_ID, cli.Name, u.AD_User_ID, u.Name");
-			      sql.append(" FROM AD_User_Roles ur")
+				StringBuilder sql= new StringBuilder("SELECT  DISTINCT cli.AD_Client_ID, cli.Name, u.AD_User_ID, u.Name")
+			       .append(" FROM AD_User_Roles ur")
+                   .append(" INNER JOIN AD_Role r on (ur.AD_Role_ID=r.AD_Role_ID)")
                   .append(" INNER JOIN AD_User u on (ur.AD_User_ID=u.AD_User_ID)")
                   .append(" INNER JOIN AD_Client cli on (ur.AD_Client_ID=cli.AD_Client_ID)")
                   .append(" WHERE ur.IsActive='Y'")
                   .append(" AND u.IsActive='Y'")
-                   .append(" AND cli.IsActive='Y'")
-                   .append(" AND ur.AD_User_ID=? ORDER BY cli.Name");
+                   .append(" AND cli.IsActive='Y'");
+				if (! Util.isEmpty(whereRoleType)) {
+					sql.append(" AND ").append(whereRoleType);
+				}
+				sql.append(" AND ur.AD_User_ID=? ORDER BY cli.Name");
 			      PreparedStatement pstmt=null;
 			      ResultSet rs=null;
 			      try{