diff --git a/org.idempiere.webservices/WEB-INF/src/org/idempiere/adinterface/CompiereService.java b/org.idempiere.webservices/WEB-INF/src/org/idempiere/adinterface/CompiereService.java index f5f57637ec..ad8d87f471 100644 --- a/org.idempiere.webservices/WEB-INF/src/org/idempiere/adinterface/CompiereService.java +++ b/org.idempiere.webservices/WEB-INF/src/org/idempiere/adinterface/CompiereService.java @@ -182,22 +182,25 @@ public class CompiereService { // Get Login Info String loginInfo = null; // Verify existence of User/Client/Org/Role and User's acces to Client & Org - String sql = "SELECT u.Name || '@' || c.Name || '.' || o.Name AS Text " - + "FROM AD_User u, AD_Client c, AD_Org o, AD_User_Roles ur, AD_Role r " - + "WHERE u.AD_User_ID=?" // #1 - + " AND c.AD_Client_ID=?" // #2 - + " AND o.AD_Org_ID=?" // #3 - + " AND ur.AD_Role_ID=?" // #4 - + " AND ur.AD_User_ID=u.AD_User_ID" - + " AND ur.AD_Role_ID=r.AD_Role_ID" - + " AND (o.AD_Client_ID = 0 OR o.AD_Client_ID=c.AD_Client_ID)" - + " AND (r.IsAccessAllOrgs='Y' OR (c.AD_Client_ID IN (SELECT AD_Client_ID FROM AD_Role_OrgAccess ca WHERE ca.AD_Role_ID=ur.AD_Role_ID)" - + " AND o.AD_Org_ID IN (SELECT AD_Org_ID FROM AD_Role_OrgAccess ca WHERE ca.AD_Role_ID=ur.AD_Role_ID)))"; + + StringBuilder sql = new StringBuilder("SELECT u.Name || '@' || c.Name || '.' || o.Name AS Text") + .append(" FROM AD_User u, AD_Client c, AD_Org o, AD_Role r") + .append(" WHERE u.AD_User_ID = ?") // #1 + .append(" AND c.AD_Client_ID = ?") // #2 + .append(" AND o.AD_Org_ID = ?") // #3 + .append(" AND r.AD_Role_ID = ?") // #4 + .append(" AND (o.AD_Client_ID = 0 OR o.AD_Client_ID=c.AD_Client_ID)") + .append(" AND ( ") + .append(" r.IsAccessAllOrgs='Y'") + .append(" OR (r.IsUseUserOrgAccess='N' AND o.AD_Org_ID IN (SELECT AD_Org_ID FROM AD_Role_OrgAccess ra WHERE ra.AD_Role_ID=r.AD_Role_ID AND ra.IsActive='Y'))") + .append(" OR (r.IsUseUserOrgAccess='Y' AND o.AD_Org_ID IN (SELECT AD_Org_ID FROM AD_User_OrgAccess ua WHERE ua.AD_User_ID=u.AD_User_ID AND ua.IsActive='Y'))") + .append(")"); + PreparedStatement pstmt = null; ResultSet rs = null; try { - pstmt = DB.prepareStatement(sql, null); + pstmt = DB.prepareStatement(sql.toString(), null); pstmt.setInt(1, AD_User_ID); pstmt.setInt(2, AD_Client_ID); pstmt.setInt(3, AD_Org_ID);