BF [ 2030280 ] org.compiere.model.Query apply access fielter issue
This commit is contained in:
parent
31b3674aa9
commit
da73066385
|
@ -775,7 +775,7 @@ public class MTable extends X_AD_Table
|
||||||
*/
|
*/
|
||||||
public Query createQuery(String whereClause, String trxName)
|
public Query createQuery(String whereClause, String trxName)
|
||||||
{
|
{
|
||||||
return new Query(this, whereClause, trxName);
|
return new Query(this.getCtx(), this, whereClause, trxName);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -30,18 +30,19 @@ import java.util.logging.Level;
|
||||||
import org.adempiere.exceptions.DBException;
|
import org.adempiere.exceptions.DBException;
|
||||||
import org.compiere.util.CLogger;
|
import org.compiere.util.CLogger;
|
||||||
import org.compiere.util.DB;
|
import org.compiere.util.DB;
|
||||||
import org.compiere.util.Env;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @author Low Heng Sin
|
* @author Low Heng Sin
|
||||||
* @author Teo Sarca, SC ARHIPAC SERVICE SRL
|
* @author Teo Sarca, SC ARHIPAC SERVICE SRL
|
||||||
* <li>FR [ 1981760 ] Improve Query class
|
* <li>FR [ 1981760 ] Improve Query class
|
||||||
|
* <li>BF [ 2030280 ] org.compiere.model.Query apply access fielter issue
|
||||||
*/
|
*/
|
||||||
public class Query {
|
public class Query {
|
||||||
|
|
||||||
private static CLogger log = CLogger.getCLogger (Query.class);
|
private static CLogger log = CLogger.getCLogger (Query.class);
|
||||||
|
|
||||||
|
private Properties ctx = null;
|
||||||
private MTable table = null;
|
private MTable table = null;
|
||||||
private String whereClause = null;
|
private String whereClause = null;
|
||||||
private String orderBy = null;
|
private String orderBy = null;
|
||||||
|
@ -54,15 +55,37 @@ public class Query {
|
||||||
* @param table
|
* @param table
|
||||||
* @param whereClause
|
* @param whereClause
|
||||||
* @param trxName
|
* @param trxName
|
||||||
|
* @deprecated Use {@link #Query(Properties, MTable, String, String)} instead because this method is security error prone
|
||||||
*/
|
*/
|
||||||
public Query(MTable table, String whereClause, String trxName) {
|
public Query(MTable table, String whereClause, String trxName) {
|
||||||
|
this.ctx = table.getCtx();
|
||||||
this.table = table;
|
this.table = table;
|
||||||
this.whereClause = whereClause;
|
this.whereClause = whereClause;
|
||||||
this.trxName = trxName;
|
this.trxName = trxName;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param ctx context
|
||||||
|
* @param table
|
||||||
|
* @param whereClause
|
||||||
|
* @param trxName
|
||||||
|
*/
|
||||||
|
public Query(Properties ctx, MTable table, String whereClause, String trxName) {
|
||||||
|
this.ctx = ctx;
|
||||||
|
this.table = table;
|
||||||
|
this.whereClause = whereClause;
|
||||||
|
this.trxName = trxName;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @param ctx
|
||||||
|
* @param tableName
|
||||||
|
* @param whereClause
|
||||||
|
* @param trxName
|
||||||
|
*/
|
||||||
public Query(Properties ctx, String tableName, String whereClause, String trxName) {
|
public Query(Properties ctx, String tableName, String whereClause, String trxName) {
|
||||||
this(MTable.get(ctx, tableName), whereClause, trxName);
|
this(ctx, MTable.get(ctx, tableName), whereClause, trxName);
|
||||||
if (this.table == null)
|
if (this.table == null)
|
||||||
throw new IllegalArgumentException("Table Name Not Found - "+tableName);
|
throw new IllegalArgumentException("Table Name Not Found - "+tableName);
|
||||||
}
|
}
|
||||||
|
@ -283,7 +306,7 @@ public class Query {
|
||||||
*/
|
*/
|
||||||
private final String buildSQL(StringBuffer selectClause) {
|
private final String buildSQL(StringBuffer selectClause) {
|
||||||
if (selectClause == null) {
|
if (selectClause == null) {
|
||||||
POInfo info = POInfo.getPOInfo(Env.getCtx(), table.getAD_Table_ID(), trxName);
|
POInfo info = POInfo.getPOInfo(this.ctx, table.getAD_Table_ID(), trxName);
|
||||||
if (info == null)
|
if (info == null)
|
||||||
throw new IllegalStateException("No POInfo found for AD_Table_ID="+table.getAD_Table_ID());
|
throw new IllegalStateException("No POInfo found for AD_Table_ID="+table.getAD_Table_ID());
|
||||||
selectClause = info.buildSelect();
|
selectClause = info.buildSelect();
|
||||||
|
@ -295,7 +318,7 @@ public class Query {
|
||||||
sqlBuffer.append(" Order By ").append(orderBy);
|
sqlBuffer.append(" Order By ").append(orderBy);
|
||||||
String sql = sqlBuffer.toString();
|
String sql = sqlBuffer.toString();
|
||||||
if (applyAccessFilter) {
|
if (applyAccessFilter) {
|
||||||
MRole role = MRole.getDefault();
|
MRole role = MRole.getDefault(this.ctx, false);
|
||||||
sql = role.addAccessSQL(sql, table.getTableName(), true, false);
|
sql = role.addAccessSQL(sql, table.getTableName(), true, false);
|
||||||
}
|
}
|
||||||
return sql;
|
return sql;
|
||||||
|
|
Loading…
Reference in New Issue