midsuit
/
core-jgi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

BF [ 2030280 ] org.compiere.model.Query apply access fielter issue

This commit is contained in:
teo_sarca 2008-07-28 13:40:18 +00:00
parent 31b3674aa9
commit da73066385
2 changed files with 28 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
base/src/org/compiere/model/MTable.java
View File

@ -775,7 +775,7 @@ public class MTable extends X_AD_Table
*/ */
public Query createQuery(String whereClause, String trxName) public Query createQuery(String whereClause, String trxName)
{ {
return new Query(this, whereClause, trxName); return new Query(this.getCtx(), this, whereClause, trxName);
} }
/** /**

31
base/src/org/compiere/model/Query.java
View File

@ -30,18 +30,19 @@ import java.util.logging.Level;
import org.adempiere.exceptions.DBException; import org.adempiere.exceptions.DBException;
import org.compiere.util.CLogger; import org.compiere.util.CLogger;
import org.compiere.util.DB; import org.compiere.util.DB;
import org.compiere.util.Env;
/** /**
* *
* @author Low Heng Sin * @author Low Heng Sin
* @author Teo Sarca, SC ARHIPAC SERVICE SRL * @author Teo Sarca, SC ARHIPAC SERVICE SRL
* <li>FR [ 1981760 ] Improve Query class * <li>FR [ 1981760 ] Improve Query class
* <li>BF [ 2030280 ] org.compiere.model.Query apply access fielter issue
*/ */
public class Query { public class Query {
private static CLogger log = CLogger.getCLogger (Query.class); private static CLogger log = CLogger.getCLogger (Query.class);
private Properties ctx = null;
private MTable table = null; private MTable table = null;
private String whereClause = null; private String whereClause = null;
private String orderBy = null; private String orderBy = null;
@ -54,15 +55,37 @@ public class Query {
* @param table * @param table
* @param whereClause * @param whereClause
* @param trxName * @param trxName
* @deprecated Use {@link #Query(Properties, MTable, String, String)} instead because this method is security error prone
*/ */
public Query(MTable table, String whereClause, String trxName) { public Query(MTable table, String whereClause, String trxName) {
this.ctx = table.getCtx();
this.table = table; this.table = table;
this.whereClause = whereClause; this.whereClause = whereClause;
this.trxName = trxName; this.trxName = trxName;
} }
/**
* @param ctx context
* @param table
* @param whereClause
* @param trxName
*/
public Query(Properties ctx, MTable table, String whereClause, String trxName) {
this.ctx = ctx;
this.table = table;
this.whereClause = whereClause;
this.trxName = trxName;
}
/**
*
* @param ctx
* @param tableName
* @param whereClause
* @param trxName
*/
public Query(Properties ctx, String tableName, String whereClause, String trxName) { public Query(Properties ctx, String tableName, String whereClause, String trxName) {
this(MTable.get(ctx, tableName), whereClause, trxName); this(ctx, MTable.get(ctx, tableName), whereClause, trxName);
if (this.table == null) if (this.table == null)
throw new IllegalArgumentException("Table Name Not Found - "+tableName); throw new IllegalArgumentException("Table Name Not Found - "+tableName);
} }
@ -283,7 +306,7 @@ public class Query {
*/ */
private final String buildSQL(StringBuffer selectClause) { private final String buildSQL(StringBuffer selectClause) {
if (selectClause == null) { if (selectClause == null) {
POInfo info = POInfo.getPOInfo(Env.getCtx(), table.getAD_Table_ID(), trxName); POInfo info = POInfo.getPOInfo(this.ctx, table.getAD_Table_ID(), trxName);
if (info == null) if (info == null)
throw new IllegalStateException("No POInfo found for AD_Table_ID="+table.getAD_Table_ID()); throw new IllegalStateException("No POInfo found for AD_Table_ID="+table.getAD_Table_ID());
selectClause = info.buildSelect(); selectClause = info.buildSelect();
@ -295,7 +318,7 @@ public class Query {
sqlBuffer.append(" Order By ").append(orderBy); sqlBuffer.append(" Order By ").append(orderBy);
String sql = sqlBuffer.toString(); String sql = sqlBuffer.toString();
if (applyAccessFilter) { if (applyAccessFilter) {
MRole role = MRole.getDefault(); MRole role = MRole.getDefault(this.ctx, false);
sql = role.addAccessSQL(sql, table.getTableName(), true, false); sql = role.addAccessSQL(sql, table.getTableName(), true, false);
} }
return sql; return sql;