IDEMPIERE-4677 : Cross Tenant issues with AD_User/Role_OrgAccess (#556)

This commit is contained in:
Nicolas Micoud 2021-01-28 12:42:00 +01:00 committed by GitHub
parent f5e9cd9336
commit e32f971587
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 2 deletions

View File

@ -814,11 +814,12 @@ public final class MRole extends X_AD_Role implements ImmutablePOSupport
PreparedStatement pstmt = null; PreparedStatement pstmt = null;
ResultSet rs = null; ResultSet rs = null;
String sql = "SELECT * FROM AD_User_OrgAccess " String sql = "SELECT * FROM AD_User_OrgAccess "
+ "WHERE AD_User_ID=? AND IsActive='Y'"; + "WHERE AD_User_ID=? AND IsActive='Y' AND AD_Client_ID = ?";
try try
{ {
pstmt = DB.prepareStatement(sql, get_TrxName()); pstmt = DB.prepareStatement(sql, get_TrxName());
pstmt.setInt(1, getAD_User_ID()); pstmt.setInt(1, getAD_User_ID());
pstmt.setInt(2, Env.getAD_Client_ID(getCtx()));
rs = pstmt.executeQuery(); rs = pstmt.executeQuery();
while (rs.next()) while (rs.next())
{ {
@ -845,11 +846,12 @@ public final class MRole extends X_AD_Role implements ImmutablePOSupport
PreparedStatement pstmt = null; PreparedStatement pstmt = null;
ResultSet rs = null; ResultSet rs = null;
String sql = "SELECT * FROM AD_Role_OrgAccess " String sql = "SELECT * FROM AD_Role_OrgAccess "
+ "WHERE AD_Role_ID=? AND IsActive='Y'"; + "WHERE AD_Role_ID=? AND IsActive='Y' AND AD_Client_ID = ?";
try try
{ {
pstmt = DB.prepareStatement(sql, get_TrxName()); pstmt = DB.prepareStatement(sql, get_TrxName());
pstmt.setInt(1, getAD_Role_ID()); pstmt.setInt(1, getAD_Role_ID());
pstmt.setInt(2, Env.getAD_Client_ID(getCtx()));
rs = pstmt.executeQuery(); rs = pstmt.executeQuery();
while (rs.next()) while (rs.next())
{ {