fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [fineract] thesmallstar commented on a change in pull request #1123: FINERACT-854 Removed string concatenated SQL from CenterReadPlatformS…
Date Mon, 29 Jun 2020 09:49:33 GMT

thesmallstar commented on a change in pull request #1123:
URL: https://github.com/apache/fineract/pull/1123#discussion_r446882127



##########
File path: fineract-provider/src/main/java/org/apache/fineract/portfolio/group/service/CenterReadPlatformServiceImpl.java
##########
@@ -122,55 +122,26 @@ public CenterReadPlatformServiceImpl(final PlatformSecurityContext context,
fina
     // 'g.' preffix because of ERROR 1052 (23000): Column 'column_name' in where
     // clause is ambiguous
     // caused by the same name of columns in m_office and m_group tables
-    private String getCenterExtraCriteria(String schemaSl, List<Object> paramList,
final SearchParameters searchCriteria) {
+    private SQLBuilder getCenterExtraCriteria(String schemaSl, final SearchParameters searchCriteria)
{
 
-        StringBuilder extraCriteria = new StringBuilder(200);
-        extraCriteria.append(" and g.level_id = " + GroupTypes.CENTER.getId());
+        SQLBuilder extraCriteria = new SQLBuilder();
+        extraCriteria.addCriteria("g.level_id =", GroupTypes.CENTER.getId());
         if (searchCriteria != null) {
             String sqlQueryCriteria = searchCriteria.getSqlSearch();
             if (StringUtils.isNotBlank(sqlQueryCriteria)) {
                 SQLInjectionValidator.validateSQLInput(sqlQueryCriteria);
                 sqlQueryCriteria = sqlQueryCriteria.replace(" display_name ", " g.display_name
");
                 sqlQueryCriteria = sqlQueryCriteria.replace("display_name ", "g.display_name
");
-                extraCriteria.append(" and (").append(sqlQueryCriteria).append(") ");
-                this.columnValidator.validateSqlInjection(schemaSl, sqlQueryCriteria);

Review comment:
       Also removing this part is not correct as of NOW, the problem is we are talking SQL
query as a query to give users more functionality and certainly that is not supported in SQL
builder currently, we probably would need to parse things find relevant queries and then add
those to extra criteria still thinking on it. 
   Will be looked after limit and order by are supported.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message