You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/08/03 16:01:49 UTC
[33/50] [abbrv] airavata git commit: Parameter binding for sharing
registry queries
Parameter binding for sharing registry queries
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/89e7e7f0
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/89e7e7f0
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/89e7e7f0
Branch: refs/heads/master
Commit: 89e7e7f0d47999ac7c4e7e73476fd7b8a06e5ca1
Parents: 461fdbb
Author: Marcus Christie <ma...@apache.org>
Authored: Thu Jul 13 12:14:06 2017 -0500
Committer: Marcus Christie <ma...@apache.org>
Committed: Thu Jul 13 12:14:06 2017 -0500
----------------------------------------------------------------------
.../db/repositories/AbstractRepository.java | 12 +++--
.../repositories/GroupMembershipRepository.java | 39 +++++++++------
.../db/repositories/SharingRepository.java | 50 +++++++++++---------
.../db/repositories/UserGroupRepository.java | 31 ++++++++----
.../db/repositories/UserRepository.java | 18 ++++---
.../server/SharingRegistryServerHandler.java | 2 +-
6 files changed, 94 insertions(+), 58 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e7e7f0/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
index 4869a4d..9900662 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
@@ -29,6 +29,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.persistence.EntityManager;
+import javax.persistence.Query;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -133,10 +134,15 @@ public abstract class AbstractRepository<T, E, Id> {
return gatewayList;
}
- public List<T> select(String queryString, int offset, int limit) throws SharingRegistryException {
+ public List<T> select(String queryString, Map<String,Object> queryParameters, int offset, int limit) throws SharingRegistryException {
int newLimit = limit < 0 ? DBConstants.SELECT_MAX_ROWS: limit;
- List resultSet = execute(entityManager -> entityManager.createQuery(queryString).setFirstResult(offset)
- .setMaxResults(newLimit).getResultList());
+ List resultSet = execute(entityManager -> {
+ Query q = entityManager.createQuery(queryString);
+ for(Map.Entry<String, Object> queryParam : queryParameters.entrySet()){
+ q.setParameter(queryParam.getKey(), queryParam.getValue());
+ }
+ return q.setFirstResult(offset).setMaxResults(newLimit).getResultList();
+ });
Mapper mapper = ObjectMapperSingleton.getInstance();
List<T> gatewayList = new ArrayList<>();
resultSet.stream().forEach(rs -> gatewayList.add(mapper.map(rs, thriftGenericClass)));
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e7e7f0/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/GroupMembershipRepository.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/GroupMembershipRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/GroupMembershipRepository.java
index 2d98c89..c267dec 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/GroupMembershipRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/GroupMembershipRepository.java
@@ -34,42 +34,51 @@ public class GroupMembershipRepository extends AbstractRepository<GroupMembershi
super(GroupMembership.class, GroupMembershipEntity.class);
}
- //TODO Replace with prepared statements
public List<User> getAllChildUsers(String domainId, String groupId) throws SharingRegistryException {
String queryString = "SELECT DISTINCT U FROM " + UserEntity.class.getSimpleName() + " U, " + GroupMembershipEntity.class.getSimpleName()
+ " GM WHERE GM." + DBConstants.GroupMembershipTable.CHILD_ID + " = U." + DBConstants.UserTable.USER_ID + " AND " +
"GM." + DBConstants.GroupMembershipTable.DOMAIN_ID + " = U." + DBConstants.UserTable.DOMAIN_ID + " AND " +
- "GM." + DBConstants.GroupMembershipTable.DOMAIN_ID + "='" + domainId + "' AND "+
- "GM." + DBConstants.GroupMembershipTable.PARENT_ID + "='" + groupId + "' AND GM." + DBConstants.GroupMembershipTable.CHILD_TYPE
- + "='" + GroupChildType.USER.toString() + "'";
+ "GM." + DBConstants.GroupMembershipTable.DOMAIN_ID + "=:" + DBConstants.GroupMembershipTable.DOMAIN_ID + " AND "+
+ "GM." + DBConstants.GroupMembershipTable.PARENT_ID + "=:" + DBConstants.GroupMembershipTable.PARENT_ID + " AND GM." + DBConstants.GroupMembershipTable.CHILD_TYPE
+ + "=:" + DBConstants.GroupMembershipTable.CHILD_TYPE;
+ Map<String,Object> queryParameters = new HashMap<>();
+ queryParameters.put(DBConstants.GroupMembershipTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.GroupMembershipTable.PARENT_ID, groupId);
+ queryParameters.put(DBConstants.GroupMembershipTable.CHILD_TYPE, GroupChildType.USER.toString());
UserRepository userRepository = new UserRepository();
- List<User> users = userRepository.select(queryString, 0, -1);
+ List<User> users = userRepository.select(queryString, queryParameters, 0, -1);
return users;
}
- //TODO Replace with prepared statements
public List<UserGroup> getAllChildGroups(String domainId, String groupId) throws SharingRegistryException {
String queryString = "SELECT DISTINCT G FROM " + UserGroupEntity.class.getSimpleName() + " G, " + GroupMembershipEntity.class.getSimpleName()
+ " GM WHERE GM." + DBConstants.GroupMembershipTable.CHILD_ID + " = G." + DBConstants.UserGroupTable.GROUP_ID + " AND " +
"GM." + DBConstants.GroupMembershipTable.DOMAIN_ID + " = G." + DBConstants.UserGroupTable.DOMAIN_ID + " AND " +
- "GM." + DBConstants.GroupMembershipTable.DOMAIN_ID+"='"+domainId + "' AND "+
- "GM." + DBConstants.GroupMembershipTable.PARENT_ID+"='"+groupId + "' AND GM." + DBConstants.GroupMembershipTable.CHILD_TYPE
- + "='" + GroupChildType.GROUP.toString() + "'";
+ "GM." + DBConstants.GroupMembershipTable.DOMAIN_ID+"=:"+DBConstants.GroupMembershipTable.DOMAIN_ID + " AND "+
+ "GM." + DBConstants.GroupMembershipTable.PARENT_ID+"=:"+DBConstants.GroupMembershipTable.PARENT_ID + " AND GM." + DBConstants.GroupMembershipTable.CHILD_TYPE
+ + "=:" + DBConstants.GroupMembershipTable.CHILD_TYPE;
+ Map<String,Object> queryParameters = new HashMap<>();
+ queryParameters.put(DBConstants.GroupMembershipTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.GroupMembershipTable.PARENT_ID, groupId);
+ queryParameters.put(DBConstants.GroupMembershipTable.CHILD_TYPE, GroupChildType.GROUP.toString());
UserGroupRepository userGroupRepository = new UserGroupRepository();
- List<UserGroup> groups = userGroupRepository.select(queryString, 0, -1);
+ List<UserGroup> groups = userGroupRepository.select(queryString, queryParameters,0, -1);
return groups;
}
- //TODO Replace with prepared statements
public List<UserGroup> getAllMemberGroupsForUser(String domainId, String userId) throws SharingRegistryException {
String queryString = "SELECT DISTINCT G FROM " + UserGroupEntity.class.getSimpleName() + " G, " + GroupMembershipEntity.class.getSimpleName()
+ " GM WHERE GM." + DBConstants.GroupMembershipTable.PARENT_ID + " = G." + DBConstants.UserGroupTable.GROUP_ID + " AND " +
"GM." + DBConstants.GroupMembershipTable.DOMAIN_ID + " = G." + DBConstants.UserGroupTable.DOMAIN_ID + " AND " +
- "GM." + DBConstants.GroupMembershipTable.DOMAIN_ID+"='"+domainId + "' AND "+
- "GM." + DBConstants.GroupMembershipTable.CHILD_ID+"='"+userId + "' AND GM." + DBConstants.GroupMembershipTable.CHILD_TYPE
- + "='" + GroupChildType.USER.toString() + "'";
+ "GM." + DBConstants.GroupMembershipTable.DOMAIN_ID+"=:"+DBConstants.GroupMembershipTable.DOMAIN_ID + " AND "+
+ "GM." + DBConstants.GroupMembershipTable.CHILD_ID+"=:"+DBConstants.GroupMembershipTable.CHILD_ID + " AND GM." + DBConstants.GroupMembershipTable.CHILD_TYPE
+ + "=:" + DBConstants.GroupMembershipTable.CHILD_TYPE;
+ Map<String,Object> queryParameters = new HashMap<>();
+ queryParameters.put(DBConstants.GroupMembershipTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.GroupMembershipTable.CHILD_ID, userId);
+ queryParameters.put(DBConstants.GroupMembershipTable.CHILD_TYPE, GroupChildType.USER.toString());
UserGroupRepository userGroupRepository = new UserGroupRepository();
- List<UserGroup> groups = userGroupRepository.select(queryString, 0, -1);
+ List<UserGroup> groups = userGroupRepository.select(queryString, queryParameters, 0, -1);
return groups;
}
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e7e7f0/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
index 6752fc8..cfe0bf0 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/SharingRepository.java
@@ -30,6 +30,7 @@ import org.slf4j.LoggerFactory;
import java.util.HashMap;
import java.util.List;
+import java.util.Map;
public class SharingRepository extends AbstractRepository<Sharing, SharingEntity, SharingPK> {
private final static Logger logger = LoggerFactory.getLogger(SharingRepository.class);
@@ -48,46 +49,49 @@ public class SharingRepository extends AbstractRepository<Sharing, SharingEntity
return select(filters, 0, -1);
}
- //TODO Replace with prepared statements
public List<Sharing> getCascadingPermissionsForEntity(String domainId, String entityId) throws SharingRegistryException {
String query = "SELECT DISTINCT p from " + SharingEntity.class.getSimpleName() + " as p";
query += " WHERE ";
- query += "p." + DBConstants.SharingTable.DOMAIN_ID + " = '" + domainId + "' AND ";
- query += "p." + DBConstants.SharingTable.ENTITY_ID + " = '" + entityId + "' AND ";
+ query += "p." + DBConstants.SharingTable.DOMAIN_ID + " = :" + DBConstants.SharingTable.DOMAIN_ID + " AND ";
+ query += "p." + DBConstants.SharingTable.ENTITY_ID + " = :" + DBConstants.SharingTable.ENTITY_ID + " AND ";
query += "p." + DBConstants.SharingTable.SHARING_TYPE + " IN('" + SharingType.DIRECT_CASCADING.toString()
+ "', '" + SharingType.INDIRECT_CASCADING + "') ";
query += " ORDER BY p.createdTime DESC";
- return select(query, 0, -1);
+ Map<String,Object> queryParameters = new HashMap<>();
+ queryParameters.put(DBConstants.SharingTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.SharingTable.ENTITY_ID, entityId);
+ return select(query, queryParameters, 0, -1);
}
- //TODO Replace with prepared statements
public boolean hasAccess(String domainId, String entityId, List<String> groupIds, List<String> permissionTypeIds) throws SharingRegistryException {
+ Map<String,Object> queryParameters = new HashMap<>();
String query = "SELECT p from " + SharingEntity.class.getSimpleName() + " as p";
query += " WHERE ";
- query += "p." + DBConstants.SharingTable.DOMAIN_ID + " = '" + domainId + "' AND ";
- query += "p." + DBConstants.SharingTable.ENTITY_ID + " = '" + entityId + "' AND ";
- String permissionTypeIdString = "'";
- for(String permissionId : permissionTypeIds)
- permissionTypeIdString += permissionId + "','";
- permissionTypeIdString = permissionTypeIdString.substring(0, permissionTypeIdString.length()-2);
- query += "p." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " IN(" + permissionTypeIdString + ") AND ";
- String groupIdString = "'";
- for(String groupId : groupIds)
- groupIdString += groupId + "','";
- groupIdString = groupIdString.substring(0, groupIdString.length()-2);
- query += "p." + DBConstants.SharingTable.GROUP_ID + " IN(" + groupIdString + ") ";
+ query += "p." + DBConstants.SharingTable.DOMAIN_ID + " = :" + DBConstants.SharingTable.DOMAIN_ID + " AND ";
+ query += "p." + DBConstants.SharingTable.ENTITY_ID + " = :" + DBConstants.SharingTable.ENTITY_ID + " AND ";
+ queryParameters.put(DBConstants.SharingTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.SharingTable.ENTITY_ID, entityId);
+ query += "p." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " IN :" + DBConstants.SharingTable.PERMISSION_TYPE_ID + " AND ";
+ queryParameters.put(DBConstants.SharingTable.PERMISSION_TYPE_ID, permissionTypeIds);
+ query += "p." + DBConstants.SharingTable.GROUP_ID + " IN :" + DBConstants.SharingTable.GROUP_ID + " ";
+ queryParameters.put(DBConstants.SharingTable.GROUP_ID, groupIds);
query += " ORDER BY p.createdTime DESC";
- return select(query, 0, -1).size() > 0;
+ return select(query, queryParameters, 0, -1).size() > 0;
}
public int getSharedCount(String domainId, String entityId) throws SharingRegistryException {
+ Map<String,Object> queryParameters = new HashMap<>();
String query = "SELECT p from " + SharingEntity.class.getSimpleName() + " as p";
query += " WHERE ";
- query += "p." + DBConstants.SharingTable.DOMAIN_ID + " = '" + domainId + "' AND ";
- query += "p." + DBConstants.SharingTable.ENTITY_ID + " = '" + entityId + "' AND ";
+ query += "p." + DBConstants.SharingTable.DOMAIN_ID + " = :" + DBConstants.SharingTable.DOMAIN_ID + " AND ";
+ queryParameters.put(DBConstants.SharingTable.DOMAIN_ID, domainId);
+ query += "p." + DBConstants.SharingTable.ENTITY_ID + " = :" + DBConstants.SharingTable.ENTITY_ID + " AND ";
+ queryParameters.put(DBConstants.SharingTable.ENTITY_ID, entityId);
String permissionTypeIdString = (new PermissionTypeRepository()).getOwnerPermissionTypeIdForDomain(domainId);
- query += "p." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " <> '" + permissionTypeIdString + "' AND ";
- query += "p." + DBConstants.SharingTable.SHARING_TYPE + " <> '" + SharingType.INDIRECT_CASCADING + "'";
- return select(query, 0, -1).size();
+ query += "p." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " <> :" + DBConstants.SharingTable.PERMISSION_TYPE_ID + " AND ";
+ queryParameters.put(DBConstants.SharingTable.PERMISSION_TYPE_ID, permissionTypeIdString);
+ query += "p." + DBConstants.SharingTable.SHARING_TYPE + " <> :" + DBConstants.SharingTable.SHARING_TYPE;
+ queryParameters.put(DBConstants.SharingTable.SHARING_TYPE, SharingType.INDIRECT_CASCADING.toString());
+ return select(query, queryParameters, 0, -1).size();
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e7e7f0/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserGroupRepository.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserGroupRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserGroupRepository.java
index 2650288..25dda5d 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserGroupRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserGroupRepository.java
@@ -29,7 +29,9 @@ import org.apache.airavata.sharing.registry.models.UserGroup;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
public class UserGroupRepository extends AbstractRepository<UserGroup, UserGroupEntity, UserGroupPK> {
private final static Logger logger = LoggerFactory.getLogger(UserGroupRepository.class);
@@ -38,18 +40,22 @@ public class UserGroupRepository extends AbstractRepository<UserGroup, UserGroup
super(UserGroup.class, UserGroupEntity.class);
}
- //TODO Replace with prepared statements
public List<UserGroup> getAccessibleGroups(String domainId, String entityId, String permissionTypeId) throws SharingRegistryException {
String query = "SELECT DISTINCT g from " + UserGroupEntity.class.getSimpleName() + " g, " + SharingEntity.class.getSimpleName() + " s";
query += " WHERE ";
query += "g." + DBConstants.UserGroupTable.GROUP_ID + " = s." + DBConstants.SharingTable.GROUP_ID + " AND ";
query += "g." + DBConstants.UserGroupTable.DOMAIN_ID + " = s." + DBConstants.SharingTable.DOMAIN_ID + " AND ";
- query += "g." + DBConstants.UserGroupTable.DOMAIN_ID + " = '" + domainId + "' AND ";
- query += "s." + DBConstants.SharingTable.ENTITY_ID + " = '" + entityId + "' AND ";
- query += "s." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " = '" + permissionTypeId + "' AND ";
- query += "g." + DBConstants.UserGroupTable.GROUP_CARDINALITY + " = '" + GroupCardinality.MULTI_USER.toString() + "'";
+ query += "g." + DBConstants.UserGroupTable.DOMAIN_ID + " = :" + DBConstants.UserGroupTable.DOMAIN_ID + " AND ";
+ query += "s." + DBConstants.SharingTable.ENTITY_ID + " = :" + DBConstants.SharingTable.ENTITY_ID + " AND ";
+ query += "s." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " = :" + DBConstants.SharingTable.PERMISSION_TYPE_ID + " AND ";
+ query += "g." + DBConstants.UserGroupTable.GROUP_CARDINALITY + " = :" + DBConstants.UserGroupTable.GROUP_CARDINALITY;
query += " ORDER BY s.createdTime DESC";
- return select(query, 0, -1);
+ Map<String,Object> queryParameters = new HashMap<>();
+ queryParameters.put(DBConstants.UserGroupTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.SharingTable.ENTITY_ID, entityId);
+ queryParameters.put(DBConstants.SharingTable.PERMISSION_TYPE_ID, permissionTypeId);
+ queryParameters.put(DBConstants.UserGroupTable.GROUP_CARDINALITY, GroupCardinality.MULTI_USER.toString());
+ return select(query, queryParameters, 0, -1);
}
@@ -59,10 +65,15 @@ public class UserGroupRepository extends AbstractRepository<UserGroup, UserGroup
query += " WHERE ";
query += "g." + DBConstants.UserGroupTable.GROUP_ID + " = s." + DBConstants.SharingTable.GROUP_ID + " AND ";
query += "g." + DBConstants.UserGroupTable.DOMAIN_ID + " = s." + DBConstants.SharingTable.DOMAIN_ID + " AND ";
- query += "g." + DBConstants.UserGroupTable.DOMAIN_ID + " = '" + domainId + "' AND ";
- query += "s." + DBConstants.SharingTable.ENTITY_ID + " = '" + entityId + "' AND ";
- query += "s." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " <> '" + (new PermissionTypeRepository()).getOwnerPermissionTypeIdForDomain(domainId) + "'";
+ query += "g." + DBConstants.UserGroupTable.DOMAIN_ID + " = :" + DBConstants.UserGroupTable.DOMAIN_ID + " AND ";
+ query += "s." + DBConstants.SharingTable.ENTITY_ID + " = :" + DBConstants.SharingTable.ENTITY_ID + " AND ";
+ query += "s." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " <> :" + DBConstants.SharingTable.PERMISSION_TYPE_ID;
query += " ORDER BY s.createdTime DESC";
- return select(query, 0, -1).size() != 0;
+ Map<String,Object> queryParameters = new HashMap<>();
+ queryParameters.put(DBConstants.UserGroupTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.SharingTable.ENTITY_ID, entityId);
+ String ownerPermissionTypeIdForDomain = (new PermissionTypeRepository()).getOwnerPermissionTypeIdForDomain(domainId);
+ queryParameters.put(DBConstants.SharingTable.PERMISSION_TYPE_ID, ownerPermissionTypeIdForDomain);
+ return select(query, queryParameters, 0, -1).size() != 0;
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e7e7f0/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserRepository.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserRepository.java
index ea518ca..9bab5cc 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/UserRepository.java
@@ -29,7 +29,9 @@ import org.apache.airavata.sharing.registry.models.User;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
public class UserRepository extends AbstractRepository<User, UserEntity, UserPK> {
private final static Logger logger = LoggerFactory.getLogger(UserRepository.class);
@@ -39,21 +41,25 @@ public class UserRepository extends AbstractRepository<User, UserEntity, UserPK>
}
- //TODO Replace with prepared statements
public List<User> getAccessibleUsers(String domainId, String entityId, String permissionTypeId) throws SharingRegistryException {
+ Map<String,Object> queryParameters = new HashMap<>();
String query = "SELECT DISTINCT u from " + UserEntity.class.getSimpleName() + " u, " + SharingEntity.class.getSimpleName() + " s";
query += " WHERE ";
query += "u." + DBConstants.UserTable.USER_ID + " = s." + DBConstants.SharingTable.GROUP_ID + " AND ";
query += "u." + DBConstants.UserTable.DOMAIN_ID + " = s." + DBConstants.SharingTable.DOMAIN_ID + " AND ";
- query += "u." + DBConstants.UserTable.DOMAIN_ID + " = '" + domainId + "' AND ";
- query += "s." + DBConstants.SharingTable.ENTITY_ID + " = '" + entityId + "' AND ";
- query += "s." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " = '" + permissionTypeId + "'";
+ query += "u." + DBConstants.UserTable.DOMAIN_ID + " = :" + DBConstants.UserTable.DOMAIN_ID + " AND ";
+ query += "s." + DBConstants.SharingTable.ENTITY_ID + " = :" + DBConstants.SharingTable.ENTITY_ID + " AND ";
+ query += "s." + DBConstants.SharingTable.PERMISSION_TYPE_ID + " = :" + DBConstants.SharingTable.PERMISSION_TYPE_ID;
+ queryParameters.put(DBConstants.UserTable.DOMAIN_ID, domainId);
+ queryParameters.put(DBConstants.SharingTable.ENTITY_ID, entityId);
+ queryParameters.put(DBConstants.SharingTable.PERMISSION_TYPE_ID, permissionTypeId);
if(permissionTypeId.equals((new PermissionTypeRepository()).getOwnerPermissionTypeIdForDomain(domainId))){
- query += "AND s." + DBConstants.SharingTable.SHARING_TYPE + " LIKE 'DIRECT_%'";
+ query += " AND s." + DBConstants.SharingTable.SHARING_TYPE + " LIKE :" + DBConstants.SharingTable.SHARING_TYPE;
+ queryParameters.put(DBConstants.SharingTable.SHARING_TYPE, "DIRECT_%");
}
query += " ORDER BY s.createdTime DESC";
- return select(query, 0, -1);
+ return select(query, queryParameters,0, -1);
}
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/airavata/blob/89e7e7f0/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
index 819dd16..c1fb86a 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/server/SharingRegistryServerHandler.java
@@ -567,7 +567,7 @@ public class SharingRegistryServerHandler implements SharingRegistryService.Ifac
try{
HashMap<String, String> filters = new HashMap<>();
filters.put(DBConstants.EntityTypeTable.DOMAIN_ID, domain);
- return (new EntityTypeRepository()).select(domain, offset, limit);
+ return (new EntityTypeRepository()).select(filters, offset, limit);
}catch (Throwable ex) {
logger.error(ex.getMessage(), ex);
throw new SharingRegistryException().setMessage(ex.getMessage() + " Stack trace:" + ExceptionUtils.getStackTrace(ex));