| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] |
| ID |
| 0033081 |
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update |
| defect | [Openbravo ERP] A. Platform | minor | have not tried | 2016-05-30 17:38 | 2022-02-01 08:05 |
|
| Reporter | NaroaIriarte | View Status | public | |
| Assigned To | Triage Platform Base | |
| Priority | high | Resolution | open | Fixed in Version | |
| Status | acknowledged | Fix in branch | | Fixed in SCM revision | |
| Projection | none | ETA | none | Target Version | |
|
| OS | Any | Database | Any | Java version | |
| OS Version | | Database version | | Ant version | |
| Product Version | | SCM revision | | |
|
| Review Assigned To | alostale |
| Web browser | |
| Modules | Core |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0033081: There are some sql queries that can be avoided. |
| Description | There are unneeded queries in done in the "HttpSecureAppServlet.hasGeneralAccess". It is needed to improve the General Access performance by removing those unneeded queries.
For example there are two queries done when the access type is "W". With a refactor it could be improved to only one query by changing this code:
"SeguridadData.selectAccess(this, vars.getRole(), "TABLE", id).equals("0") && !SeguridadData.selectAccess(this, vars.getRole(), type, id).equals("0")" |
| Steps To Reproduce | 1-As F&B Administrator go to Sales Order window.
2-Note that there are two queries, instead of one. This is (in part) because the HttpSecureAppServlet.hasGeneralAccess method, when the type is "W", does two queries. |
| Proposed Solution | Split the "seguridad_data.selectAccess" in different methods instead of having one for every type of access. In this way it is possible to do only one query for the type "W" instead of having two.
|
| Tags | Performance |
|
| Attached Files |  patchIssue33081.diff [^] (7,626 bytes) 2016-05-30 17:51 [Show Content] [Hide Content]diff --git a/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java b/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
--- a/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
+++ b/src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
@@ -496,20 +496,27 @@
vars.setSessionValue("#CurrentAccessLevel", accessLevel);
if (type.equals("W")) {
return hasLevelAccess(vars, accessLevel)
- && SeguridadData.selectAccess(this, vars.getRole(), "TABLE", id).equals("0")
- && !SeguridadData.selectAccess(this, vars.getRole(), type, id).equals("0");
+ && !SeguridadData.selectAccessWindowAndTable(this, vars.getRole(), type, id)
+ .equals("0");
+ } else if (type.equals("X")) {
+ if (id.equals("800018")) {
+ return true;
+ }
+ return !SeguridadData.selectAccessForm(this, vars.getRole(), id).equals("0");
+ } else if (type.equals("P") || type.equals("R")) {
+ return !SeguridadData.selectAccessProcess(this, vars.getRole(), type, id).equals("0");
} else if (type.equals("S")) {
return !SeguridadData.selectAccessSearch(this, vars.getRole(), id).equals("0");
- } else if (type.equals("C"))
+ } else if (type.equals("C")) {
return true;
- else
- return hasLevelAccess(vars, accessLevel)
- && !SeguridadData.selectAccess(this, vars.getRole(), type, id).equals("0");
+ } else {
+ log4j.warn("The type of access you want to check does not exist.");
+ return false;
+ }
} catch (final Exception e) {
log4j.error("Error checking access: ", e);
return false;
}
-
}
/**
diff --git a/src/org/openbravo/base/secureApp/Seguridad_data.xsql b/src/org/openbravo/base/secureApp/Seguridad_data.xsql
--- a/src/org/openbravo/base/secureApp/Seguridad_data.xsql
+++ b/src/org/openbravo/base/secureApp/Seguridad_data.xsql
@@ -128,95 +128,90 @@
<Parameter name="type"/>
<Parameter name="id"/>
</SqlMethod>
-
- <SqlMethod name="selectAccess" type="preparedStatement" return="string">
+
+ <SqlMethod name="selectAccessWindowAndTable" type="preparedStatement" return="string">
<SqlMethodComment></SqlMethodComment>
<Sql><![CDATA[
- SELECT SUM(TOTAL) AS TOTAL
+ SELECT SUM(TOTAL) AS TOTAL
FROM (SELECT COUNT(*) AS TOTAL
- FROM AD_Process_Access
- WHERE AD_Role_ID = ?
- AND (TO_CHAR('P') = ? OR TO_CHAR('R') = ?)
- AND AD_Process_ID = ?
- AND IsActive = 'Y'
- UNION
- SELECT COUNT(*) AS TOTAL
- FROM AD_Form_Access
- WHERE AD_Role_ID = ?
- AND TO_CHAR('X') = ?
- AND AD_Form_ID = ?
- AND IsActive = 'Y'
- UNION
- SELECT COUNT(*) AS TOTAL
- FROM DUAL
- WHERE (to_char('800017') = ?
- OR to_char('800018') = ?)
- AND TO_CHAR('TABLE') <> TO_CHAR(?)
- UNION
- SELECT COUNT(*) AS TOTAL
- FROM AD_Window_Access
- WHERE AD_Role_ID = ?
+ FROM AD_Window_Access a, AD_Tab t
+ WHERE AD_Role_ID = ?
AND TO_CHAR('W') = ?
- AND AD_Window_ID = (SELECT AD_WINDOW_ID
- FROM AD_TAB
- WHERE AD_TAB_ID = ?)
- AND IsActive = 'Y'
- UNION
- SELECT COUNT(*) AS TOTAL
+ AND a.AD_Window_ID = t.AD_Window_ID
+ AND t.AD_Tab_ID = ?
+ AND a.IsActive = 'Y'
+ UNION
+ SELECT COUNT(*) AS TOTAL
FROM AD_Table_Access t, AD_Tab tb
WHERE t.AD_Table_ID = tb.AD_Table_ID
AND t.AD_Role_ID = ?
AND TO_CHAR('TABLE') = ?
AND tb.AD_Tab_ID = ?
AND t.IsActive = 'Y'
- AND t.IsExclude = 'Y'
- UNION
- SELECT COUNT(*) AS TOTAL
- FROM AD_Process_Access A,
- AD_Process P
- WHERE AD_Role_ID = ?
- AND TO_CHAR('P') = TO_CHAR(?)
- AND A.AD_Process_ID = ?
- AND P.AD_Process_ID = A.AD_Process_ID
- AND A.IsActive = 'Y'
- AND P.IsExternalService = 'Y'
- UNION
- SELECT 1 AS TOTAL
- FROM AD_Process
- WHERE TO_CHAR('P') = TO_CHAR(?)
- AND AD_Process_ID = ?
- AND IsActive = 'Y'
- AND IsExternalService != 'Y') TOTAL
-
+ AND t.IsExclude = 'Y') TOTAL
]]></Sql>
<Parameter name="role"/>
<Parameter name="type"/>
- <Parameter name="type"/>
- <Parameter name="id"/>
-
- <Parameter name="role"/>
- <Parameter name="type"/>
- <Parameter name="id"/>
-
- <Parameter name="id"/>
- <Parameter name="id"/>
- <Parameter name="type"/>
-
- <Parameter name="role"/>
- <Parameter name="type"/>
<Parameter name="id"/>
<Parameter name="role"/>
<Parameter name="type"/>
<Parameter name="id"/>
-
+ </SqlMethod>
+
+ <SqlMethod name="selectAccessForm" type="preparedStatement" return="string">
+ <SqlMethodComment></SqlMethodComment>
+ <Sql><![CDATA[
+ SELECT COUNT(*) AS TOTAL
+ FROM AD_Form_Access
+ WHERE AD_Role_ID = ?
+ AND AD_Form_ID = ?
+ AND IsActive = 'Y'
+ ]]></Sql>
<Parameter name="role"/>
- <Parameter name="type"/>
<Parameter name="id"/>
-
- <Parameter name="type"/>
- <Parameter name="id"/>
- </SqlMethod>
+ </SqlMethod>
+
+ <SqlMethod name="selectAccessProcess" type="preparedStatement" return="string">
+ <SqlMethodComment></SqlMethodComment>
+ <Sql><![CDATA[
+ SELECT SUM(TOTAL) AS TOTAL
+ FROM (SELECT COUNT(*) AS TOTAL
+ FROM AD_Process_Access
+ WHERE AD_Role_ID = ?
+ AND (TO_CHAR('P') = ? OR TO_CHAR('R') = ?)
+ AND AD_Process_ID = ?
+ AND IsActive = 'Y'
+ UNION
+ SELECT COUNT(*) AS TOTAL
+ FROM AD_Process_Access A,
+ AD_Process P
+ WHERE AD_Role_ID = ?
+ AND TO_CHAR('P') = TO_CHAR(?)
+ AND A.AD_Process_ID = ?
+ AND P.AD_Process_ID = A.AD_Process_ID
+ AND A.IsActive = 'Y'
+ AND P.IsExternalService = 'Y'
+ UNION
+ SELECT 1 AS TOTAL
+ FROM AD_Process
+ WHERE TO_CHAR('P') = TO_CHAR(?)
+ AND AD_Process_ID = ?
+ AND IsActive = 'Y'
+ AND IsExternalService != 'Y') TOTAL
+ ]]></Sql>
+ <Parameter name="role"/>
+ <Parameter name="type"/>
+ <Parameter name="type"/>
+ <Parameter name="id"/>
+
+ <Parameter name="role"/>
+ <Parameter name="type"/>
+ <Parameter name="id"/>
+
+ <Parameter name="type"/>
+ <Parameter name="id"/>
+ </SqlMethod>
<SqlMethod name="selectAccessSearch" type="preparedStatement" return="string">
<Sql><
Relationships [ Relation Graph ]
[ Dependency Graph ]
Relationships 