Show attributes depending on user Jasperserver 8.0.0 - jasperserver

I have made the following query:
SELECT pa.attrvalue, pa.attrname
FROM jiprofileattribute pa, jiuser u
WHERE pa.principalobjectclass = 'com.jaspersoft.jasperserver.api.metadata.user.domain.impl.hibernate.RepoUser' AND pa.principalobjectid = u.id AND
ORDER BY pa.attrname
The problem is that it returns all the attributes of all the users, and I need them to be from the respective user, I am using the community jasperserver so using tenantid is not an option for me, is there any trick to achieve this?

Related

TYPO3: How to display Frontendgroup memberships in backend, felogin Extension

I have a TYPO3 v10 instance. The felogin Extension is installed to manage 4000 users in 100 usergroups, lots of tiny projects.
Is there a feature, a trick, an extension to answer this question, while working in the backend:
For a given frontenduser-group what are the feusers that belong to that group?
There does not seem to be a way to display this in the backend. At least not in the "List" module, after clicking on any frontendgroup-name, then working in any of the standard tabs "
General / Options / Access / Notes / Extended"
Right now I get along with SQL statements like
SELECT * FROM fe_users WHERE usergroup like '%261%';
but this is very inconvenient.
I have migrated the users and groups from one old TYPO3 instance to a newer one, and now I want to enable editors to cross-check and review group memberships themselves.
The Stackoverflow "Similar questions" text-analysis tool points out that my question is indeed similar to this one: Extbase fe_user findByUsergroup - but that question is 4 Years old, and perhaps there has been some progress?
I know of such "included" feature. The listview offers a "ref" (references) column which shows you all references to this group. this might help a bit. but contains pages, content elements... and user records in a mix.
Another option is the export a CSV of the website users with the "Groups, column enabled. This should give them all the data to review the group memberships.
If that is not enough, I would create an custom module to create such a view.
Meanwhile, as a workaround, I have used a nonstandard-SQL feature, the group_concat() function, to copy all frontendusernames of each group into the (empty) "description" field of the fe_groups table.
There they form a comma-separated list. A screenshot illustrates what my backend panel now looks like. See first line:
This method is only feasible of you are running a one-off migration, or if you can practice on a staging server first. You need to have absolute control over the TYPO3 database, and your bosses and editors shouldn't mind and like the final result. Also it overwrites what is in the description column.
Also, frontendusers who are in two or more groups will NOT get added to the csv-lists! Because their usergroupcolumn has values like 262,398 which cannot be INNER JOINed properly with fe_group.uid.
The key benefit of the group_concat() method is that a single SQL UPDATE statement (almost) solves the problem. No custom PHP programming needed.
/* works on mariadb:10.3 */
UPDATE
fe_groups g,
(
SELECT
usergroup,
GROUP_CONCAT(
u.username
ORDER BY
username SEPARATOR ', '
) AS 'usernames'
from
fe_users u
where
usergroup not like '%,%'
group by
usergroup
) AS user_lookup
SET
g.description = user_lookup.usernames
WHERE
user_lookup.usergroup = g.uid
and user_lookup.usergroup not like '%,%';
The code above does not work on mysql 5.7. There I had to try this instead:
/* works on mysql 5-7 */
SET
session group_concat_max_len = 15000;
create temporary table fe_groups_extrainfo
SELECT
usergroup,
GROUP_CONCAT(
u.username
ORDER BY
username SEPARATOR ', '
) AS 'usernames'
from
fe_users u
where
usergroup not like '%,% and uid > 9'
group by
usergroup
limit
0;
insert into
fe_groups_extrainfo
SELECT
usergroup,
GROUP_CONCAT(
u.username
ORDER BY
username SEPARATOR ', '
) AS 'usernames'
from
fe_users u
where
usergroup not like '%,%'
group by
usergroup;
update
fe_groups g
inner join fe_groups_extrainfo x on g.uid = x.usergroup
set
g.description = x.usernames;
Sorry it is not a single SQL Statement as the mariadb-SQL statement but still simpler as programming a custom TYPO3 extension with a complex backend module.
Update 09/2022:
It is essential to update the TYPO3 Reference Index after using this method (direct db-access with SQL-UPDATE statements).
typo3cms referenceindex:update
Otherwise the "Ref" column in the "List" module view would still show a "-" (meaning 0) users belong in this feuser-group. After updating the refindex the "[Ref]" column will then display the approximate count of feusers.

Row-level-security based on relation table data

I am getting into Supabase and to practice I am making a suuuper simplified website-builder.
However I am having troubles with the row-level-security policies.
I have three tables:
user → with users' information like first name, last name, etc.
website → all websites
user_website → Contains the information which website belongs to which person (since a website can be owned/editted by multiple users)
user
user_id
...
website
website_id
...
user_website
user_id
website_id
user_role
...
I didn't find any useful resource, because honestly I still lack the knowledge to know how to search properly for what I need.
I only found simple expressions like (uid() = user_id), but since the "permissions" are stored in another table, I don't know how to access that.
I used queries like the following but it didn't work as intended:
SELECT
*
FROM
user_website as uw
JOIN website as w
ON uw.website_id = w.website_id
WHERE
uw.user_id = auth.uid()
Help is much appreciated – thanks!
You could define a policy like that:
CREATE POLICY may_edit ON website
FOR UPDATE TO PUBLIC
USING (EXISTS
(SELECT 1 FROM user_website
WHERE user_website.website_id = website.website_id
AND user_website.user_id = uid()
)
);
Here, uid() is a function that returns your current user ID.
This policy will let everyone modify their own website.
I called a friend for help and he pointed out a section in the Supabase docs about "policies with joins" ... yet it still didn't work for me.
The reason was that the RLS-policy on the table website references the table user-website, which didn't allow users yet to access anything.
Solution
RLS-policy for select on website:
auth.uid() in (
select user_id from user_website
where website_id = website.website_id
)
RLS-policy for select on user-website:
auth.uid() = user_id

Do ampersands work for user input in reports?

I have a working query that goes something like this:
Base table ACCT, link to others (listagg/subqueries) and ensure matching year("rollyear") field. Then the final step is to say which year ACCT table is in.
SELECT
FROM table ACCT
FULL OUTER JOIN table TABLE2 on ACCT.id = TABLE2.id and ACCT.rollyear= TABLE2.rollyear
...
FULL JOIN table TABLE7 on ACCT.id = TABLE7.id and ACCT.rollyear= TABLE7.rollyear
where ACCT.rollyear = extract (year from sysdate) +1
I typically use the calendar year plus one. I've been playing with using ACCT.rollyear = &rollyear to get user input... The limitation/issue I have is getting that running using the "User Defined Reports" feature.
Am I using this feature correctly? Does that only work for SQL Queries and not reports? Ive seen videos/comments about Stored Procedures and using "Accept...." but my attempts to mimic give errors and I'm not sure I'm on the right track. Thanks for any advice.
Change your query to use a bind variable:
where ACCT.rollyear = :rollyear
Then in the 'Binds' section you will see a variable with that name:
When you run your query you'll then be prompted to supply the value:

Modifying existing Crystal Reports to include additional filters

I have an existing report that I didn't make. It is pretty complicated. It does not use the command function, so I cannot directly change the filters in the SQL code. I have reviewed several links that basically say that there is no way around this and that I will need to create a new command and redo the report. I would like to find a solution that doesn't involve me redoing the report.
My logic that I need is to only select subcontracts that only have one instance (regardless if approved or not), if they have two instances associated only choose the one that has been approved
This is the current backend Crystal SQL
SELECT columns
from several tables joins etc
WHERE subcontract = '12345'--parameter entry
AND company=1 --parameter entry
I would like to add this logic which works in a normal sql statement but since I can't modify Crystal's SQL I am stuck...
AND ((subcontract in (select subcontract from table
group by subcontract having count(*) = 1))
OR (subcontract in (select subcontract from table group by subcontract having count(*) > 1)
AND "approved = 'Y'))
I have looked at you the Select and Group Expert but I am just not getting there. Has anyone found some simple work-arounds?
Thanks!!!
edit: I already have a select expert that involves subcontract but I don't know how to add what I want to it since it is validation based and I am wanting to add a filter component to it..
(
if (IsNull({?BeginSub}) or Trim({?BeginSub})="") then
true
else
{subcontract} >= Trim({?BeginSub})
) and
(
if (IsNull({?BeginSub}) or Left(Trim({?BeginSub}),3) in ["","zzz"]) then
true
else
{subcontract} <= Trim({?EndSub})
)
Edit Update: I have found a way to get what I want in crystal reports but it throws an error when I run the report from my application. I create a command with the conditions that I want and then link to the other tables where command.subcontract=othertables.subcontract.
I found what I needed.. I added the following sql expression field,
(Select count(subcontracts) from subcontract table)
then I added the following to the select expert
if(({%SubContractCount} <>2) or ({%SubContractCount}>1 AND
approved = Y)) then true else false
Thank you!!

SugarCRM API Query - getting Access Denied?

I am running SugarCRM 6.5.x and using the SOAP API. What I am trying to achieve is lookup an Account by checking the value of a custom field with the company registration number like this:
get_entry_list(...
accounts.id in (select id_c from accounts_cstm join accounts on accounts_cstm.id_c = accounts.id where accounts_cstm.company_number__c = '12345678')
... )
I keep getting access denied errors and I don't understand why? If I run the query in phpmyadmin it works fine? How can I make this work for SugarCRM?
Support for subqueries like that in our Web Services API is removed as of Sugar 6.4, with certain exceptions; see this post for more details...
http://developer.sugarcrm.com/2012/03/19/howto-avoiding-subqueries-with-our-web-services/
For this one, you shouldn't need to do the subquery as the cstm is joined in automatically.
Are you sure that you opened a session and send the right parameters?
get_entry_list($session, $module_name, $query, $order_by,$offset, $select_fields, $link_name_to_fields_array, $max_results, $deleted )
Take a look at the API Description and search for "Call: get_entry_list()".
It's for 6.4 but shouldn't make any difference.