Hi,
I try a constraint but it doesn’t work. I have an entity named Client. A client has a relation one-to-many with Company and has a relation many-to-many with User. The table resulting is ClientUser.
I have a group that should restrict the user (which in turn also means the signed in user).
Group: The User should access only the companies associated with he:
Entity name: Company
Operation type: all
Check type: Check in database
Join clause: left join Client c left join ClientUser cu
Where clause: {E}.id = c.companyId and cu.secUserId = :session$userId and cu.clientId = c.id
This is the constraint I tried. I obtained this Error.
“Description: Object comparisons can only be used with OneToOneMappings. Other mapping comparisons must be done through query keys or direct attribute level comparisons.”
Hi,
The error is in the JPQL query. Probably you are trying to compare reference attribute with the ID attribute. It’s not allowed, you should compare either IDs or references.
Can you present how the attributes companyId, secUserId, clientId are defined in the entities’ source code?
@albudarov
Hi,
Thanks for your reply. Yes, it was a error in JPQL. I rewrite the query. Now it’s syntactically correct, but it doesn’t filter the company.
Entity name: Company
Operation type: all
Check type: Check in database
Join clause: left join Client cl left join ClientUser cu
Where clause: {E} = cl.companyId a and a = cu.clientId b and b.secUserId = :session$userId
The attributes secUserId, clientId are foreing keys on ClientUser. They are type UUID.
If you are using “left join” - then the where condition will be satisfied even if there are no matching rows on the right. This is why “it doesn’t filter the company”.
Try to use join clause as “, Client cl, ClientUser cu”.
@albudarov
Hi,
Thanks for your answer. I finally got with this query,
Entity name: Company
Operation type: all
Check type: Check in database
Join clause: ,Client cl ,ClientUser cu
Where clause: {E} = cl.companyId and cu.clientId= cl and cu.secUserId.id = :session$userId
But the filter only works if I give users “full-system” permissions. It happens to me with all the restrictions that I have programmed.
I have created a role that gives permissions to the allowed screens, to the tables involved and access to all the fields of these tables (all are allowed). To the role I have added the REST_API permissions and I have also given full-file-storage permissions. But it doesn’t work, just with the constraints it doesn’t display any information. Can you guide me? I have not seen anything in the Cuban documentation that can give me an idea of what I am doing wrong.