Constraints. Error: OneToOneMappings

Hi,
I try a constraint but it doesn’t work. I have an entity named Client. A client has a relation one-to-many with Company and has a relation many-to-many with User. The table resulting is ClientUser.

I have a group that should restrict the user (which in turn also means the signed in user).

Group: The User should access only the companies associated with he:
Entity name: Company
Operation type: all
Check type: Check in database
Join clause: left join Client c left join ClientUser cu
Where clause: {E}.id = c.companyId and cu.secUserId = :session$userId and cu.clientId = c.id

This is the constraint I tried. I obtained this Error.

“Description: Object comparisons can only be used with OneToOneMappings. Other mapping comparisons must be done through query keys or direct attribute level comparisons.”

Please, someone can I help me?

Hi,
The error is in the JPQL query. Probably you are trying to compare reference attribute with the ID attribute. It’s not allowed, you should compare either IDs or references.
Can you present how the attributes companyId, secUserId, clientId are defined in the entities’ source code?

@albudarov
Hi,
Thanks for your reply. Yes, it was a error in JPQL. I rewrite the query. Now it’s syntactically correct, but it doesn’t filter the company.

Entity name: Company
Operation type: all
Check type: Check in database
Join clause: left join Client cl left join ClientUser cu
Where clause: {E} = cl.companyId a and a = cu.clientId b and b.secUserId = :session$userId

The attributes secUserId, clientId are foreing keys on ClientUser. They are type UUID.

If you are using “left join” - then the where condition will be satisfied even if there are no matching rows on the right. This is why “it doesn’t filter the company”.

Try to use join clause as “, Client cl, ClientUser cu”.

@albudarov
Hi,
Thanks for your answer. I finally got with this query,
Entity name: Company
Operation type: all
Check type: Check in database
Join clause: ,Client cl ,ClientUser cu
Where clause: {E} = cl.companyId and cu.clientId= cl and cu.secUserId.id = :session$userId

But the filter only works if I give users “full-system” permissions. It happens to me with all the restrictions that I have programmed.
I have created a role that gives permissions to the allowed screens, to the tables involved and access to all the fields of these tables (all are allowed). To the role I have added the REST_API permissions and I have also given full-file-storage permissions. But it doesn’t work, just with the constraints it doesn’t display any information. Can you guide me? I have not seen anything in the Cuban documentation that can give me an idea of ​​what I am doing wrong.

You can debug SQL queries that are generated by the ORM.

Turn on the eclipselink.sql logger. You will see SQL statements and parameter values in the server log.
https://doc.cuba-platform.com/manual-7.2/logging_useful_loggers.html
https://doc.cuba-platform.com/manual-7.2/logging.html