Merge "Fix sql injection vulnerability"

[portal.git] / ecomp-portal-BE-common / src / main / webapp / WEB-INF / fusion / orm / EP.hbm.xml

diff --git a/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml b/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml
index 5026421..e03c976 100644 (file)
--- a/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml
+++ b/ecomp-portal-BE-common/src/main/webapp/WEB-INF/fusion/orm/EP.hbm.xml
@@ -43,6 +43,29 @@
 <!-- Publishes mappings and queries specific to the ONAP Portal application. -->
 <hibernate-mapping package="org.onap.portalapp.portal.domain">
 
+       <!-- multilanguage -->
+       <class name="Language" table="fn_language">
+               <id name="languageId" column="language_id">
+                       <generator class="native">
+                               <param name="sequence"></param>
+                       </generator>
+               </id>
+               <property name="languageName" column="language_name" />
+               <property name="languageAlias" column="language_alias" />
+       </class>
+       
+       <class name="DisplayText" table="fn_display_text">
+               <id name="id" column="id">
+                       <generator class="native">
+                               <param name="sequence"></param>
+                       </generator>
+               </id>
+               
+               <property name="languageId" column="language_id" />
+               <property name="textId" column="text_id" />
+               <property name="label" column="text_label" />
+       </class>
+
        <!-- Widget class mapping details -->
        <class name="Widget" table="FN_WIDGET">
                <id name="id" column="WIDGET_ID">
@@ -206,6 +229,8 @@
                <property name="createdId" column="created_id" />
                <property name="modifiedId" column="modified_id" />
                <property name="timeZoneId" column="timezone" />
+               <property name="systemUser" column="is_system_user" type="yes_no"/>
+               <property name="languageId" column="language_id" />
 
                <set name="EPUserApps" table="FN_USER_ROLE" lazy="false" sort="natural"
                        inverse="true">
@@ -528,6 +553,25 @@
                </many-to-one>
        </class>
 
+       <!-- multilanguage -->
+       <query name="queryLanguage">
+               <![CDATA[
+                       from Language
+               ]]>
+       </query>
+       
+       <query name="displayText">
+               <![CDATA[
+                       from DisplayText where languageId = :language_id
+               ]]>
+       </query>
+       
+       <query name="queryLanguageByLanguageId">
+               <![CDATA[
+                       from Language where languageId = :language_id
+               ]]>
+       </query>
+
        <!-- show the current user plus related users -->
        <sql-query name="relatedUsers">
                <return-scalar column="org_user_id" type="java.lang.String" />
@@ -1117,7 +1161,7 @@ where fn_role.app_id = fn_app.app_id and fn_app.enabled='Y' and fn_role.active_y
        <sql-query name="getAppsAdmins">
                <return alias="adminUserApp" class="org.onap.portalapp.portal.domain.AdminUserApp" />   
        <![CDATA[
-       SELECT apps.APP_NAME, apps.APP_ID, user.USER_ID, user.FIRST_NAME, user.LAST_NAME, user.org_user_id FROM fn_user_role userrole INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID INNER JOIN fn_app apps ON apps.APP_ID = userrole.APP_ID  WHERE user.active_yn='Y' AND userrole.ROLE_ID = :accountAdminRoleId AND (apps.ENABLED = 'Y' OR apps.APP_ID=1)      
+       SELECT apps.APP_NAME, apps.APP_ID, user.USER_ID, user.FIRST_NAME, user.LAST_NAME, user.org_user_id FROM fn_user_role userrole INNER JOIN fn_user user ON user.USER_ID = userrole.USER_ID INNER JOIN fn_app apps ON apps.APP_ID = userrole.APP_ID  WHERE user.active_yn='Y' AND userrole.ROLE_ID = :accountAdminRoleId       
        ]]>
        </sql-query>
        
@@ -2505,4 +2549,36 @@ where fn_role.app_id = fn_app.app_id and fn_app.enabled='Y' and fn_role.active_y
                
                ]]>
        </sql-query>
+       
+       <sql-query name="getAllAdminAppsofTheUser">
+               <![CDATA[
+               select fa.app_id  from fn_user_role ur,fn_app fa where ur.user_id =:userId and ur.app_id=fa.app_id and ur.role_id= 999
+
+               ]]>
+    </sql-query>
+       <sql-query name="getAllAppsFunctionsOfUser">
+                       <![CDATA[
+                       select distinct ep.function_cd from fn_user_role fu, ep_app_role_function ep, ep_app_function ea, fn_app fa , fn_role fr
+                       where fu.role_id = ep.role_id 
+                       and fu.app_id = ep.app_id
+                       and fu.user_id =:userId
+                       and ea.function_cd = ep.function_cd
+            and ((fu.app_id = fa.app_id  and fa.enabled = 'Y' ) or (fa.app_id = 1))
+            and fr.role_id = fu.role_id and fr.active_yn='Y' 
+                   union
+            select distinct app_r_f.function_cd from ep_app_role_function app_r_f, ep_app_function a_f
+                       where role_id = 999
+                       and app_r_f.function_cd = a_f.function_cd
+                       and exists
+                       (
+                       select fa.app_id from fn_user fu, fn_user_role ur, fn_app fa where fu.user_id =:userId and fu.user_id = ur.user_id
+                       and ur.role_id = 999 and ur.app_id = fa.app_id and fa.enabled = 'Y'
+                       );
+                       ]]>
+       </sql-query>
+       <sql-query name="updateFnUser">
+               <![CDATA[
+                       UPDATE fn_user fu SET fu.language_id=:language_id WHERE fu.login_id=:login_id
+               ]]>
+       </sql-query>
 </hibernate-mapping>