# HG changeset patch # User Ranjith S R # Date 1567597887 -19800 # Wed Sep 04 17:21:27 2019 +0530 # Node ID ebe40aa069f28494043dce87e6a2fda0960ad15e # Parent 23ebec17599c160ad8a2f2b934696e3f3e8d44d9 Related to issue 41273: IncludeAllProducts.execute is not using bind-params diff -r 23ebec17599c -r ebe40aa069f2 src/org/openbravo/retail/config/process/IncludeAllProducts.java --- a/src/org/openbravo/retail/config/process/IncludeAllProducts.java Thu Aug 22 05:42:24 2019 +0000 +++ b/src/org/openbravo/retail/config/process/IncludeAllProducts.java Wed Sep 04 17:21:27 2019 +0530 @@ -1,6 +1,6 @@ /* ************************************************************************************ - * Copyright (C) 2012-2018 Openbravo S.L.U. + * Copyright (C) 2012-2019 Openbravo S.L.U. * Licensed under the Openbravo Commercial License version 1.0 * You may obtain a copy of the License at http://www.openbravo.com/legal/obcl.html * or in the legal folder of this module distribution. @@ -9,9 +9,6 @@ package org.openbravo.retail.config.process; -import java.util.HashMap; -import java.util.Map; - import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.hibernate.ScrollMode; @@ -22,7 +19,6 @@ import org.openbravo.dal.service.OBQuery; import org.openbravo.erpCommon.utility.OBError; import org.openbravo.erpCommon.utility.OBMessageUtils; -import org.openbravo.erpCommon.utility.Utility; import org.openbravo.model.common.plm.Product; import org.openbravo.retail.config.OBRETCOProductList; import org.openbravo.retail.config.OBRETCOProlProduct; @@ -46,22 +42,17 @@ final String recordID = (String) bundle.getParams().get("Obretco_Productlist_ID"); OBRETCOProductList productList = OBDal.getInstance().get(OBRETCOProductList.class, recordID); - final StringBuilder whereClause = new StringBuilder(); - final Map parameters = new HashMap<>(1); - whereClause.append(" as p "); - whereClause.append(" where not exists (select 1 from OBRETCO_Prol_Product as retpro "); - whereClause.append( - "where retpro.product.id = p.id and retpro.obretcoProductlist.id = :productList) "); - whereClause.append("and p.sale = 'Y' and p.isGeneric = 'N' "); - whereClause.append("and p.organization.id in ("); - whereClause.append(Utility.getInStrSet(OBContext.getOBContext() - .getOrganizationStructureProvider() - .getNaturalTree(productList.getOrganization().getId()))); - whereClause.append(")"); - parameters.put("productList", productList.getId()); - final OBQuery obq = OBDal.getInstance() - .createQuery(Product.class, whereClause.toString(), parameters); + String query = "as p where p.sale = 'Y' and p.isGeneric = 'N' and " + + "p.organization.id in (:orgList) and not exists (select 1 from OBRETCO_Prol_Product as retpro " + + "where retpro.product.id = p.id and retpro.obretcoProductlist.id = :productList)"; + + final OBQuery obq = OBDal.getInstance().createQuery(Product.class, query); obq.setFilterOnReadableOrganization(false); + obq.setNamedParameter("productList", productList.getId()); + obq.setNamedParameter("orgList", + OBContext.getOBContext() + .getOrganizationStructureProvider() + .getNaturalTree(productList.getOrganization().getId())); final ScrollableResults productScroll = obq.scroll(ScrollMode.FORWARD_ONLY); int i = 0;