Fixed bug 31580: code review improvements
authorVíctor Martínez Romanos <victor.martinez@openbravo.com>
Tue, 29 Dec 2015 11:32:34 +0100
changeset 28181 1817418c55af
parent 28180 217fb3a426fe
child 28182 f8951754dc84
Fixed bug 31580: code review improvements
Properly passing parameter to the HQL query
Force to check client+org when using admin mode
modules/org.openbravo.advpaymentmngt/src/org/openbravo/advpaymentmngt/utility/FIN_Utility.java
--- a/modules/org.openbravo.advpaymentmngt/src/org/openbravo/advpaymentmngt/utility/FIN_Utility.java	Tue Dec 01 16:44:30 2015 +0100
+++ b/modules/org.openbravo.advpaymentmngt/src/org/openbravo/advpaymentmngt/utility/FIN_Utility.java	Tue Dec 29 11:32:34 2015 +0100
@@ -1353,15 +1353,15 @@
 
     List<String> pdList = null;
 
-    OBContext.setAdminMode();
+    OBContext.setAdminMode(true);
     try {
       final StringBuilder whereClause = new StringBuilder();
       whereClause.append(" select pd." + FIN_PaymentDetail.PROPERTY_ID);
       whereClause.append(" from " + FIN_PaymentDetail.ENTITY_NAME + " as pd");
       whereClause.append(" left join pd." + FIN_PaymentDetail.PROPERTY_FINPAYMENTSCHEDULEDETAILLIST
           + " as psd");
-      whereClause.append(" where pd." + FIN_PaymentDetail.PROPERTY_FINPAYMENT + ".id = '"
-          + paymentId + "'");
+      whereClause
+          .append(" where pd." + FIN_PaymentDetail.PROPERTY_FINPAYMENT + ".id = :paymentId ");
       whereClause.append(" and pd." + FIN_PaymentDetail.PROPERTY_ACTIVE + " = true");
       whereClause.append(" order by psd."
           + FIN_PaymentScheduleDetail.PROPERTY_INVOICEPAYMENTSCHEDULE);
@@ -1369,6 +1369,7 @@
           + FIN_PaymentScheduleDetail.PROPERTY_ORDERPAYMENTSCHEDULE + ",'0')");
 
       Query query = OBDal.getInstance().getSession().createQuery(whereClause.toString());
+      query.setParameter("paymentId", paymentId);
       pdList = query.list();
 
     } finally {