• Replies 2 replies
  • Subscribers 13 subscribers
  • Views 4191 views
  • Users 0 members are here
Options
Related

ApplySQL Previleges Issue

nchagan
Offline

Hello All,

I have a method that uses ApplySQL which works just fine for the user that have administrative privileges. However, for non-admin users the method does not work and error out. Learned that this is because of the function ApplySQL, so trying to find alternatives for this function call which could be ApplyAML().

Need some help changing the below sql query that is being passed to ApplySQL to convert into AML so it can be passed to ApplyAML.

ApplySQL():


  1) var sql = "select a from [b] where c = '{d}'";
  2) var res = document.thisItem.getInnovator().applySQL(sql.replace("{d}", variable));

I came up with this code for ApplyAML() which does not work.

ApplyAML():

 1) var doc = innovator.newItem();
 2) doc.loadAML("<Item type='b' action='get' select='a'>" +
                "<c condition='like'>'%{d}%'</c>" +   "</Item>");   
 3) var res = doc.apply();

The method is a client-side java script.

Thanks

  • I wonder if applySQL in a JS Method will work at all. It definitely makes sense that Innovator will restrict direct SQL inside a client Method.

    But there are also other factors that can restrict Method execution. Which Innovator version are you using? Innovator 12 or 11?

    In Innovator 12 Aras changed default Method "can execute" to "Administrators". You have to change this property to a appropriate user group (not "World" !!). 

    Instead of using loadAML, I would use a simpler structure for the query that basically does the same. 

    var inn = new Innovator();
    var doc = inn.newItem("MyDoc", "get");
    doc.setAttribute("select", "id,"); 
    doc.setPropertyCondition("xyz","like");
    doc.setProperty("xyz","%abc%");
    doc = doc.apply();

  • Offline

    Hi,

    If you need to use applySQL, you can do it on server side only like this:
    var superidentity = Aras.Server.Security.Identity.GetByName("Administrators");
    bool permissionWasSet = Aras.Server.Security.Permissions.GrantIdentity(superidentity);

    var sql= "your sql order here";
    var updateReturn = innovator.applySQL(sql);
    if (permissionWasSet) {
    Aras.Server.Security.Permissions.RevokeIdentity(superidentity);
    }

    If you need to do it in javascript, you will have to call the server method from the javascript.