From 6cab3293c07749e65809c0460e301f011dff996b Mon Sep 17 00:00:00 2001 From: nipunnadeen Date: Thu, 27 Feb 2020 20:25:57 +0530 Subject: [PATCH] Improve the getApplication query to check the tenant --- .../dao/impl/application/GenericApplicationDAOImpl.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/dao/impl/application/GenericApplicationDAOImpl.java b/components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/dao/impl/application/GenericApplicationDAOImpl.java index 57fdd4021a1..b0d4f7f3815 100644 --- a/components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/dao/impl/application/GenericApplicationDAOImpl.java +++ b/components/application-mgt/org.wso2.carbon.device.application.mgt.core/src/main/java/org/wso2/carbon/device/application/mgt/core/dao/impl/application/GenericApplicationDAOImpl.java @@ -99,7 +99,6 @@ public class GenericApplicationDAOImpl extends AbstractDAOImpl implements Applic log.debug("Getting application data from the database"); log.debug(String.format("Filter: limit=%s, offset=%s", filter.getLimit(), filter.getOffset())); } - int paramIndex = 1; String sql = "SELECT " + "AP_APP.ID AS APP_ID, " + "AP_APP.NAME AS APP_NAME, " @@ -132,7 +131,7 @@ public class GenericApplicationDAOImpl extends AbstractDAOImpl implements Applic + "FROM AP_APP " + "INNER JOIN AP_APP_RELEASE ON " + "AP_APP.ID = AP_APP_RELEASE.AP_APP_ID " - + "INNER JOIN (SELECT ID FROM AP_APP LIMIT ? OFFSET ? ) AS app_data ON app_data.ID = AP_APP.ID " + + "INNER JOIN (SELECT ID FROM AP_APP WHERE AP_APP.TENANT_ID = ? LIMIT ? OFFSET ? ) AS app_data ON app_data.ID = AP_APP.ID " + "WHERE AP_APP.TENANT_ID = ?"; if (filter == null) { @@ -183,8 +182,9 @@ public class GenericApplicationDAOImpl extends AbstractDAOImpl implements Applic try { Connection conn = this.getDBConnection(); - try (PreparedStatement stmt = conn.prepareStatement(sql); - ){ + try (PreparedStatement stmt = conn.prepareStatement(sql)){ + int paramIndex = 1; + stmt.setInt(paramIndex++, tenantId); if (filter.getLimit() != -1) { if (filter.getLimit() == 0) { stmt.setInt(paramIndex++, 100);