search

owncloud / customgroups

Let users create their own custom groups
GNU Affero General Public License v3.0
8 stars 14 forks source link

Fix missing where clause in inGroupByUri() #611

Closed IljaN closed 10 months ago

IljaN commented 10 months ago

User was reported to be in every custom-group as soon as he was in one custom-group by the inGroupByUri method.

http://sqlfiddle.com/#!17/9097f7/1

Incorrect resulting query

SELECT user_id 
FROM oc_custom_group_member m, oc_custom_group g 
WHERE uri = 'GroupFG' AND user_id = 'userE';

Correct/Intended query

SELECT user_id 
FROM oc_custom_group_member m, oc_custom_group g 
WHERE g.group_id = m.group_id AND uri = 'GroupFG' AND user_id = 'userE';

Slightly-Offtopic: This should probably be refactored in to a LEFT JOIN?

sonarcloud[bot] commented 10 months ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

jvillafanez commented 10 months ago

I agree we should check the performance of other variations. I guess the current one is fine because we don't expect a massive usage, but the cross join is usually very expensive.

DeepDiver1975 commented 10 months ago

Why was no test added? @IljaN