Hi Jason, If I would like to bypass this SQL scripts and use the Web API as you already proposed, how could we write the Web API in order to pull out a list of the following informations from the users:
username,surname, firstname, email, phonenumber, lastlogin, created, disabled, user role, user orgunits Regards, Tantely. On Tue, Apr 11, 2017 at 4:29 PM, Jason Pickering < jason.p.picker...@gmail.com> wrote: > Hi there. > We have had enough security problems lately, It may not be a good idea to > encourage even more of them. > > This is a "good" way around the security attempts which have put in place, > but its a very bad idea to have this table as an SQL view. This was the > entire reason of why we attempted to protect it from direct access via SQL > views, but, the regular expression which does this does not catch the use > of the schema name. We will fix it > > Of course, its easy enough to dump the password hash out with a small > change to the SQL view, but you would probably not want to do this. > > See below for an example with a small modification to your SQL view. > > > Regards, > Jason > > > > > - "admin", > - "$2a$10$wjLPViry3bkYEcjwGRqnYO1bT2Kl.ZY0kO.fwFDfMX53hitfx5.3C", > - "Traore", > - "John", > - "some...@dhis2.org", > - "", > - "2017-04-11 13:24:55.914", > - "2013-04-18 17:15:08.401", > - "false", > - "MNCH / PNC (Adult Woman) program", > - "ZyjSDLHGPv4" > > > On Tue, Apr 11, 2017 at 3:01 PM, Raminosoa Rabemanantsoa, Tantely < > tramino...@mikolo.org> wrote: > >> Hi Harivola, >> >> Thank you very much for the SQL scripts querying the users information. >> The syntax is accepted by SQL View, but I am a bit encountering a blank >> result as illustrated by the attached file. I am wondering where I am doing >> wrong? >> >> Thank you for your help! >> >> Regards, >> >> Tantely. >> >> >> >> On Tue, Apr 11, 2017 at 3:38 PM, Harivola RANDRIANJAFY <harivo...@psi.mg> >> wrote: >> >>> Tantely, >>> >>> >>> >>> Below the SQL View : >>> >>> >>> >>> SELECT >>> >>> "public".users.username, >>> >>> "public".userinfo.surname, >>> >>> "public".userinfo.firstname, >>> >>> "public".userinfo.email, >>> >>> "public".userinfo.phonenumber, >>> >>> "public".users.lastlogin, >>> >>> "public".users.created, >>> >>> "public".users.disabled, >>> >>> "public".userrole."name", >>> >>> "public".users.uid >>> >>> FROM >>> >>> "public".users >>> >>> INNER JOIN "public".userinfo ON "public".users.userid = >>> "public".userinfo.userinfoid >>> >>> INNER JOIN "public".userrole ON "public".userrole.userid = >>> "public".userinfo.userinfoid >>> >>> >>> >>> >>> >>> Thanks, >>> >>> Harivola >>> >>> >>> >>> *De :* Dhis2-users [mailto:dhis2-users-bounces+harivolar= >>> psi...@lists.launchpad.net] *De la part de* Raminosoa Rabemanantsoa, >>> Tantely >>> *Envoyé :* lundi 10 avril 2017 17:19 >>> *À :* DHIS 2 Users list <dhis2-us...@lists.launchpad.net>; DHIS 2 >>> Developers list <dhis2-devs@lists.launchpad.net> >>> *Objet :* [Dhis2-users] DHIS2 users list from SQL View >>> >>> >>> >>> Dear Community, >>> >>> >>> >>> I would like to output from SQL View a list of all DHIS2 users by using >>> headers like the information listed by the users details information, like >>> illustrated by the image below (inside red ellipse). >>> >>> >>> >>> >>> >>> >>> >>> >>> I am using DHIS2 2.24. I would like to check the users table fields but >>> I could not output any information from the following query >>> >>> >>> >>> select * from users; >>> >>> >>> >>> as trhere are some protected info. >>> >>> >>> >>> My question is in which fields should I base the SQL query to output >>> such information? >>> >>> >>> >>> Thank you for your support, >>> >>> >>> >>> Regards, >>> >>> >>> >>> Tantely >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> *This message and its attachments are confidential and solely for the >>> intended recipients. If received in error, please delete them and notify >>> the sender via reply e-mail immediately.* >>> >>> >>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> >>> Garanti >>> sans virus. www.avast.com >>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> >>> >> >> >> *This message and its attachments are confidential and solely for the >> intended recipients. If received in error, please delete them and notify >> the sender via reply e-mail immediately.* >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~dhis2-devs >> Post to : dhis2-devs@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~dhis2-devs >> More help : https://help.launchpad.net/ListHelp >> >> > > > -- > Jason P. Pickering > email: jason.p.picker...@gmail.com > tel:+46764147049 <+46%2076%20414%2070%2049> > -- *This message and its attachments are confidential and solely for the intended recipients. If received in error, please delete them and notify the sender via reply e-mail immediately.*
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp
