Bug 31398 - RFE: LibreOffice Base should allow update/insert/drop query in sql-editor with hsqldb access controls
Summary: RFE: LibreOffice Base should allow update/insert/drop query in sql-editor wit...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Database (show other bugs)
Version: unspecified
Hardware: x86-64 (AMD64) All
: medium enhancement
Assignee: Not Assigned
QA Contact:
URL:
Whiteboard:
Keywords:
: 37599 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-11-04 17:04 UTC by collura
Modified: 2015-01-03 17:38 UTC (History)
5 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description collura 2010-11-04 17:04:38 UTC 
most people can figure out an sql command syntax to do what they need much 
easier than they can write a macro to do the same thing because of the requisite concepts of 'subroutine' and 'dimension' which most people dont know about and the different interface you need to work with to write a macro.

if we provide these types of query functions it would speed adoption of Base with a lot of smaller simpler project users and make others more productive to boot.  

0) we should probably control access rights directly not by limiting functionality of update/insert/drop functions in sql-editor.


----if a non-destructive query is considered a requirement such that update/insert/drop are not acceptable then the macro for these queries should be made simpler to access/setup.




----the problem with adding destructive queries to the sql editor is presumably that it concerns adminsitrators because it makes potential tinkering damage by random users more likely.  




so the real problem to be tackled should be not IF to add the update/add/remove functionality but HOW to add the add/update/remove query functionality to sql editor while limiting any pottential misuse.  



so maybe the most productive place to put that access control would be to pull it from the permission structure of the hsqldb/mysql/postgresql database instead of limiting the functionality of the Base database.



http://hsqldb.org/doc/2.0/guide/accesscontrol-chapt.html



     "Access Rights



     By default, the objects in a schema can only be accessed by the schema owner. 

     But the schema owner can grant privileges (access rights) on the objects 

     to other users or roles.



     Things can get far more complex, because the grant of privileges 

     can be made WITH GRANT OPTION. In this case, the role or user that has been granted 

     the privilege can grant the privilege to other roles and users.



     Privileges can also be revoked from users or roles.



     The statements for granting and revoking privileges normally specify which privileges 

     are granted or revoked. However, there is a shortcut, ALL PRIVILEGES, which means all 

     the privileges that the <grantor> has on the schema object. The <grantor> is normally 

     the CURRENT_USER of the session that issues the statement.



     The user or role that is granted privileges is referred to as <grantee> for 

     the granted privileges."



     ...



     "The INSERT privilege designates the columns into which explicit values can be inserted. 

     To be able to insert a row into the table, the user must therefore have the INSERT privilege

     on the table, or at least all the columns that do not have a default value."




so access rights are part of hsqldb and if we apply them we dont have to limit functionality.





1) further to make it easy to access maybe we should add an "access controls" functionality group to the base gui: 

(tables, queries, forms, reports) ---> (tables, queries, forms, reports, accesscontrols)



or add "access controls" as an item to the secondaryclick menu for tables, queries, forms, reports icons in the Base gui.





example of desired use of update/insert/delete is:

   -- a 'reset field' button which activates an update query changing values in some particular field which have some particular value and changing that value to some other particular value



   -- an 'add record' button that takes inforamtion entered in display fields and adds a record for them in the database



   -- a 'delete record' button that removes a record from the database






2) test of update query:


version:

LibreOffice 3.3.0 

OOO330m9 (Build:1)

libreoffice-build 3.2.99.2


test file done on mswindows-os


make a table: 

Table1.key, integer, autonumber, primary key

Table1.fld-flag, boolean

Table1.fld-desc, string

Table1.fld-int, integer



populate the table:

(auto number didnt seem to work in key when enter in table view so entered number manually)

key,    fld-flag,     fld-desc,     fld-int

1,      No,           one,            1 

2,      YES,          two,            2 

3,      YES,          three,          3

4,      No,           four,           4





when run as query fails: 

     UPDATE "Table1" set "Table1"."fld-flag" = False where "Table1"."fld-flag" = True;



(error was: "LibraOffice Base: The data content could not be loaded.  Statement does not generate a result set.")





when run same sql code as tools-sql-execute_command it succeeds ("Command successfully executed."):

     UPDATE "Table1" set "Table1"."fld-flag" = False where "Table1"."fld-flag" = True;





which is comfirmed by running query as:

     SELECT "fld-flag", "fld-desc", "fld-int" FROM "Table1" WHERE "fld-flag" = True



which correctly returns empty since none were true:



key,    fld-flag,     fld-desc,     fld-int

1,      No,           one,            1 

2,      NO,           two,            2 

3,      NO,           three,          3

4,      No,           four,           4



if go back in to table view to try to edit boolean flags to true get an error:



'File input/output error: C:\Program Files\Office\New Database1.odb.log in statement 

[UPDATE "Table1" SET "fld-flag" = ? WHERE "ID-key" = ?] '



but if then exit base and then restart base and reopen the file then there is no problem editing the values in the table view. 

this data edit error was not reproduceable.
Comment 1 Alex Thurgood 2011-05-26 01:52:25 UTC 
*** Bug 37599 has been marked as a duplicate of this bug. ***
Comment 2 Björn Michaelsen 2011-12-23 11:35:40 UTC 
[This is an automated message.]
This bug was filed before the changes to Bugzilla on 2011-10-16. Thus it
started right out as NEW without ever being explicitly confirmed. The bug is
changed to state NEEDINFO for this reason. To move this bug from NEEDINFO back
to NEW please check if the bug still persists with the 3.5.0 beta1 or beta2 prereleases.
Details on how to test the 3.5.0 beta1 can be found at:
http://wiki.documentfoundation.org/QA/BugHunting_Session_3.5.0.-1

more detail on this bulk operation: http://nabble.documentfoundation.org/RFC-Operation-Spamzilla-tp3607474p3607474.html
Comment 3 collura 2011-12-26 00:33:40 UTC 
hi, yes it still seems to be there as of

  3.5.0beta2 
  Build ID: 8589e48-760cc4d-f39cf3d-1b2857e-60db978

where trying to run the test in section2 of original comment 
as update query still gives: 

  The data content could not be loaded.

  SQL Status: 00000
  Error code: -155

  Statement does not generate a result set

  The SQL command leading to this error is:

  UPDATE "Table1" SET "Table1"."fld-flag" = FALSE WHERE "Table1"."fld-flag" = TRUE;

while running the same sql code through the tools-sql-execute produces the change and gives no errors.

setting status to 'unconfirmed' to clear the 'needinfo' flag.
Comment 4 collura 2011-12-26 00:36:54 UTC 
sorry misread, setting status from 'unconfirmed' to 'new' to clear the 'needinfo' flag.
Comment 5 collura 2012-06-12 02:40:55 UTC 
status is still the same as in comment#3 as of 

  LibreOffice 3.5.4.2 
  Build ID: 350m1(Build:2)

(as in fedora package libreoffice-base-1:3.5.4.2-1.fc17.x86_64)
Comment 6 QA Administrators 2014-10-23 17:32:27 UTC 
Please read this message in its entirety before responding.

Your bug was confirmed at least 1 year ago and has not had any activity on it for over a year. Your bug is still set to NEW which means that it is open and confirmed. It would be nice to have the bug confirmed on a newer version than the version reported in the original report to know that the bug is still present -- sometimes a bug is inadvertently fixed over time and just never closed.

If you have time please do the following:
1) Test to see if the bug is still present on a currently supported version of LibreOffice (preferably 4.2 or newer).
2) If it is present please leave a comment telling us what version of LibreOffice and your operating system.
3) If it is NOT present please set the bug to RESOLVED-WORKSFORME and leave a short comment telling us your version and Operating System

Please DO NOT
1) Update the version field
2) Reply via email (please reply directly on the bug tracker)
3) Set the bug to RESOLVED - FIXED (this status has a particular meaning that is not appropriate in this case)

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 
LibreOffice is powered by a team of volunteers, every bug is confirmed (triaged) by human beings who mostly give their time for free. We invite you to join our triaging by checking out this link:
https://wiki.documentfoundation.org/QA/BugTriage

There are also other ways to get involved including with marketing, UX, documentation, and of course developing -  http://www.libreoffice.org/get-help/mailing-lists/. 

Lastly, good bug reports help tremendously in making the process go smoother, please always provide reproducible steps (even if it seems easy) and attach any and all relevant material
Comment 7 ribotb 2014-10-24 11:19:35 UTC 
Hi,

With Version: 4.3.3.1
Build ID: 7d55112667c8fcddb67bc3803796b46c93aa56b0
under Win7/x86

I create and populate Table1.
I execute query: UPDATE "Table1" set "Table1"."fld-flag" = False where "Table1"."fld-flag" = True;
- in Tools > SQL: "Command successfully executed" and result is good;
- in Query > Create a SQL Query: "Syntax error".

Bernard
Comment 8 Alex Thurgood 2015-01-03 17:38:53 UTC 
Adding self to CC if not already on

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.