dhis2-devs team mailing list archive

Thread
Date

Re: [Dhis2-users] DHIS2 users list from SQL View

To: Jason Pickering <jason.p.pickering@xxxxxxxxx>
From: "Raminosoa Rabemanantsoa, Tantely" <traminosoa@xxxxxxxxxx>
Date: Tue, 11 Apr 2017 16:46:31 +0300
Cc: DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>, Harivola RANDRIANJAFY <harivolar@xxxxxx>, DHIS 2 Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CADsNmhuFO6r7R6b6jGYrSiP0K+38Om2O9AAJvO6QH17iU4QNKA@mail.gmail.com>

Hi Jason,

If I would like to bypass this SQL scripts and use the Web API as you
already proposed, how could we write the Web API in order to pull out a
list of the following informations from the users:

username,surname, firstname, email, phonenumber, lastlogin, created,
disabled, user role, user orgunits

Regards,

Tantely.

On Tue, Apr 11, 2017 at 4:29 PM, Jason Pickering <
jason.p.pickering@xxxxxxxxx> wrote:

> Hi there.
> We have had enough security problems lately, It may not be a good idea to
> encourage even more of them.
>
> This is a "good" way around the security attempts which have put in place,
> but its a very bad idea to have this table as an SQL view. This was the
> entire reason of why we attempted to protect it from direct access via SQL
> views, but, the regular expression which does this does not catch the use
> of the schema name. We will fix it
>
> Of course, its easy enough to dump the password hash out with a small
> change to the SQL view, but you would probably not want to do this.
>
> See below for an example with a  small modification to your SQL view.
>
>
> Regards,
> Jason
>
>
>
>
>    - "admin",
>    - "$2a$10$wjLPViry3bkYEcjwGRqnYO1bT2Kl.ZY0kO.fwFDfMX53hitfx5.3C",
>    - "Traore",
>    - "John",
>    - "someone@xxxxxxxxx",
>    - "",
>    - "2017-04-11 13:24:55.914",
>    - "2013-04-18 17:15:08.401",
>    - "false",
>    - "MNCH / PNC (Adult Woman) program",
>    - "ZyjSDLHGPv4"
>
>
> On Tue, Apr 11, 2017 at 3:01 PM, Raminosoa Rabemanantsoa, Tantely <
> traminosoa@xxxxxxxxxx> wrote:
>
>> Hi Harivola,
>>
>> Thank you very much for the SQL scripts querying the users information.
>> The syntax is accepted by SQL View, but I am a bit encountering a blank
>> result as illustrated by the attached file. I am wondering where I am doing
>> wrong?
>>
>> Thank you for your help!
>>
>> Regards,
>>
>> Tantely.
>>
>>
>>
>> On Tue, Apr 11, 2017 at 3:38 PM, Harivola RANDRIANJAFY <harivolar@xxxxxx>
>> wrote:
>>
>>> Tantely,
>>>
>>>
>>>
>>> Below the SQL View :
>>>
>>>
>>>
>>> SELECT
>>>
>>> "public".users.username,
>>>
>>> "public".userinfo.surname,
>>>
>>> "public".userinfo.firstname,
>>>
>>> "public".userinfo.email,
>>>
>>> "public".userinfo.phonenumber,
>>>
>>> "public".users.lastlogin,
>>>
>>> "public".users.created,
>>>
>>> "public".users.disabled,
>>>
>>> "public".userrole."name",
>>>
>>> "public".users.uid
>>>
>>> FROM
>>>
>>> "public".users
>>>
>>> INNER JOIN "public".userinfo ON "public".users.userid =
>>> "public".userinfo.userinfoid
>>>
>>> INNER JOIN "public".userrole ON "public".userrole.userid =
>>> "public".userinfo.userinfoid
>>>
>>>
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Harivola
>>>
>>>
>>>
>>> *De :* Dhis2-users [mailto:dhis2-users-bounces+harivolar=
>>> psi.mg@xxxxxxxxxxxxxxxxxxx] *De la part de* Raminosoa Rabemanantsoa,
>>> Tantely
>>> *Envoyé :* lundi 10 avril 2017 17:19
>>> *À :* DHIS 2 Users list <dhis2-users@xxxxxxxxxxxxxxxxxxx>; DHIS 2
>>> Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
>>> *Objet :* [Dhis2-users] DHIS2 users list from SQL View
>>>
>>>
>>>
>>> Dear Community,
>>>
>>>
>>>
>>> I would like to output from SQL View a list of all DHIS2 users by using
>>> headers like the information listed by the users details information, like
>>> illustrated by the image below (inside red ellipse).
>>>
>>>
>>>
>>>
>>> 
>>>
>>>
>>>
>>> I am using DHIS2 2.24. I would like to check the users table fields but
>>> I could not output any information from the following query
>>>
>>>
>>>
>>> select * from users;
>>>
>>>
>>>
>>> as trhere are some protected info.
>>>
>>>
>>>
>>> My question is in which fields should I base the SQL query to output
>>> such information?
>>>
>>>
>>>
>>> Thank you for your support,
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Tantely
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *This message and its attachments are confidential and solely for the
>>> intended recipients. If received in error, please delete them and notify
>>> the sender via reply e-mail immediately.*
>>>
>>>
>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Garanti
>>> sans virus. www.avast.com
>>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>>
>>
>>
>> *This message and its attachments are confidential and solely for the
>> intended recipients. If received in error, please delete them and notify
>> the sender via reply e-mail immediately.*
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
>
> --
> Jason P. Pickering
> email: jason.p.pickering@xxxxxxxxx
> tel:+46764147049 <+46%2076%20414%2070%2049>
>

-- 
*This message and its attachments are confidential and solely for the 
intended recipients. If received in error, please delete them and notify 
the sender via reply e-mail immediately.*

Follow ups

Re: [Dhis2-users] DHIS2 users list from SQL View
From: Jason Pickering, 2017-04-11

References

DHIS2 users list from SQL View
From: Raminosoa Rabemanantsoa, Tantely, 2017-04-10
Re: [Dhis2-users] DHIS2 users list from SQL View
From: Harivola RANDRIANJAFY, 2017-04-11
Re: [Dhis2-users] DHIS2 users list from SQL View
From: Raminosoa Rabemanantsoa, Tantely, 2017-04-11
Re: [Dhis2-users] DHIS2 users list from SQL View
From: Jason Pickering, 2017-04-11