Selecting multiple prefilters now always leads to: where [prefilter 1 query] AND [prefilter 2 query]. I would also very much like to have the possibility to make OR prefilters.
As far as security goes, I agree with Robert Jan's solution that locked/hidden prefilters should always be applied to the query and can only be combined with an AND-operator.
Another challenge is how to indicate that multiple active prefilters need to be combined with an OR- or AND-operator. Should this be determined by the user? For instance by being able to group multiple non-locked prefilters as 'or-prefilters'. Or should 'or-prefilters' always be predetermined, logical groups? In which case we could simply add an 'operator' field to prefilter groups in the SF.
I think making such a thing safe is not something that can be enforced trough the Software Factory.
You could require locked prefilters to be always true and then, on top of that, have one or multiple 'or-prefilters'. It would generate a query like this:
code:
select some_values from some_table t1 where locked_prefilter = 'true' and ( first_or_prefilter = 'true' or second_or_prefilter = 'true' );
But it is the responsibility of the developer to make sure that the 'or-prefilters' will not result in situations that show too much data.
We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.