Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steal the Show with ApEx Oracle Open World, November 13, 2007 Bill Holtzman National Air Traffic Controllers Association.

Similar presentations


Presentation on theme: "Steal the Show with ApEx Oracle Open World, November 13, 2007 Bill Holtzman National Air Traffic Controllers Association."— Presentation transcript:

1 Steal the Show with ApEx Oracle Open World, November 13, 2007 Bill Holtzman National Air Traffic Controllers Association

2 November 13, 2007 Steal the Show with ApEx 2 NATCA National Air Traffic Controllers Association 15,000 members 400 locations Employees of the Federal Aviation Administration

3 November 13, 2007 Steal the Show with ApEx 3 Grievance A complaint against the employer by an employee or the union Over 200,000 active grievances Requirements akin to legal case

4 November 13, 2007 Steal the Show with ApEx 4 G.A.T.S.

5 November 13, 2007 Steal the Show with ApEx 5 Wizards

6 November 13, 2007 Steal the Show with ApEx 6 Graphical query builder

7 November 13, 2007 Steal the Show with ApEx 7 SQL report: Region Source

8 November 13, 2007 Steal the Show with ApEx 8 SQL report: Attributes

9 November 13, 2007 Steal the Show with ApEx 9 Automated report link

10 November 13, 2007 Steal the Show with ApEx 10 Manual report link: link||text Manual link enables concatenation with plain text 06-ZDC

11 November 13, 2007 Steal the Show with ApEx 11 Manual link: Javascript Manual link with Javascript enables custom pop-ups ' ' || g.topic || ' ' “Grievance Regarding (View/Print)" Article 34 Working Hours At runtime, this becomes:

12 November 13, 2007 Steal the Show with ApEx 12 Use of conditional || Decode and case enable conditional || with images, text select decode(g.status_id, 1, decode(g.date_sub, null, trunc(g.u_action) - trunc(sysdate) || ' ' || case when (g.u_action - sysdate) > 7 then ' ' when (g.u_action - sysdate) > 3 then ' ' when (g.u_action - sysdate) > 0 then ' ' else ' ' end, to_char(g.date_sub, 'MM/DD/YY')), 'Closed') "DATE_SUB" from grievance g

13 November 13, 2007 Steal the Show with ApEx 13 SQL generated by PLSQL SQL Report Region could not enable optional sorting of composite columns Use of PLSQL-generated SQL enables finer control over the report source query, enhancing performance

14 November 13, 2007 Steal the Show with ApEx 14 Converting a report to PLSQL declare p_sql varchar2(32767); begin p_sql := q'! select grid from grievance !'; return p_sql; end; Note: 10g quoting syntax

15 November 13, 2007 Steal the Show with ApEx 15 Adding conditions declare p_sql varchar2(32767); begin p_sql := q'! select g.GRID, !'; p_sql := p_sql || q'! ' ' || g.topic || ' ' || gr_groupid(g.grid) "Topic“ !'; p_sql := p_sql || q'! from GRIEVANCE g, gr_status_lookup p, gr_bu b where g.gr_status = 3 and g.status_id = p.id !'; if :P35_FAANUM is not null then p_sql := p_sql || q'! and lower(g.faanum) like '%' || lower($P35_FAANUM) || '%' !'; end if; return replace(p_sql,'$',':'); end;

16 November 13, 2007 Steal the Show with ApEx 16 Composite sorting declare p_sql varchar2(32767); begin p_sql := q'! select g.GRID, !'; p_sql := p_sql || q'! ' ' || g.topic || ' ' || gr_groupid(g.grid) "Topic" !'; p_sql := p_sql || q'! from grievance g, gr_status_lookup p, gr_bu b where g.gr_status = 3 and g.status_id = p.id and g.bu_id = b.id (+) !'; case when :P35_SORT = 1 then p_sql := p_sql || q'! order by trunc(g.reply_by_3), trunc(g.date_sub_3) nulls last !'; when :P35_SORT = 2 then p_sql := p_sql || q'! order by trunc(g.date_sub_3), trunc(g.u_action_3) nulls last !'; else null; end case; return replace(p_sql,'$',':'); end;

17 November 13, 2007 Steal the Show with ApEx 17 Checkboxes PLSQL-generated SQL Page process

18 November 13, 2007 Steal the Show with ApEx 18 Check-all checkbox From Sergio Leunissen’s Blog

19 November 13, 2007 Steal the Show with ApEx 19 Grievance listing

20 November 13, 2007 Steal the Show with ApEx 20 Grievance listing Filters = where clausesOrder by Number of rows (item) Large clickable area Manual javascript pop-up link || text Manual page link || text Check all check box Composite report column

21 November 13, 2007 Steal the Show with ApEx 21 Javascript on a Select List Page Attributes Page Item

22 November 13, 2007 Steal the Show with ApEx 22 Database-driven Javascript declare p_java varchar2(4000); cursor c1 is select bu_id, bplate from gr_bu; begin p_java := 'function insertBP(p_region_id) { var p_bu_id = document.getElementById("P8_BU_ID").value;'; for a1 in c1 loop p_java := p_java || chr(10) || 'if (p_bu_id == ' || a1.bu_id || ')' || chr(10) || 'document.getElementById("P8_BPLATE").value = "' || a1.bplate || '";'; end loop; p_java := p_java || chr(10) || '}'; :F168_BPLATE_JAVA := p_java; end;

23 November 13, 2007 Steal the Show with ApEx 23 Javascript result function insertBP(p_region_id) { var p_bu_id = document.getElementById("P8_BU_ID").value; if (p_bu_id == 12) document.getElementById("P8_BPLATE").value = "This grievance is filed pursuant to the Interim agreements and 5 USC 7103 (a) (9). The Agency's actions constitute a violation of the Interim agreements between NATCA and the FAA, 5 USC Chapter 71, and all applicable laws, rules, regulations, and past practice. NOTE: Under protest, and as ordered by FAA management, this grievance is filed in accordance with the Imposed Working Rules (IWR)."; if (p_bu_id == 13) document.getElementById("P8_BPLATE").value = "This grievance is filed pursuant to the Interim agreements and 5 USC 7103 (a) (9). "; }

24 November 13, 2007 Steal the Show with ApEx 24 Users upload and download documents associated with each grievance. The process is analogous to a legal case. Custom tables: file storage

25 November 13, 2007 Steal the Show with ApEx 25 The custom tables are tied to individual grievances by the primary key GRID. Upload/download tables

26 November 13, 2007 Steal the Show with ApEx 26 Upload process

27 November 13, 2007 Steal the Show with ApEx 27 Upload: File size validation A validation restricts the size of uploads.

28 November 13, 2007 Steal the Show with ApEx 28 Upload: File name validation Javascript restricts the length of the file name. ApEx will not accept more than 78 characters.

29 November 13, 2007 Steal the Show with ApEx 29 Download report

30 November 13, 2007 Steal the Show with ApEx 30 Don’t forget! SQL> grant execute on download_my_file to public Download link

31 November 13, 2007 Steal the Show with ApEx 31 Session state protection NO:::&cs=3A70EA7DD614FA61411D4DCACB75E481C

32 November 13, 2007 Steal the Show with ApEx 32 URL with checksum

33 November 13, 2007 Steal the Show with ApEx 33 Checksums in manual links ' ' || g.topic || ' ' "Topic" Original SQL: With session state protection:

34 November 13, 2007 Steal the Show with ApEx 34 Checksum in PLSQL region

35 November 13, 2007 Steal the Show with ApEx 35 Session state violation Tampering with values in the URL produces this error message.

36 November 13, 2007 Steal the Show with ApEx 36 Security through branching

37 November 13, 2007 Steal the Show with ApEx 37 Automatic row processing Automatic row processing includes optimistic locking. But more advanced apps use manual processing.

38 November 13, 2007 Steal the Show with ApEx 38 Manual row processing for c1 in (select * from grievance where grid = :P8_GRID) loop current_state := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5(input_string => c1.FAANUM||c1.GRIEVANT||c1.REP||c1.TOPIC||c1.ORAL)); end loop; if current_state = :P8_CHECKSUM then update grievance set faanum = :P8_FAANUM, rep = :P8_REP, topic = :P8_TOPIC, oral = :P8_ORAL where grid = :P8_GRID; :P8_RETURN_PAGE := 32; end case; else :P8_RETURN_PAGE := 39; end if; :P8_CHECKSUM is calculated when the page is rendered. If it changes, the update does not execute.

39 November 13, 2007 Steal the Show with ApEx 39 Optimistic locking error When the checksums do not agree, conditional processing prevents the update and conditional branching takes the user to this page.

40 November 13, 2007 Steal the Show with ApEx 40 Application level items Page item names are visible in the HTML source The names of application level items are not, making them more difficult to tamper with

41 November 13, 2007 Steal the Show with ApEx 41 Using application level items LOGIN PROCESS… case when p_sec_lev = 1 then :F134_HEADER := :F134_HEADER || 'FacRep Level'; when p_sec_lev = 2 then :F134_HEADER := :F134_HEADER || 'RVP Level'; else null; end case;

42 November 13, 2007 Steal the Show with ApEx 42 User activity or select * from htmldb_activity_log

43 November 13, 2007 Steal the Show with ApEx 43 Integrating apps

44 November 13, 2007 Steal the Show with ApEx 44 Internal message board Build or borrow a message board application, customize it and integrate it into all of your apps for an internal message board/knowledge base.

45 November 13, 2007 Steal the Show with ApEx 45 Application Express skill set

46 November 13, 2007 Steal the Show with ApEx 46

47 November 13, 2007 Steal the Show with ApEx 47

48 November 13, 2007 Steal the Show with ApEx 48 Thank you! For more information: Bill Holtzman


Download ppt "Steal the Show with ApEx Oracle Open World, November 13, 2007 Bill Holtzman National Air Traffic Controllers Association."

Similar presentations


Ads by Google