Friday, December 18, 2009

APEX Notes

If you want to access a procedure without going through the APEX security, alter wwv_flow_epg_include_mod_local to include your procedure.
I had a simple procedure, that lists all applications, called apex_apps:

CREATE OR REPLACE PROCEDURE apex_030200.apex_apps
AS
BEGIN
FOR i IN (SELECT TRIM(TO_CHAR (display_id)) ID, NAME
FROM apex_030200.wwv_flows
WHERE display_id NOT BETWEEN 4000 AND 5000
ORDER BY NAME)
LOOP
HTP.p ('<li><a href="f?p=' || i.ID || '">' || i.NAME || '</a></li>');
END LOOP;
END;


However, calling this resulted in:
[Fri Dec 18 15:57:12 2009] [error] [client x.x.x.x.] 
mod_plsql: /apex/apex_apps HTTP-403
It is forbidden to call this procedure directly from the browser!

After changing wwv_flow_epg_include_mod_local to

CREATE OR REPLACE function APEX_030200.wwv_flow_epg_include_mod_local(
procedure_name in varchar2)
return boolean
is
begin
-- return false; -- remove this statement when you modify this function
--
-- Administrator note: the procedure_name input parameter may be in the format:
--
-- procedure
-- schema.procedure
-- package.procedure
-- schema.package.procedure
--
-- If the expected input parameter is a procedure name only, the IN list code shown below
-- can be modified to itemize the expected procedure names. Otherwise you must parse the
-- procedure_name parameter and replace the simple code below with code that will evaluate
-- all of the cases listed above.
--
if upper(procedure_name) in (
'APEX_APPS') then
return TRUE;
else
return FALSE;
end if;
end wwv_flow_epg_include_mod_local;

everything works as designed.

No comments: