In particular, block the `getTransaction` method. Look at what other methods could be destructive.
We should also fix methods on the raw connection returned by ServiceHub.jdbcSession.
I was also just reading up on JDBC savepoints. They seem to be supported by MS SQL Server, Oracle and Postgres and also H2 (apparently). I think we might actually be able to use savepoints to be slightly richer than just banning rollbacks. Need to think how that might interact with Hibernate. Of course, this might all just be a bad idea and we should perhaps start by outright banning, but my brain is wondering what we might be able to use savepoints for. Seems like they should be useful.
Looking at the EntityManager docs does locking out the following make sense?
I’m not terribly sure but all of those seem like extra rope…
As for the jdbcSession which is a Connection object:
close (only for us)
set/releaseSavepoint (until we know how we want to use it)
For EntityManager that list sounds okay, but we should retain detach access.
For jdbcSession that also sounds reasonable.
The ones that I am less clear on are getLockMode, getMetamodel and getProperties (plus getMetaData on the connection). Do the objects returned by those allow attempts to mutate things?
I checked those methods.
LockModeType getLockMode(Object entity): Returns an enum, so I think we can leave it as it is.
Metamodel getMetamodel(): You can access Sets there and possibly add new elements to them. I would block it.
Map<String, Object> getProperties() : Regarding this method the documentation says: ‘Changing the contents of the map does not change the configuration in effect.’ I would leave this one as well as it is for now.
DatabaseMetaData getMetaData(): Comprehensive information about the database as a whole. I don’t think you can mutate things in it.