1 # Copyright (C) The Arvados Authors. All rights reserved.
3 # SPDX-License-Identifier: AGPL-3.0
5 # Mixin module for reading out query parameters from request params.
10 # @where, @filters, @limit, @offset, @orders
13 # Default number of rows to return in a single query.
16 # Load params[:where] into @where
18 if params[:where].nil? or params[:where] == ""
20 elsif [Hash, ActionController::Parameters].include? params[:where].class
21 @where = params[:where]
22 elsif params[:where].is_a? String
24 @where = SafeJSON.load(params[:where])
25 raise unless @where.is_a? Hash
27 raise ArgumentError.new("Could not parse \"where\" param as an object")
30 @where = @where.with_indifferent_access
33 # Load params[:filters] into @filters
34 def load_filters_param
36 if params[:filters].is_a? Array
37 @filters += params[:filters]
38 elsif params[:filters].is_a? String and !params[:filters].empty?
40 f = SafeJSON.load(params[:filters])
42 raise unless f.is_a? Array
46 raise ArgumentError.new("Could not parse \"filters\" param as an array")
51 # Load params[:limit], params[:offset] and params[:order]
52 # into @limit, @offset, @orders
53 def load_limit_offset_order_params(fill_table_names: true)
55 unless params[:limit].to_s.match(/^\d+$/)
56 raise ArgumentError.new("Invalid value for limit parameter")
58 @limit = [params[:limit].to_i,
59 Rails.configuration.API.MaxItemsPerResponse].min
61 @limit = DEFAULT_LIMIT
65 unless params[:offset].to_s.match(/^\d+$/)
66 raise ArgumentError.new("Invalid value for offset parameter")
68 @offset = params[:offset].to_i
74 if (params[:order].is_a?(Array) && !params[:order].empty?) || !params[:order].blank?
78 if params[:order].starts_with? '['
79 od = SafeJSON.load(params[:order])
80 raise unless od.is_a? Array
83 params[:order].split(',')
91 attr, direction = order.strip.split " "
93 # The attr can have its table unspecified if it happens to be for the current "model_class" (the first case)
94 # or it can be fully specified with the database tablename (the second case) (e.g. "collections.name").
95 # NB that the security check for the second case table_name will not work if the model
96 # has used set_table_name to use an alternate table name from the Rails standard.
97 # I could not find a perfect way to handle this well, but ActiveRecord::Base.send(:descendants)
98 # would be a place to start if this ever becomes necessary.
99 if (attr.match(/^[a-z][_a-z0-9]+$/) &&
100 model_class.columns.collect(&:name).index(attr) &&
101 ['asc','desc'].index(direction.downcase))
103 @orders << "#{table_name}.#{attr} #{direction.downcase}"
105 @orders << "#{attr} #{direction.downcase}"
107 elsif attr.match(/^([a-z][_a-z0-9]+)\.([a-z][_a-z0-9]+)$/) and
108 ['asc','desc'].index(direction.downcase) and
109 ActiveRecord::Base.connection.tables.include?($1) and
110 $1.classify.constantize.columns.collect(&:name).index($2)
111 # $1 in the above checks references the first match from the regular expression, which is expected to be the database table name
112 # $2 is of course the actual database column name
113 @orders << "#{attr} #{direction.downcase}"
118 # If the client-specified orders don't amount to a full ordering
119 # (e.g., [] or ['owner_uuid desc']), fall back on the default
120 # orders to ensure repeating the same request (possibly with
121 # different limit/offset) will return records in the same order.
123 # Clean up the resulting list of orders such that no column
124 # uselessly appears twice (Postgres might not optimize this out
125 # for us) and no columns uselessly appear after a unique column
126 # (Postgres does not optimize this out for us; as of 9.2, "order
127 # by id, modified_at desc, uuid" is slow but "order by id" is
129 orders_given_and_default = @orders + model_class.default_orders
132 orders_given_and_default.each do |order|
133 otablecol = order.split(' ')[0]
135 next if order_cols_used[otablecol]
136 order_cols_used[otablecol] = true
140 otable, ocol = otablecol.split('.')
141 if otable == table_name and model_class.unique_columns.include?(ocol)
142 # we already have a full ordering; subsequent entries would be
148 @distinct = params[:distinct] && true
151 def load_select_param
154 @select = params[:select]
157 @select = SafeJSON.load(params[:select])
158 raise unless @select.is_a? Array or @select.nil? or !@select
160 raise ArgumentError.new("Could not parse \"select\" param as an array")
164 if @select && @orders
165 # Any ordering columns must be selected when doing select,
166 # otherwise it is an SQL error, so filter out invaliding orderings.
167 @orders.select! { |o|
169 # match select column against order array entry
170 @select.select { |s| col == "#{table_name}.#{s}" }.any?