+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+# Mixin module providing a method to convert filters into a list of SQL
+# fragments suitable to be fed to ActiveRecord #where.
+#
# Expects:
-# @where
-# @filters
-# +model_class+
+# model_class
# Operates on:
# @objects
+
+require 'safe_json'
+
module RecordFilters
- def apply_where_limit_order_params
- if @filters.is_a? Array and @filters.any?
+ # Input:
+ # +filters+ array of conditions, each being [column, operator, operand]
+ # +model_class+ subclass of ActiveRecord being filtered
+ #
+ # Output:
+ # Hash with the following keys:
+ # :cond_out array of SQL fragments for each filter expression
+ # :param_out array of values for parameter substitution in cond_out
+ # :joins array of joins: either [] or ["JOIN containers ON ..."]
+ def record_filters filters, model_class
+ conds_out = []
+ param_out = []
+ joins = []
+
+ model_table_name = model_class.table_name
+ filters.each do |filter|
+ attrs_in, operator, operand = filter
+ if operator == '@@'
+ raise ArgumentError.new("Full text search operator is no longer supported")
+ end
+ if attrs_in == 'any'
+ attrs = model_class.searchable_columns(operator)
+ elsif attrs_in.is_a? Array
+ attrs = attrs_in
+ else
+ attrs = [attrs_in]
+ end
+ if !filter.is_a? Array
+ raise ArgumentError.new("Invalid element in filters array: #{filter.inspect} is not an array")
+ elsif !operator.is_a? String
+ raise ArgumentError.new("Invalid operator '#{operator}' (#{operator.class}) in filter")
+ end
+
+ operator = operator.downcase
cond_out = []
- param_out = []
- @filters.each do |attr, operator, operand|
- if !model_class.searchable_columns(operator).index attr.to_s
- raise ArgumentError.new("Invalid attribute '#{attr}' in condition")
+
+ if attrs_in == 'any' && (operator == 'ilike' || operator == 'like') && (operand.is_a? String) && operand.match('^[%].*[%]$')
+ # Trigram index search
+ cond_out << model_class.full_text_trgm + " #{operator} ?"
+ param_out << operand
+ # Skip the generic per-column operator loop below
+ attrs = []
+ end
+
+ attrs.each do |attr|
+ subproperty = attr.split(".", 2)
+
+ if subproperty.length == 2 && subproperty[0] == 'container' && model_table_name == "container_requests"
+ # attr is "tablename.colname" -- e.g., ["container.state", "=", "Complete"]
+ joins = ["JOIN containers ON container_requests.container_uuid = containers.uuid"]
+ attr_model_class = Container
+ attr_table_name = "containers"
+ subproperty = subproperty[1].split(".", 2)
+ else
+ attr_model_class = model_class
+ attr_table_name = model_table_name
end
- case operator.downcase
- when '=', '<', '<=', '>', '>=', 'like'
- if operand.is_a? String
- cond_out << "#{table_name}.#{attr} #{operator} ?"
- if (# any operator that operates on value rather than
- # representation:
- operator.match(/[<=>]/) and
- model_class.attribute_column(attr).type == :datetime)
- operand = Time.parse operand
+
+ attr = subproperty[0]
+ proppath = subproperty[1]
+ col = attr_model_class.columns.select { |c| c.name == attr }.first
+
+ if proppath
+ if col.nil? or col.type != :jsonb
+ raise ArgumentError.new("Invalid attribute '#{attr}' for subproperty filter")
+ end
+
+ if proppath[0] == "<" and proppath[-1] == ">"
+ proppath = proppath[1..-2]
+ end
+
+ # jsonb search
+ case operator
+ when '=', '!='
+ not_in = if operator == "!=" then "NOT " else "" end
+ cond_out << "#{not_in}(#{attr_table_name}.#{attr} @> ?::jsonb)"
+ param_out << SafeJSON.dump({proppath => operand})
+ when 'in'
+ if operand.is_a? Array
+ operand.each do |opr|
+ cond_out << "#{attr_table_name}.#{attr} @> ?::jsonb"
+ param_out << SafeJSON.dump({proppath => opr})
+ end
+ else
+ raise ArgumentError.new("Invalid operand type '#{operand.class}' "\
+ "for '#{operator}' operator in filters")
end
+ when '<', '<=', '>', '>='
+ cond_out << "#{attr_table_name}.#{attr}->? #{operator} ?::jsonb"
+ param_out << proppath
+ param_out << SafeJSON.dump(operand)
+ when 'like', 'ilike'
+ cond_out << "#{attr_table_name}.#{attr}->>? #{operator} ?"
+ param_out << proppath
param_out << operand
+ when 'not in'
+ if operand.is_a? Array
+ cond_out << "#{attr_table_name}.#{attr}->>? NOT IN (?) OR #{attr_table_name}.#{attr}->>? IS NULL"
+ param_out << proppath
+ param_out << operand
+ param_out << proppath
+ else
+ raise ArgumentError.new("Invalid operand type '#{operand.class}' "\
+ "for '#{operator}' operator in filters")
+ end
+ when 'exists'
+ if operand == true
+ cond_out << "jsonb_exists(#{attr_table_name}.#{attr}, ?)"
+ elsif operand == false
+ cond_out << "(NOT jsonb_exists(#{attr_table_name}.#{attr}, ?)) OR #{attr_table_name}.#{attr} is NULL"
+ else
+ raise ArgumentError.new("Invalid operand '#{operand}' for '#{operator}' must be true or false")
+ end
+ param_out << proppath
+ when 'contains'
+ cond_out << "#{attr_table_name}.#{attr} @> ?::jsonb OR #{attr_table_name}.#{attr} @> ?::jsonb"
+ param_out << SafeJSON.dump({proppath => operand})
+ param_out << SafeJSON.dump({proppath => [operand]})
+ else
+ raise ArgumentError.new("Invalid operator for subproperty search '#{operator}'")
end
- when 'in'
- if operand.is_a? Array
- cond_out << "#{table_name}.#{attr} IN (?)"
- param_out << operand
+ elsif operator == "exists"
+ if col.nil? or col.type != :jsonb
+ raise ArgumentError.new("Invalid attribute '#{attr}' for operator '#{operator}' in filter")
+ end
+
+ cond_out << "jsonb_exists(#{attr_table_name}.#{attr}, ?)"
+ param_out << operand
+ elsif expr = /^ *\( *(\w+) *(<=?|>=?|=) *(\w+) *\) *$/.match(attr)
+ if operator != '=' || ![true,"true"].index(operand)
+ raise ArgumentError.new("Invalid expression filter '#{attr}': subsequent elements must be [\"=\", true]")
+ end
+ operator = expr[2]
+ attr1, attr2 = expr[1], expr[3]
+ allowed = attr_model_class.searchable_columns(operator)
+ [attr1, attr2].each do |tok|
+ if !allowed.index(tok)
+ raise ArgumentError.new("Invalid attribute in expression: '#{tok}'")
+ end
+ col = attr_model_class.columns.select { |c| c.name == tok }.first
+ if col.type != :integer
+ raise ArgumentError.new("Non-numeric attribute in expression: '#{tok}'")
+ end
end
- when 'is_a'
- operand = [operand] unless operand.is_a? Array
- cond = []
- operand.each do |op|
+ cond_out << "#{attr1} #{operator} #{attr2}"
+ else
+ if !attr_model_class.searchable_columns(operator).index(attr) &&
+ !(col.andand.type == :jsonb && ['contains', '=', '<>', '!='].index(operator))
+ raise ArgumentError.new("Invalid attribute '#{attr}' in filter")
+ end
+
+ case operator
+ when '=', '<', '<=', '>', '>=', '!=', 'like', 'ilike'
+ attr_type = attr_model_class.attribute_column(attr).type
+ operator = '<>' if operator == '!='
+ if operand.is_a? String
+ if attr_type == :boolean
+ if not ['=', '<>'].include?(operator)
+ raise ArgumentError.new("Invalid operator '#{operator}' for " \
+ "boolean attribute '#{attr}'")
+ end
+ case operand.downcase
+ when '1', 't', 'true', 'y', 'yes'
+ operand = true
+ when '0', 'f', 'false', 'n', 'no'
+ operand = false
+ else
+ raise ArgumentError("Invalid operand '#{operand}' for " \
+ "boolean attribute '#{attr}'")
+ end
+ end
+ if operator == '<>'
+ # explicitly allow NULL
+ cond_out << "#{attr_table_name}.#{attr} #{operator} ? OR #{attr_table_name}.#{attr} IS NULL"
+ else
+ cond_out << "#{attr_table_name}.#{attr} #{operator} ?"
+ end
+ if (# any operator that operates on value rather than
+ # representation:
+ operator.match(/[<=>]/) and (attr_type == :datetime))
+ operand = Time.parse operand
+ end
+ param_out << operand
+ elsif operand.nil? and operator == '='
+ cond_out << "#{attr_table_name}.#{attr} is null"
+ elsif operand.nil? and operator == '<>'
+ cond_out << "#{attr_table_name}.#{attr} is not null"
+ elsif (attr_type == :boolean) and ['=', '<>'].include?(operator) and
+ [true, false].include?(operand)
+ cond_out << "#{attr_table_name}.#{attr} #{operator} ?"
+ param_out << operand
+ elsif (attr_type == :integer)
+ cond_out << "#{attr_table_name}.#{attr} #{operator} ?"
+ param_out << operand
+ else
+ raise ArgumentError.new("Invalid operand type '#{operand.class}' "\
+ "for '#{operator}' operator in filters")
+ end
+ when 'in', 'not in'
+ if operand.is_a? Array
+ cond_out << "#{attr_table_name}.#{attr} #{operator} (?)"
+ param_out << operand
+ if operator == 'not in' and not operand.include?(nil)
+ # explicitly allow NULL
+ cond_out[-1] = "(#{cond_out[-1]} OR #{attr_table_name}.#{attr} IS NULL)"
+ end
+ else
+ raise ArgumentError.new("Invalid operand type '#{operand.class}' "\
+ "for '#{operator}' operator in filters")
+ end
+ when 'is_a'
+ operand = [operand] unless operand.is_a? Array
+ cond = []
+ operand.each do |op|
cl = ArvadosModel::kind_class op
if cl
- cond << "#{table_name}.#{attr} like ?"
- param_out << cl.uuid_like_pattern
+ if attr == 'uuid'
+ if attr_model_class.uuid_prefix == cl.uuid_prefix
+ cond << "1=1"
+ else
+ cond << "1=0"
+ end
+ else
+ # Use a substring query to support remote uuids
+ cond << "substring(#{attr_table_name}.#{attr}, 7, 5) = ?"
+ param_out << cl.uuid_prefix
+ end
else
cond << "1=0"
end
- end
- cond_out << cond.join(' OR ')
- end
- end
- if cond_out.any?
- @objects = @objects.where(cond_out.join(' AND '), *param_out)
- end
- end
- if @where.is_a? Hash and @where.any?
- conditions = ['1=1']
- @where.each do |attr,value|
- if attr.to_s == 'any'
- if value.is_a?(Array) and
- value.length == 2 and
- value[0] == 'contains' then
- ilikes = []
- model_class.searchable_columns('ilike').each do |column|
- ilikes << "#{table_name}.#{column} ilike ?"
- conditions << "%#{value[1]}%"
end
- if ilikes.any?
- conditions[0] << ' and (' + ilikes.join(' or ') + ')'
+ cond_out << cond.join(' OR ')
+ when 'contains'
+ if col.andand.type != :jsonb
+ raise ArgumentError.new("Invalid attribute '#{attr}' for '#{operator}' operator")
end
- end
- elsif attr.to_s.match(/^[a-z][_a-z0-9]+$/) and
- model_class.columns.collect(&:name).index(attr.to_s)
- if value.nil?
- conditions[0] << " and #{table_name}.#{attr} is ?"
- conditions << nil
- elsif value.is_a? Array
- if value[0] == 'contains' and value.length == 2
- conditions[0] << " and #{table_name}.#{attr} like ?"
- conditions << "%#{value[1]}%"
- else
- conditions[0] << " and #{table_name}.#{attr} in (?)"
- conditions << value
+ if operand == []
+ raise ArgumentError.new("Invalid operand '#{operand.inspect}' for '#{operator}' operator")
end
- elsif value.is_a? String or value.is_a? Fixnum or value == true or value == false
- conditions[0] << " and #{table_name}.#{attr}=?"
- conditions << value
- elsif value.is_a? Hash
- # Not quite the same thing as "equal?" but better than nothing?
- value.each do |k,v|
- if v.is_a? String
- conditions[0] << " and #{table_name}.#{attr} ilike ?"
- conditions << "%#{k}%#{v}%"
+ operand = [operand] unless operand.is_a? Array
+ operand.each do |op|
+ if !op.is_a?(String)
+ raise ArgumentError.new("Invalid element #{operand.inspect} in operand for #{operator.inspect} operator (operand must be a string or array of strings)")
end
end
+ # We use jsonb_exists_all(a,b) instead of "a ?& b" because
+ # the pg gem thinks "?" is a bind var. And we use string
+ # interpolation instead of param_out because the pg gem
+ # flattens param_out / doesn't support passing arrays as
+ # bind vars.
+ q = operand.map { |s| ActiveRecord::Base.connection.quote(s) }.join(',')
+ cond_out << "jsonb_exists_all(#{attr_table_name}.#{attr}, array[#{q}])"
+ else
+ raise ArgumentError.new("Invalid operator '#{operator}'")
end
end
end
- if conditions.length > 1
- conditions[0].sub!(/^1=1 and /, '')
- @objects = @objects.
- where(*conditions)
- end
+ conds_out << cond_out.join(' OR ') if cond_out.any?
end
- if params[:limit]
- begin
- @limit = params[:limit].to_i
- rescue
- raise ArgumentError.new("Invalid value for limit parameter")
- end
- else
- @limit = 100
- end
- @objects = @objects.limit(@limit)
-
- orders = []
-
- if params[:offset]
- begin
- @objects = @objects.offset(params[:offset].to_i)
- @offset = params[:offset].to_i
- rescue
- raise ArgumentError.new("Invalid value for limit parameter")
- end
- else
- @offset = 0
- end
-
- orders = []
- if params[:order]
- params[:order].split(',').each do |order|
- attr, direction = order.strip.split " "
- direction ||= 'asc'
- if attr.match /^[a-z][_a-z0-9]+$/ and
- model_class.columns.collect(&:name).index(attr) and
- ['asc','desc'].index direction.downcase
- orders << "#{table_name}.#{attr} #{direction.downcase}"
- end
- end
- end
- if orders.empty?
- orders << "#{table_name}.modified_at desc"
- end
- @objects = @objects.order(orders.join ", ")
+ {:cond_out => conds_out, :param_out => param_out, :joins => joins}
end
end