- uuid_list = [current_user.uuid, *current_user.groups_i_can(:read)]
- sanitized_uuid_list = uuid_list.
- collect { |uuid| model_class.sanitize(uuid) }.join(', ')
- @objects ||= model_class.
- joins("LEFT JOIN links permissions ON permissions.head_uuid=#{table_name}.owner AND permissions.tail_uuid in (#{sanitized_uuid_list}) AND permissions.link_class='permission'").
- where("?=? OR #{table_name}.owner in (?) OR #{table_name}.uuid=? OR permissions.head_uuid IS NOT NULL",
- true, current_user.is_admin,
- uuid_list,
- current_user.uuid)
- if !@where.empty?
+ @objects ||= model_class.readable_by(current_user)
+ apply_where_limit_order_params
+ end
+
+ def apply_where_limit_order_params
+ if @filters.is_a? Array and @filters.any?
+ cond_out = []
+ param_out = []
+ @filters.each do |attr, operator, operand|
+ if !model_class.searchable_columns.index attr.to_s
+ raise ArgumentError.new("Invalid attribute '#{attr}' in condition")
+ end
+ case operator.downcase
+ when '=', '<', '<=', '>', '>=', 'like'
+ if operand.is_a? String
+ cond_out << "#{table_name}.#{attr} #{operator} ?"
+ if (# any operator that operates on value rather than
+ # representation:
+ operator.match(/[<=>]/) and
+ model_class.attribute_column(attr).type == :datetime)
+ operand = Time.parse operand
+ end
+ param_out << operand
+ end
+ when 'in'
+ if operand.is_a? Array
+ cond_out << "#{table_name}.#{attr} IN (?)"
+ param_out << operand
+ end
+ end
+ end
+ if cond_out.any?
+ @objects = @objects.where(cond_out.join(' AND '), *param_out)
+ end
+ end
+ if @where.is_a? Hash and @where.any?