model_table_name = model_class.table_name
filters.each do |filter|
attrs_in, operator, operand = filter
- if attrs_in == 'any' && operator != '@@'
+ if operator == '@@'
+ raise ArgumentError.new("Full text search operator is no longer supported")
+ end
+ if attrs_in == 'any'
attrs = model_class.searchable_columns(operator)
elsif attrs_in.is_a? Array
attrs = attrs_in
attrs = []
end
- if operator == '@@'
- # Full-text search
- if attrs_in != 'any'
- raise ArgumentError.new("Full text search on individual columns is not supported")
- end
- if operand.is_a? Array
- raise ArgumentError.new("Full text search not supported for array operands")
- end
-
- # Skip the generic per-column operator loop below
- attrs = []
- # Use to_tsquery since plainto_tsquery does not support prefix
- # search. And, split operand and join the words with ' & '
- cond_out << model_class.full_text_tsvector+" @@ to_tsquery(?)"
- param_out << operand.split.join(' & ')
- end
attrs.each do |attr|
subproperty = attr.split(".", 2)
raise ArgumentError.new("Invalid operator for subproperty search '#{operator}'")
end
elsif operator == "exists"
- if col.type != :jsonb
+ if col.nil? or col.type != :jsonb
raise ArgumentError.new("Invalid attribute '#{attr}' for operator '#{operator}' in filter")
end
cond_out << "jsonb_exists(#{attr_table_name}.#{attr}, ?)"
param_out << operand
+ elsif expr = /^ *\( *(\w+) *(<=?|>=?|=) *(\w+) *\) *$/.match(attr)
+ if operator != '=' || ![true,"true"].index(operand)
+ raise ArgumentError.new("Invalid expression filter '#{attr}': subsequent elements must be [\"=\", true]")
+ end
+ operator = expr[2]
+ attr1, attr2 = expr[1], expr[3]
+ allowed = attr_model_class.searchable_columns(operator)
+ [attr1, attr2].each do |tok|
+ if !allowed.index(tok)
+ raise ArgumentError.new("Invalid attribute in expression: '#{tok}'")
+ end
+ col = attr_model_class.columns.select { |c| c.name == tok }.first
+ if col.type != :integer
+ raise ArgumentError.new("Non-numeric attribute in expression: '#{tok}'")
+ end
+ end
+ cond_out << "#{attr1} #{operator} #{attr2}"
else
if !attr_model_class.searchable_columns(operator).index(attr) &&
!(col.andand.type == :jsonb && ['contains', '=', '<>', '!='].index(operator))
raise ArgumentError.new("Invalid attribute '#{attr}' in filter")
end
+ attr_type = attr_model_class.attribute_column(attr).type
case operator
when '=', '<', '<=', '>', '>=', '!=', 'like', 'ilike'
- attr_type = attr_model_class.attribute_column(attr).type
operator = '<>' if operator == '!='
if operand.is_a? String
if attr_type == :boolean
when '0', 'f', 'false', 'n', 'no'
operand = false
else
- raise ArgumentError("Invalid operand '#{operand}' for " \
- "boolean attribute '#{attr}'")
+ raise ArgumentError.new("Invalid operand '#{operand}' for " \
+ "boolean attribute '#{attr}'")
end
end
if operator == '<>'
cond_out << "#{attr_table_name}.#{attr} #{operator} ?"
param_out << operand
elsif (attr_type == :integer)
+ if !operand.is_a?(Integer) || operand.bit_length > 64
+ raise ArgumentError.new("Invalid operand '#{operand}' "\
+ "for integer attribute '#{attr}'")
+ end
cond_out << "#{attr_table_name}.#{attr} #{operator} ?"
param_out << operand
else
"for '#{operator}' operator in filters")
end
when 'in', 'not in'
- if operand.is_a? Array
- cond_out << "#{attr_table_name}.#{attr} #{operator} (?)"
- param_out << operand
- if operator == 'not in' and not operand.include?(nil)
- # explicitly allow NULL
- cond_out[-1] = "(#{cond_out[-1]} OR #{attr_table_name}.#{attr} IS NULL)"
- end
- else
+ if !operand.is_a? Array
raise ArgumentError.new("Invalid operand type '#{operand.class}' "\
"for '#{operator}' operator in filters")
end
+ if attr_type == :integer
+ operand.each do |el|
+ if !el.is_a?(Integer) || el.bit_length > 64
+ raise ArgumentError.new("Invalid element '#{el}' in array "\
+ "for integer attribute '#{attr}'")
+ end
+ end
+ end
+ cond_out << "#{attr_table_name}.#{attr} #{operator} (?)"
+ param_out << operand
+ if operator == 'not in' and not operand.include?(nil)
+ # explicitly allow NULL
+ cond_out[-1] = "(#{cond_out[-1]} OR #{attr_table_name}.#{attr} IS NULL)"
+ end
when 'is_a'
operand = [operand] unless operand.is_a? Array
cond = []
projects / arvados.git / blobdiff