X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/04cc77648cc62c73433801475c27ede4ceb76c8b..035b113f60302f6d9c265e6e3a63dbb3c5873153:/services/api/lib/record_filters.rb diff --git a/services/api/lib/record_filters.rb b/services/api/lib/record_filters.rb index fab16bbc1d..dc427c12c1 100644 --- a/services/api/lib/record_filters.rb +++ b/services/api/lib/record_filters.rb @@ -1,145 +1,218 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +# Mixin module providing a method to convert filters into a list of SQL +# fragments suitable to be fed to ActiveRecord #where. +# # Expects: -# @where -# @filters -# +model_class+ +# model_class # Operates on: # @objects + +require 'safe_json' + module RecordFilters - def apply_where_limit_order_params - if @filters.is_a? Array and @filters.any? + # Input: + # +filters+ array of conditions, each being [column, operator, operand] + # +model_class+ subclass of ActiveRecord being filtered + # + # Output: + # Hash with two keys: + # :cond_out array of SQL fragments for each filter expression + # :param_out array of values for parameter substitution in cond_out + def record_filters filters, model_class + conds_out = [] + param_out = [] + + ar_table_name = model_class.table_name + filters.each do |filter| + attrs_in, operator, operand = filter + if attrs_in == 'any' && operator != '@@' + attrs = model_class.searchable_columns(operator) + elsif attrs_in.is_a? Array + attrs = attrs_in + else + attrs = [attrs_in] + end + if !filter.is_a? Array + raise ArgumentError.new("Invalid element in filters array: #{filter.inspect} is not an array") + elsif !operator.is_a? String + raise ArgumentError.new("Invalid operator '#{operator}' (#{operator.class}) in filter") + end + cond_out = [] - param_out = [] - @filters.each do |attr, operator, operand| - if !model_class.searchable_columns(operator).index attr.to_s - raise ArgumentError.new("Invalid attribute '#{attr}' in condition") + + if operator == '@@' + # Full-text search + if attrs_in != 'any' + raise ArgumentError.new("Full text search on individual columns is not supported") end - case operator.downcase - when '=', '<', '<=', '>', '>=', 'like' - if operand.is_a? String - cond_out << "#{table_name}.#{attr} #{operator} ?" - if (# any operator that operates on value rather than - # representation: - operator.match(/[<=>]/) and - model_class.attribute_column(attr).type == :datetime) - operand = Time.parse operand + if operand.is_a? Array + raise ArgumentError.new("Full text search not supported for array operands") + end + + # Skip the generic per-column operator loop below + attrs = [] + # Use to_tsquery since plainto_tsquery does not support prefix + # search. And, split operand and join the words with ' & ' + cond_out << model_class.full_text_tsvector+" @@ to_tsquery(?)" + param_out << operand.split.join(' & ') + end + attrs.each do |attr| + subproperty = attr.split(".", 2) + + col = model_class.columns.select { |c| c.name == subproperty[0] }.first + + if subproperty.length == 2 + if col.nil? or col.type != :jsonb + raise ArgumentError.new("Invalid attribute '#{subproperty[0]}' for subproperty filter") + end + + if subproperty[1][0] == "<" and subproperty[1][-1] == ">" + subproperty[1] = subproperty[1][1..-2] + end + + # jsonb search + case operator.downcase + when '=', '!=' + not_in = if operator.downcase == "!=" then "NOT " else "" end + cond_out << "#{not_in}(#{ar_table_name}.#{subproperty[0]} @> ?::jsonb)" + param_out << SafeJSON.dump({subproperty[1] => operand}) + when 'in' + if operand.is_a? Array + operand.each do |opr| + cond_out << "#{ar_table_name}.#{subproperty[0]} @> ?::jsonb" + param_out << SafeJSON.dump({subproperty[1] => opr}) + end + else + raise ArgumentError.new("Invalid operand type '#{operand.class}' "\ + "for '#{operator}' operator in filters") end + when '<', '<=', '>', '>=' + cond_out << "#{ar_table_name}.#{subproperty[0]}->? #{operator} ?::jsonb" + param_out << subproperty[1] + param_out << SafeJSON.dump(operand) + when 'like', 'ilike' + cond_out << "#{ar_table_name}.#{subproperty[0]}->>? #{operator} ?" + param_out << subproperty[1] param_out << operand + when 'not in' + if operand.is_a? Array + cond_out << "#{ar_table_name}.#{subproperty[0]}->>? NOT IN (?) OR #{ar_table_name}.#{subproperty[0]}->>? IS NULL" + param_out << subproperty[1] + param_out << operand + param_out << subproperty[1] + else + raise ArgumentError.new("Invalid operand type '#{operand.class}' "\ + "for '#{operator}' operator in filters") + end + when 'exists' + if operand == true + cond_out << "jsonb_exists(#{ar_table_name}.#{subproperty[0]}, ?)" + elsif operand == false + cond_out << "(NOT jsonb_exists(#{ar_table_name}.#{subproperty[0]}, ?)) OR #{ar_table_name}.#{subproperty[0]} is NULL" + else + raise ArgumentError.new("Invalid operand '#{operand}' for '#{operator}' must be true or false") end - when 'in' - if operand.is_a? Array - cond_out << "#{table_name}.#{attr} IN (?)" - param_out << operand + param_out << subproperty[1] + else + raise ArgumentError.new("Invalid operator for subproperty search '#{operator}'") end - when 'is_a' - operand = [operand] unless operand.is_a? Array - cond = [] - operand.each do |op| - cl = ArvadosModel::kind_class op - if cl - cond << "#{table_name}.#{attr} like ?" - param_out << cl.uuid_like_pattern + elsif operator.downcase == "exists" + if col.type != :jsonb + raise ArgumentError.new("Invalid attribute '#{subproperty[0]}' for operator '#{operator}' in filter") + end + + cond_out << "jsonb_exists(#{ar_table_name}.#{subproperty[0]}, ?)" + param_out << operand + else + if !model_class.searchable_columns(operator).index subproperty[0] + raise ArgumentError.new("Invalid attribute '#{subproperty[0]}' in filter") + end + + case operator.downcase + when '=', '<', '<=', '>', '>=', '!=', 'like', 'ilike' + attr_type = model_class.attribute_column(attr).type + operator = '<>' if operator == '!=' + if operand.is_a? String + if attr_type == :boolean + if not ['=', '<>'].include?(operator) + raise ArgumentError.new("Invalid operator '#{operator}' for " \ + "boolean attribute '#{attr}'") + end + case operand.downcase + when '1', 't', 'true', 'y', 'yes' + operand = true + when '0', 'f', 'false', 'n', 'no' + operand = false + else + raise ArgumentError("Invalid operand '#{operand}' for " \ + "boolean attribute '#{attr}'") + end + end + if operator == '<>' + # explicitly allow NULL + cond_out << "#{ar_table_name}.#{attr} #{operator} ? OR #{ar_table_name}.#{attr} IS NULL" else - cond << "1=0" + cond_out << "#{ar_table_name}.#{attr} #{operator} ?" end - end - cond_out << cond.join(' OR ') - end - end - if cond_out.any? - @objects = @objects.where(cond_out.join(' AND '), *param_out) - end - end - if @where.is_a? Hash and @where.any? - conditions = ['1=1'] - @where.each do |attr,value| - if attr.to_s == 'any' - if value.is_a?(Array) and - value.length == 2 and - value[0] == 'contains' then - ilikes = [] - model_class.searchable_columns('ilike').each do |column| - ilikes << "#{table_name}.#{column} ilike ?" - conditions << "%#{value[1]}%" - end - if ilikes.any? - conditions[0] << ' and (' + ilikes.join(' or ') + ')' + if (# any operator that operates on value rather than + # representation: + operator.match(/[<=>]/) and (attr_type == :datetime)) + operand = Time.parse operand + end + param_out << operand + elsif operand.nil? and operator == '=' + cond_out << "#{ar_table_name}.#{attr} is null" + elsif operand.nil? and operator == '<>' + cond_out << "#{ar_table_name}.#{attr} is not null" + elsif (attr_type == :boolean) and ['=', '<>'].include?(operator) and + [true, false].include?(operand) + cond_out << "#{ar_table_name}.#{attr} #{operator} ?" + param_out << operand + elsif (attr_type == :integer) + cond_out << "#{ar_table_name}.#{attr} #{operator} ?" + param_out << operand + else + raise ArgumentError.new("Invalid operand type '#{operand.class}' "\ + "for '#{operator}' operator in filters") end - end - elsif attr.to_s.match(/^[a-z][_a-z0-9]+$/) and - model_class.columns.collect(&:name).index(attr.to_s) - if value.nil? - conditions[0] << " and #{table_name}.#{attr} is ?" - conditions << nil - elsif value.is_a? Array - if value[0] == 'contains' and value.length == 2 - conditions[0] << " and #{table_name}.#{attr} like ?" - conditions << "%#{value[1]}%" + when 'in', 'not in' + if operand.is_a? Array + cond_out << "#{ar_table_name}.#{attr} #{operator} (?)" + param_out << operand + if operator == 'not in' and not operand.include?(nil) + # explicitly allow NULL + cond_out[-1] = "(#{cond_out[-1]} OR #{ar_table_name}.#{attr} IS NULL)" + end else - conditions[0] << " and #{table_name}.#{attr} in (?)" - conditions << value + raise ArgumentError.new("Invalid operand type '#{operand.class}' "\ + "for '#{operator}' operator in filters") end - elsif value.is_a? String or value.is_a? Fixnum or value == true or value == false - conditions[0] << " and #{table_name}.#{attr}=?" - conditions << value - elsif value.is_a? Hash - # Not quite the same thing as "equal?" but better than nothing? - value.each do |k,v| - if v.is_a? String - conditions[0] << " and #{table_name}.#{attr} ilike ?" - conditions << "%#{k}%#{v}%" + when 'is_a' + operand = [operand] unless operand.is_a? Array + cond = [] + operand.each do |op| + cl = ArvadosModel::kind_class op + if cl + cond << "#{ar_table_name}.#{attr} like ?" + param_out << cl.uuid_like_pattern + else + cond << "1=0" end end + cond_out << cond.join(' OR ') + else + raise ArgumentError.new("Invalid operator '#{operator}'") end end end - if conditions.length > 1 - conditions[0].sub!(/^1=1 and /, '') - @objects = @objects. - where(*conditions) - end + conds_out << cond_out.join(' OR ') if cond_out.any? end - if params[:limit] - begin - @limit = params[:limit].to_i - rescue - raise ArgumentError.new("Invalid value for limit parameter") - end - else - @limit = 100 - end - @objects = @objects.limit(@limit) - - orders = [] - - if params[:offset] - begin - @objects = @objects.offset(params[:offset].to_i) - @offset = params[:offset].to_i - rescue - raise ArgumentError.new("Invalid value for limit parameter") - end - else - @offset = 0 - end - - orders = [] - if params[:order] - params[:order].split(',').each do |order| - attr, direction = order.strip.split " " - direction ||= 'asc' - if attr.match /^[a-z][_a-z0-9]+$/ and - model_class.columns.collect(&:name).index(attr) and - ['asc','desc'].index direction.downcase - orders << "#{table_name}.#{attr} #{direction.downcase}" - end - end - end - if orders.empty? - orders << "#{table_name}.modified_at desc" - end - @objects = @objects.order(orders.join ", ") + {:cond_out => conds_out, :param_out => param_out} end end