17994: Accept a few very specific expressions as filters.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>

diff --git a/services/api/lib/record_filters.rb b/services/api/lib/record_filters.rb
index f8898d63c90de2169fc8d18b53d40f68171ae945..517a7fe28496d46d4352d13f9bb0463ba184cdec 100644 (file)
--- a/services/api/lib/record_filters.rb
+++ b/services/api/lib/record_filters.rb
@@ -141,6 +141,23 @@ module RecordFilters
 
           cond_out << "jsonb_exists(#{attr_table_name}.#{attr}, ?)"
           param_out << operand
+        elsif expr = /^ *\( *(\w+) *(<=?|>=?|=) *(\w+) *\) *$/.match(attr)
+          if operator != '=' || ![true,"true"].index(operand)
+            raise ArgumentError.new("Invalid expression filter '#{attr}': subsequent elements must be [\"=\", true]")
+          end
+          operator = expr[2]
+          attr1, attr2 = expr[1], expr[3]
+          allowed = attr_model_class.searchable_columns(operator)
+          [attr1, attr2].each do |tok|
+            if !allowed.index(tok)
+              raise ArgumentError.new("Invalid attribute in expression: '#{tok}'")
+            end
+            col = attr_model_class.columns.select { |c| c.name == tok }.first
+            if col.type != :integer
+              raise ArgumentError.new("Non-numeric attribute in expression: '#{tok}'")
+            end
+          end
+          cond_out << "#{attr1} #{operator} #{attr2}"
         else
           if !attr_model_class.searchable_columns(operator).index attr
             raise ArgumentError.new("Invalid attribute '#{attr}' in filter")

diff --git a/services/api/test/functional/arvados/v1/collections_controller_test.rb b/services/api/test/functional/arvados/v1/collections_controller_test.rb
index 1ca2dd1dc109857e6987fdaa32caad2b04a52f8b..86a3067311e4835f51f5d252b9acf508397aae0f 100644 (file)
--- a/services/api/test/functional/arvados/v1/collections_controller_test.rb
+++ b/services/api/test/functional/arvados/v1/collections_controller_test.rb
@@ -1455,4 +1455,48 @@ EOS
     assert_response :success
     assert_equal col.version, json_response['version'], 'Trashing a collection should not create a new version'
   end
+
+  [['<', :<],
+   ['<=', :<=],
+   ['>', :>],
+   ['>=', :>=],
+   ['=', :==]].each do |op, rubyop|
+    test "filter collections by replication_desired #{op} replication_confirmed" do
+      authorize_with(:active)
+      get :index, params: {
+            filters: [["(replication_desired #{op} replication_confirmed)", "=", true]],
+          }
+      assert_response :success
+      json_response["items"].each do |c|
+        assert_operator(c["replication_desired"], rubyop, c["replication_confirmed"])
+      end
+    end
+  end
+
+  ["(replication_desired < bogus)",
+   "replication_desired < replication_confirmed",
+   "(replication_desired < replication_confirmed",
+   "(replication_desired ! replication_confirmed)",
+   "(replication_desired <)",
+   "(replication_desired < manifest_text)",
+   "(manifest_text < manifest_text)", # currently only numeric attrs are supported
+   "(replication_desired < 2)", # currently only attrs are supported, not literals
+   "(1 < 2)",
+  ].each do |expr|
+    test "invalid filter expression #{expr}" do
+      authorize_with(:active)
+      get :index, params: {
+            filters: [[expr, "=", true]],
+          }
+      assert_response 422
+    end
+  end
+
+  test "invalid op/arg with filter expression" do
+    authorize_with(:active)
+    get :index, params: {
+          filters: [["replication_desired < replication_confirmed", "!=", false]],
+        }
+    assert_response 422
+  end
 end