Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Skip WHERE when computed search conditions are empty #544

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Skip WHERE when computed search conditions are empty #544

wants to merge 1 commit into from

Conversation

madalinoprea
Copy link

@madalinoprea madalinoprea commented Feb 2, 2022
edited
Loading

Given an Active Record model with PK of type UUID:

+class CreateCardTransactions < ActiveRecord::Migration[6.0]
+  def change
+    create_table :card_transactions, id: :uuid do |t|
+      t.timestamps
+    end
+  end
+end

And with a Forest collection with search_fields configured only for id
field:


module Forest
  class CardTransaction
    include ForestLiana::Collection

    collection :Card__Transaction

    search_fields %w[id]
  end
end

SearchQueryBuilder will generate an invalid SQL query with an empty
WHERE statement if search term doesn't meet REGEX_UUID format:

SELECT
    "transactions"."id" AS t0_r0,
    "transactions"."processed_at" AS
FROM "transactions"
WHERE  ORDER BY "transactions"."created_at"
DESC LIMIT $1 OFFSET $2  [["LIMIT", 10], ["OFFSET", 0]]

Definition of Done

General

  • Write an explicit title for the Pull Request, following Conventional Commits specification
  • Test manually the implemented changes
  • Validate the code quality (indentation, syntax, style, simplicity, readability)

Security

  • Consider the security impact of the changes made

Fix invalid WHERE statement when conditions are empty
473c2be 
Given an Active Record model with PK of type UUID:

```
+class CreateCardTransactions < ActiveRecord::Migration[6.0]
+  def change
+    create_table :card_transactions, id: :uuid do |t|
+      t.timestamps
+    end
+  end
+end
```

And with a Forest collection with `search_fields` configured only for `id`
field:

```

module Forest
  class CardTransaction
    include ForestLiana::Collection

    collection :Card__Transaction

    search_fields %w[id]
  end
end
```

`SearchQueryBuilder` will generate an invalid SQL query with an empty
`WHERE` statement if search term doesn't meet `REGEX_UUID` format:

```sql
SELECT
    "transactions"."id" AS t0_r0,
    "transactions"."processed_at" AS
FROM "transactions"
WHERE  ORDER BY "transactions"."created_at"
DESC LIMIT $1 OFFSET $2  [["LIMIT", 10], ["OFFSET", 0]]

```
@madalinoprea madalinoprea changed the title Fix invalid WHERE statement when search conditions are empty fix: Skip WHERE when computed search conditions are empty Feb 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthv matthv Awaiting requested review from matthv

@nicolasalexandre9 nicolasalexandre9 Awaiting requested review from nicolasalexandre9

At least 1 approving review is required to merge this pull request.

Assignees

@matthv matthv

@nicolasalexandre9 nicolasalexandre9

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@madalinoprea @matthv @nicolasalexandre9