dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #24502
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 12023: Event analytics api, properly encoding query filter values
------------------------------------------------------------
revno: 12023
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2013-09-10 16:22:41 +0200
message:
Event analytics api, properly encoding query filter values
modified:
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/QueryItem.java
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java
dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java
dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/AbstractStatementBuilder.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/QueryItem.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/QueryItem.java 2013-08-23 16:05:01 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/QueryItem.java 2013-09-10 14:22:41 +0000
@@ -28,12 +28,10 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.system.util.TextUtils;
/**
* @author Lars Helge Overland
@@ -92,27 +90,6 @@
return OPERATOR_MAP.get( operator.toLowerCase() );
}
- public String getSqlFilter()
- {
- if ( operator == null || filter == null )
- {
- return null;
- }
-
- if ( operator.equals( "like" ) )
- {
- return "'%" + filter.toLowerCase() + "%'";
- }
- else if ( operator.equals( "in" ) )
- {
- String[] split = filter.toLowerCase().split( ":" );
-
- return "(" + TextUtils.getQuotedCommaDelimitedString( Arrays.asList( split ) ) + ")";
- }
-
- return "'" + filter.toLowerCase() + "'";
- }
-
@Override
public String toString()
{
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java 2013-09-02 17:38:21 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java 2013-09-10 14:22:41 +0000
@@ -33,11 +33,14 @@
import static org.hisp.dhis.system.util.TextUtils.getQuotedCommaDelimitedString;
import static org.hisp.dhis.system.util.TextUtils.removeLast;
+import java.util.Arrays;
+
import org.hisp.dhis.analytics.event.EventAnalyticsManager;
import org.hisp.dhis.analytics.event.EventQueryParams;
import org.hisp.dhis.analytics.event.QueryItem;
import org.hisp.dhis.common.Grid;
import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.jdbc.StatementBuilder;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.system.util.TextUtils;
import org.hisp.dhis.system.util.Timer;
@@ -53,6 +56,9 @@
{
@Autowired
private JdbcTemplate jdbcTemplate;
+
+ @Autowired
+ private StatementBuilder statementBuilder;
// -------------------------------------------------------------------------
// EventAnalyticsManager implementation
@@ -111,8 +117,8 @@
for ( QueryItem filter : params.getItems() )
{
if ( filter.hasFilter() )
- {
- sql += "and lower(" + filter.getItem().getUid() + ") " + filter.getSqlOperator() + " " + filter.getSqlFilter() + " ";
+ {
+ sql += "and lower(" + filter.getItem().getUid() + ") " + filter.getSqlOperator() + " " + getSqlFilter( filter ) + " ";
}
}
@@ -172,4 +178,34 @@
return grid;
}
+
+ // -------------------------------------------------------------------------
+ // Supportive methods
+ // -------------------------------------------------------------------------
+
+ private String getSqlFilter( QueryItem item )
+ {
+ String operator = item.getOperator();
+ String filter = item.getFilter();
+
+ if ( operator == null || filter == null )
+ {
+ return null;
+ }
+
+ filter = statementBuilder.encode( filter, false );
+
+ if ( operator.equals( "like" ) )
+ {
+ return "'%" + filter.toLowerCase() + "%'";
+ }
+ else if ( operator.equals( "in" ) )
+ {
+ String[] split = filter.toLowerCase().split( ":" );
+
+ return "(" + TextUtils.getQuotedCommaDelimitedString( Arrays.asList( split ) ) + ")";
+ }
+
+ return "'" + filter.toLowerCase() + "'";
+ }
}
=== modified file 'dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java'
--- dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2013-09-01 18:30:05 +0000
+++ dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2013-09-10 14:22:41 +0000
@@ -44,13 +44,21 @@
//--------------------------------------------------------------------------
/**
+ * Encodes the provided SQL value. Value will be wrapped in quotes.
+ *
+ * @param value the value.
+ * @return the SQL encoded value.
+ */
+ String encode( String value );
+
+ /**
* Encodes the provided SQL value.
*
* @param value the value.
+ * @param quote whether to wrap the resulting value in quotes.
* @return the SQL encoded value.
*/
- String encode( String value );
-
+ String encode( String value, boolean quote );
/**
* Returns the character used to quote database table and column names.
*
=== modified file 'dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/AbstractStatementBuilder.java'
--- dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/AbstractStatementBuilder.java 2013-08-23 16:05:01 +0000
+++ dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/AbstractStatementBuilder.java 2013-09-10 14:22:41 +0000
@@ -42,13 +42,19 @@
@Override
public String encode( String value )
{
+ return encode( value, true );
+ }
+
+ @Override
+ public String encode( String value, boolean quote )
+ {
if ( value != null )
{
value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value;
value = value.replaceAll( QUOTE, QUOTE + QUOTE );
}
- return QUOTE + value + QUOTE;
+ return quote ? ( QUOTE + value + QUOTE ) : value;
}
@Override
