dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #35645
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 18235: Sql view, validation, skipping sql view grammar validation for query type sql views.
------------------------------------------------------------
revno: 18235
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2015-02-12 10:51:39 +0100
message:
Sql view, validation, skipping sql view grammar validation for query type sql views.
modified:
dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/sqlview/DefaultSqlViewService.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/UpdateSqlViewAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/ValidateAddUpdateSqlViewAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/javascript/sqlView.js
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/updateSqlViewForm.vm
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/sqlview/DefaultSqlViewService.java'
--- dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/sqlview/DefaultSqlViewService.java 2015-02-12 09:28:20 +0000
+++ dhis-2/dhis-services/dhis-service-administration/src/main/java/org/hisp/dhis/sqlview/DefaultSqlViewService.java 2015-02-12 09:51:39 +0000
@@ -38,7 +38,6 @@
/**
* @author Dang Duy Hieu
- * @version $Id DefaultSqlViewService.java July 06, 2010$
*/
@Transactional
public class DefaultSqlViewService
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/UpdateSqlViewAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/UpdateSqlViewAction.java 2015-02-11 22:50:44 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/UpdateSqlViewAction.java 2015-02-12 09:51:39 +0000
@@ -76,13 +76,6 @@
this.sqlquery = sqlquery;
}
- private boolean query;
-
- public void setQuery( boolean query )
- {
- this.query = query;
- }
-
// -------------------------------------------------------------------------
// Action implementation
// -------------------------------------------------------------------------
@@ -94,7 +87,6 @@
sqlView.setDescription( description.replaceAll( "\\s+", " " ).trim() );
sqlView.setSqlQuery( sqlquery );
- sqlView.setQuery( query );
sqlViewService.updateSqlView( sqlView.cleanSqlQuery() );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/ValidateAddUpdateSqlViewAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/ValidateAddUpdateSqlViewAction.java 2015-02-12 09:28:20 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/java/org/hisp/dhis/dataadmin/action/sqlview/ValidateAddUpdateSqlViewAction.java 2015-02-12 09:51:39 +0000
@@ -97,6 +97,13 @@
this.sqlquery = sqlquery;
}
+ private boolean query;
+
+ public void setQuery( boolean query )
+ {
+ this.query = query;
+ }
+
// -------------------------------------------------------------------------
// Output
// -------------------------------------------------------------------------
@@ -112,6 +119,8 @@
// Action implementation
// -------------------------------------------------------------------------
+ //TODO move to service layer and validate queries made in web api
+
@Override
public String execute()
{
@@ -138,7 +147,7 @@
return INPUT;
}
- final String validationRegex = getValidationRegex();
+ final String protectedTablesRegex = getProtectedTablesRegex();
for ( String s : sqlquery.split( SEMICOLON ) )
{
@@ -151,7 +160,7 @@
return INPUT;
}
- if ( tmp.concat( SPACE ).matches( validationRegex ) )
+ if ( tmp.concat( SPACE ).matches( protectedTablesRegex ) )
{
message = i18n.getString( "sqlquery_is_not_allowed" );
@@ -159,8 +168,11 @@
}
}
- message = sqlViewService.testSqlGrammar( sqlquery );
-
+ if ( !query )
+ {
+ message = sqlViewService.testSqlGrammar( sqlquery );
+ }
+
if ( message != null )
{
return INPUT;
@@ -173,7 +185,7 @@
// Supportive methods
// -------------------------------------------------------------------------
- private String getValidationRegex()
+ private String getProtectedTablesRegex()
{
int i = 0;
int len = PROTECTED_TABLES.size();
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/javascript/sqlView.js'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/javascript/sqlView.js 2015-01-16 13:34:21 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/javascript/sqlView.js 2015-02-12 09:51:39 +0000
@@ -3,6 +3,7 @@
function validateAddUpdateSqlView( mode ) {
var name = $("#name").val();
var sqlquery = $("#sqlquery").val();
+ var query = $("#query").val();
$.ajax( {
url: "validateAddUpdateSqlView.action",
@@ -10,6 +11,7 @@
data: {
"name": name,
"sqlquery": sqlquery,
+ "query": query,
"mode": mode
},
dataType: "json",
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/updateSqlViewForm.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/updateSqlViewForm.vm 2015-02-11 22:32:01 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/webapp/dhis-web-maintenance-dataadmin/updateSqlViewForm.vm 2015-02-12 09:51:39 +0000
@@ -7,6 +7,7 @@
<div>
<input type="hidden" id="id" name="id" value="$!sqlViewObject.id" />
<input type="hidden" id="name" name="name" value="$!encoder.htmlEncode( $!sqlViewObject.name )" />
+ <input type="hidden" id="query" name="query" value="$!encoder.htmlEncode( $!sqlViewObject.query )" />
</div>
<table>
@@ -26,13 +27,8 @@
</td>
</tr>
<tr>
- <td><label for="query">$encoder.htmlEncode( $i18n.getString( "sql_type" ) )</label></td>
- <td>
- <select id="query" name="query">
- <option value="false">$i18n.getString( "sql_view_type" ) ($i18n.getString( "created_in_database" ))</option>
- <option value="true"#if( $sqlViewObject.query == true ) selected="selected"#end>$i18n.getString( "sql_query_type" ) ($i18n.getString( "allows_for_variables" ))</option>
- </select>
- </td>
+ <td><label>$encoder.htmlEncode( $i18n.getString( "sql_type" ) )</label></td>
+ <td><input type="text" disabled="disabled" value="#if( $sqlViewObject.query == true )$i18n.getString( "sql_query_type" )#else$i18n.getString( "sql_view_type" )#end"/></td>
</tr>
<tr>
<td><label for="sql_statement">$encoder.htmlEncode( $i18n.getString( "sql_statement" ) ) <em title="$i18n.getString( 'required' )" class="required">*</em></label></td>
