galovics commented on code in PR #2659:
URL: https://github.com/apache/fineract/pull/2659#discussion_r994326680
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java:
##########
@@ -183,6 +192,116 @@ public DatatableData retrieveDatatable(final String
datatable) {
return datatableData;
}
+ @Override
+ public List<JsonObject> queryDataTable(String datatable, String
columnFilter, String valueFilter, String resultColumns) {
+ Arrays.asList(datatable, columnFilter, valueFilter,
resultColumns).forEach(SQLInjectionValidator::validateDynamicQuery);
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
+ String sql = "select " + resultColumns + " from " + datatable + "
where " + columnFilter + " = ?";
+
+ List<ResultsetColumnHeaderData> resultsetColumnHeaderData =
genericDataService.fillResultsetColumnHeaders(datatable);
+ Object finalValueFilter = valueFilter;
+ SqlRowSet rowSet = null;
+ String filterColumnType =
resultsetColumnHeaderData.stream().filter(column ->
columnFilter.equals(column.getColumnName()))
+
.findFirst().map(ResultsetColumnHeaderData::getColumnType).orElse(columnFilter
+ " does not exist in datatable");
+ if (databaseTypeResolver.isPostgreSQL()) {
+ int[] argType = new int[1];
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ argType[0] = Types.BIT;
+ } else if ("boolean".equalsIgnoreCase(filterColumnType) ||
"bool".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "true",
"false", "null");
+ argType[0] = Types.BOOLEAN;
+ } else if ("integer".equalsIgnoreCase(filterColumnType)) {
Review Comment:
Not a fan of using these magic strings in the conditions, would've been
nicer if you extracted and reused them.
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java:
##########
@@ -183,6 +192,116 @@ public DatatableData retrieveDatatable(final String
datatable) {
return datatableData;
}
+ @Override
+ public List<JsonObject> queryDataTable(String datatable, String
columnFilter, String valueFilter, String resultColumns) {
+ Arrays.asList(datatable, columnFilter, valueFilter,
resultColumns).forEach(SQLInjectionValidator::validateDynamicQuery);
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
+ String sql = "select " + resultColumns + " from " + datatable + "
where " + columnFilter + " = ?";
+
+ List<ResultsetColumnHeaderData> resultsetColumnHeaderData =
genericDataService.fillResultsetColumnHeaders(datatable);
+ Object finalValueFilter = valueFilter;
+ SqlRowSet rowSet = null;
+ String filterColumnType =
resultsetColumnHeaderData.stream().filter(column ->
columnFilter.equals(column.getColumnName()))
+
.findFirst().map(ResultsetColumnHeaderData::getColumnType).orElse(columnFilter
+ " does not exist in datatable");
+ if (databaseTypeResolver.isPostgreSQL()) {
+ int[] argType = new int[1];
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ argType[0] = Types.BIT;
+ } else if ("boolean".equalsIgnoreCase(filterColumnType) ||
"bool".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "true",
"false", "null");
+ argType[0] = Types.BOOLEAN;
+ } else if ("integer".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.INTEGER;
+ } else if ("bigint".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.BIGINT;
+ } else if ("date".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DATE;
+ } else if (filterColumnType.toLowerCase().contains("timestamp")) {
+ argType[0] = Types.TIMESTAMP;
+ } else if ("numeric".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DECIMAL;
+ } else if ("text".equalsIgnoreCase(filterColumnType) || "character
varying".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.VARCHAR;
+ } else {
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ paramErrors.add(parameterErrorWithValue("400",
Review Comment:
Okay so let's decide where to put the validation logic. On the API, I
already mentioned that the validations should be one layer deeper and this
confirms it.
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java:
##########
@@ -183,6 +192,116 @@ public DatatableData retrieveDatatable(final String
datatable) {
return datatableData;
}
+ @Override
+ public List<JsonObject> queryDataTable(String datatable, String
columnFilter, String valueFilter, String resultColumns) {
+ Arrays.asList(datatable, columnFilter, valueFilter,
resultColumns).forEach(SQLInjectionValidator::validateDynamicQuery);
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
Review Comment:
Arrays.asList?
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java:
##########
@@ -183,6 +192,116 @@ public DatatableData retrieveDatatable(final String
datatable) {
return datatableData;
}
+ @Override
+ public List<JsonObject> queryDataTable(String datatable, String
columnFilter, String valueFilter, String resultColumns) {
+ Arrays.asList(datatable, columnFilter, valueFilter,
resultColumns).forEach(SQLInjectionValidator::validateDynamicQuery);
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
+ String sql = "select " + resultColumns + " from " + datatable + "
where " + columnFilter + " = ?";
+
+ List<ResultsetColumnHeaderData> resultsetColumnHeaderData =
genericDataService.fillResultsetColumnHeaders(datatable);
+ Object finalValueFilter = valueFilter;
+ SqlRowSet rowSet = null;
+ String filterColumnType =
resultsetColumnHeaderData.stream().filter(column ->
columnFilter.equals(column.getColumnName()))
+
.findFirst().map(ResultsetColumnHeaderData::getColumnType).orElse(columnFilter
+ " does not exist in datatable");
+ if (databaseTypeResolver.isPostgreSQL()) {
+ int[] argType = new int[1];
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ argType[0] = Types.BIT;
+ } else if ("boolean".equalsIgnoreCase(filterColumnType) ||
"bool".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "true",
"false", "null");
+ argType[0] = Types.BOOLEAN;
+ } else if ("integer".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.INTEGER;
+ } else if ("bigint".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.BIGINT;
+ } else if ("date".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DATE;
+ } else if (filterColumnType.toLowerCase().contains("timestamp")) {
+ argType[0] = Types.TIMESTAMP;
+ } else if ("numeric".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DECIMAL;
+ } else if ("text".equalsIgnoreCase(filterColumnType) || "character
varying".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.VARCHAR;
+ } else {
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ paramErrors.add(parameterErrorWithValue("400",
+ "Unsupported input type for datatable query! Column
filter: " + filterColumnType, "valueFilter", valueFilter));
+ throw new PlatformApiDataValidationException(paramErrors);
+ }
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
finalValueFilter }, argType);
+ } else if (databaseTypeResolver.isMySQL()) {
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ int[] argType = new int[1];
+ argType[0] = Types.BIT;
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
finalValueFilter }, argType);
+ } else if ("date".equalsIgnoreCase(filterColumnType)) {
+ int[] argType = new int[1];
+ argType[0] = Types.DATE;
+ try {
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
LocalDate.parse(valueFilter, DATA_TABLE_DATE_FORMAT_MYSQL) },
Review Comment:
Don't we need a similar logic for PG?
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/DatatablesApiResource.java:
##########
@@ -218,6 +226,55 @@ public String getDatatable(@PathParam("datatable")
@Parameter(description = "dat
return this.toApiJsonSerializer.serializePretty(prettyPrint, result);
}
+ @GET
+ @Path("{datatable}/query")
+ @Produces({ MediaType.APPLICATION_JSON })
+ @Operation(summary = "Query Data Table values", description = "Query
values from a registered data table.")
+ @ApiResponses({
+ @ApiResponse(responseCode = "200", description = "OK", content =
@Content(schema = @Schema(implementation = List.class))) })
+ public String queryValues(@PathParam("datatable") @Parameter(description =
"datatable") final String datatable,
+ @QueryParam("columnFilter") @Parameter(description =
"columnFilter") final String columnFilter,
+ @QueryParam("valueFilter") @Parameter(description = "valueFilter")
final String valueFilter,
+ @QueryParam("resultColumns") @Parameter(description =
"resultColumns") final String resultColumns,
+ @Context final UriInfo uriInfo) {
+
this.context.authenticatedUser().validateHasDatatableReadPermission(datatable);
+ List<String> dataTableColumnNames =
genericDataService.fillResultsetColumnHeaders(datatable).stream()
+ .map(ResultsetColumnHeaderData::getColumnName).toList();
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ if (columnFilter == null || columnFilter.isEmpty()) {
+ paramErrors.add(parameterErrorWithValue("400", "Column filter is
empty!", "columnFilter", columnFilter));
+ } else {
+ if (!dataTableColumnNames.contains(columnFilter)) {
+ paramErrors.add(parameterErrorWithValue("400", "Column filter
not exist in datatable!", "columnFilter", columnFilter));
+ }
+ }
+
+ if (valueFilter == null || valueFilter.isEmpty()) {
+ paramErrors.add(parameterErrorWithValue("400", "Value filter is
empty!", "valueFilter", valueFilter));
+ }
+
+ if (resultColumns == null || resultColumns.isEmpty()) {
+ paramErrors.add(parameterErrorWithValue("400", "Result columns
filter is empty!", "resultColumns", resultColumns));
+ } else {
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
Review Comment:
Why create a stream from it? Simple Arrays.asList?
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java:
##########
@@ -183,6 +192,116 @@ public DatatableData retrieveDatatable(final String
datatable) {
return datatableData;
}
+ @Override
+ public List<JsonObject> queryDataTable(String datatable, String
columnFilter, String valueFilter, String resultColumns) {
+ Arrays.asList(datatable, columnFilter, valueFilter,
resultColumns).forEach(SQLInjectionValidator::validateDynamicQuery);
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
+ String sql = "select " + resultColumns + " from " + datatable + "
where " + columnFilter + " = ?";
+
+ List<ResultsetColumnHeaderData> resultsetColumnHeaderData =
genericDataService.fillResultsetColumnHeaders(datatable);
+ Object finalValueFilter = valueFilter;
+ SqlRowSet rowSet = null;
+ String filterColumnType =
resultsetColumnHeaderData.stream().filter(column ->
columnFilter.equals(column.getColumnName()))
+
.findFirst().map(ResultsetColumnHeaderData::getColumnType).orElse(columnFilter
+ " does not exist in datatable");
+ if (databaseTypeResolver.isPostgreSQL()) {
+ int[] argType = new int[1];
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ argType[0] = Types.BIT;
+ } else if ("boolean".equalsIgnoreCase(filterColumnType) ||
"bool".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "true",
"false", "null");
+ argType[0] = Types.BOOLEAN;
+ } else if ("integer".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.INTEGER;
+ } else if ("bigint".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.BIGINT;
+ } else if ("date".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DATE;
+ } else if (filterColumnType.toLowerCase().contains("timestamp")) {
+ argType[0] = Types.TIMESTAMP;
+ } else if ("numeric".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DECIMAL;
+ } else if ("text".equalsIgnoreCase(filterColumnType) || "character
varying".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.VARCHAR;
+ } else {
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ paramErrors.add(parameterErrorWithValue("400",
+ "Unsupported input type for datatable query! Column
filter: " + filterColumnType, "valueFilter", valueFilter));
+ throw new PlatformApiDataValidationException(paramErrors);
+ }
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
finalValueFilter }, argType);
+ } else if (databaseTypeResolver.isMySQL()) {
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ int[] argType = new int[1];
+ argType[0] = Types.BIT;
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
finalValueFilter }, argType);
+ } else if ("date".equalsIgnoreCase(filterColumnType)) {
+ int[] argType = new int[1];
+ argType[0] = Types.DATE;
+ try {
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
LocalDate.parse(valueFilter, DATA_TABLE_DATE_FORMAT_MYSQL) },
+ argType); // NOSONAR
+ } catch (DateTimeParseException e) {
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ paramErrors.add(parameterErrorWithValue("400",
+ "Unsupported input type for datatable query! Use
format: 'yyyy-MM-dd'. Column filter: " + filterColumnType,
+ "valueFilter", valueFilter));
+ throw new PlatformApiDataValidationException(paramErrors,
e);
+ }
+ } else if ("datetime".equals(filterColumnType)) {
+ int[] argType = new int[1];
+ argType[0] = Types.TIMESTAMP;
+ try {
+ rowSet = jdbcTemplate.queryForRowSet(sql,
+ new Object[] { LocalDateTime.parse(valueFilter,
DATA_TABLE_DATETIME_FORMAT_MYSQL) }, argType); // NOSONAR
+ } catch (DateTimeParseException e) {
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ paramErrors.add(parameterErrorWithValue("400",
+ "Unsupported input type for datatable query! Use
format: 'yyyy-MM-dd HH:mm:ss'. Column filter: "
+ + filterColumnType,
+ "valueFilter", valueFilter));
+ throw new PlatformApiDataValidationException(paramErrors,
e);
+ }
+ } else {
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
finalValueFilter }); // NOSONAR
+ }
+ }
+
+ List<JsonObject> results = new ArrayList<>();
+ while (rowSet.next()) {
+ JsonObject json = new JsonObject();
+ for (String rcn : resultColumnNames) {
+ Object rowValue = rowSet.getObject(rcn);
+ if (rowValue != null) {
+ if (rowValue instanceof Character) {
+ json.addProperty(rcn, (Character) rowValue);
+ } else if (rowValue instanceof Number) {
+ json.addProperty(rcn, new
BigDecimal(rowValue.toString()));
+ } else if (rowValue instanceof Boolean) {
+ json.addProperty(rcn, (Boolean) rowValue);
+ } else if (rowValue instanceof LocalDateTime) {
+ json.addProperty(rcn,
DATA_TABLE_DATETIME_FORMAT_MYSQL.format((LocalDateTime) rowValue));
Review Comment:
Very misleading to use the MySQL format here. Let's dupe this member and
name it properly like DATA_TABLE_RESULT_DATETIME_FORMAT, or something similar
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/api/DatatablesApiResource.java:
##########
@@ -218,6 +226,55 @@ public String getDatatable(@PathParam("datatable")
@Parameter(description = "dat
return this.toApiJsonSerializer.serializePretty(prettyPrint, result);
}
+ @GET
+ @Path("{datatable}/query")
+ @Produces({ MediaType.APPLICATION_JSON })
+ @Operation(summary = "Query Data Table values", description = "Query
values from a registered data table.")
+ @ApiResponses({
+ @ApiResponse(responseCode = "200", description = "OK", content =
@Content(schema = @Schema(implementation = List.class))) })
+ public String queryValues(@PathParam("datatable") @Parameter(description =
"datatable") final String datatable,
+ @QueryParam("columnFilter") @Parameter(description =
"columnFilter") final String columnFilter,
+ @QueryParam("valueFilter") @Parameter(description = "valueFilter")
final String valueFilter,
+ @QueryParam("resultColumns") @Parameter(description =
"resultColumns") final String resultColumns,
+ @Context final UriInfo uriInfo) {
+
this.context.authenticatedUser().validateHasDatatableReadPermission(datatable);
+ List<String> dataTableColumnNames =
genericDataService.fillResultsetColumnHeaders(datatable).stream()
Review Comment:
I think we should move this logic one layer deeper and not have it on the
API level, at least according to the current practices in fineract.
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java:
##########
@@ -183,6 +192,116 @@ public DatatableData retrieveDatatable(final String
datatable) {
return datatableData;
}
+ @Override
+ public List<JsonObject> queryDataTable(String datatable, String
columnFilter, String valueFilter, String resultColumns) {
+ Arrays.asList(datatable, columnFilter, valueFilter,
resultColumns).forEach(SQLInjectionValidator::validateDynamicQuery);
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
+ String sql = "select " + resultColumns + " from " + datatable + "
where " + columnFilter + " = ?";
+
+ List<ResultsetColumnHeaderData> resultsetColumnHeaderData =
genericDataService.fillResultsetColumnHeaders(datatable);
+ Object finalValueFilter = valueFilter;
+ SqlRowSet rowSet = null;
+ String filterColumnType =
resultsetColumnHeaderData.stream().filter(column ->
columnFilter.equals(column.getColumnName()))
+
.findFirst().map(ResultsetColumnHeaderData::getColumnType).orElse(columnFilter
+ " does not exist in datatable");
+ if (databaseTypeResolver.isPostgreSQL()) {
+ int[] argType = new int[1];
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ argType[0] = Types.BIT;
+ } else if ("boolean".equalsIgnoreCase(filterColumnType) ||
"bool".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "true",
"false", "null");
+ argType[0] = Types.BOOLEAN;
+ } else if ("integer".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.INTEGER;
+ } else if ("bigint".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.BIGINT;
+ } else if ("date".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DATE;
+ } else if (filterColumnType.toLowerCase().contains("timestamp")) {
+ argType[0] = Types.TIMESTAMP;
+ } else if ("numeric".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DECIMAL;
+ } else if ("text".equalsIgnoreCase(filterColumnType) || "character
varying".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.VARCHAR;
+ } else {
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ paramErrors.add(parameterErrorWithValue("400",
+ "Unsupported input type for datatable query! Column
filter: " + filterColumnType, "valueFilter", valueFilter));
+ throw new PlatformApiDataValidationException(paramErrors);
+ }
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
finalValueFilter }, argType);
Review Comment:
I don't think we need the `new Object[]`
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/dataqueries/service/ReadWriteNonCoreDataServiceImpl.java:
##########
@@ -183,6 +192,116 @@ public DatatableData retrieveDatatable(final String
datatable) {
return datatableData;
}
+ @Override
+ public List<JsonObject> queryDataTable(String datatable, String
columnFilter, String valueFilter, String resultColumns) {
+ Arrays.asList(datatable, columnFilter, valueFilter,
resultColumns).forEach(SQLInjectionValidator::validateDynamicQuery);
+ List<String> resultColumnNames =
Stream.of(resultColumns.split(",")).toList();
+ String sql = "select " + resultColumns + " from " + datatable + "
where " + columnFilter + " = ?";
+
+ List<ResultsetColumnHeaderData> resultsetColumnHeaderData =
genericDataService.fillResultsetColumnHeaders(datatable);
+ Object finalValueFilter = valueFilter;
+ SqlRowSet rowSet = null;
+ String filterColumnType =
resultsetColumnHeaderData.stream().filter(column ->
columnFilter.equals(column.getColumnName()))
+
.findFirst().map(ResultsetColumnHeaderData::getColumnType).orElse(columnFilter
+ " does not exist in datatable");
+ if (databaseTypeResolver.isPostgreSQL()) {
+ int[] argType = new int[1];
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "1", "0",
"null");
+ argType[0] = Types.BIT;
+ } else if ("boolean".equalsIgnoreCase(filterColumnType) ||
"bool".equalsIgnoreCase(filterColumnType)) {
+ finalValueFilter =
BooleanUtils.toString(BooleanUtils.toBooleanObject(valueFilter), "true",
"false", "null");
+ argType[0] = Types.BOOLEAN;
+ } else if ("integer".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.INTEGER;
+ } else if ("bigint".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.BIGINT;
+ } else if ("date".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DATE;
+ } else if (filterColumnType.toLowerCase().contains("timestamp")) {
+ argType[0] = Types.TIMESTAMP;
+ } else if ("numeric".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.DECIMAL;
+ } else if ("text".equalsIgnoreCase(filterColumnType) || "character
varying".equalsIgnoreCase(filterColumnType)) {
+ argType[0] = Types.VARCHAR;
+ } else {
+ List<ApiParameterError> paramErrors = new ArrayList<>();
+ paramErrors.add(parameterErrorWithValue("400",
+ "Unsupported input type for datatable query! Column
filter: " + filterColumnType, "valueFilter", valueFilter));
+ throw new PlatformApiDataValidationException(paramErrors);
+ }
+ rowSet = jdbcTemplate.queryForRowSet(sql, new Object[] {
finalValueFilter }, argType);
+ } else if (databaseTypeResolver.isMySQL()) {
+ if ("bit".equalsIgnoreCase(filterColumnType)) {
+ int[] argType = new int[1];
+ argType[0] = Types.BIT;
Review Comment:
Isn't this duplicated logic from the postgresql branch?
##########
build.gradle:
##########
@@ -171,6 +171,7 @@ allprojects {
reportDir = file("$buildDir/reports/rat")
excludes = [
'**/src/main/templates/**/*.mustache',
+ '**/src/main/generated/**',
Review Comment:
The generated Java files should also have licenses. Please remove this.
##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLInjectionValidator.java:
##########
@@ -35,7 +35,7 @@ private SQLInjectionValidator() {
private static final String[] COMMENTS = { "--", "({", "/*", "#" };
- private static final String SQL_PATTERN = "[a-zA-Z_=,\\-'!><.?\"`%
()0-9*\n\r]*";
+ private static final String SQL_PATTERN = "[a-zA-Z_=,\\-:'!><.?\"`%
()0-9*\n\r]*";
Review Comment:
One thing here. If you really wanna touch this class then cover these with
tests. We literally have zero coverage on this and we could easily break it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
