RubyGems - active_median - Versions diffs - 0.2.8 → 0.3.0 - Mend

active_median 0.2.8 → 0.3.0

Files changed (6) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9f779fe5268fc1347cd94c47fc55a3322a3d52282539d0ca7d001e37c405f9a1
-  data.tar.gz: 37d6b834f1857f6119d3ec7969d422f7d4f3fcbeaa1645d8bc0f8a3f10824c04
+  metadata.gz: 10eda8c3a8100441196584a8188a6bbd09829e5494d1f39a8faa8e9f77e98fcd
+  data.tar.gz: a6c2a49151b3ead3d6e7cf0d2eff4fc8d5d455b7d3fcee35b15645372863f37f
 SHA512:
-  metadata.gz: 180be6b9f59bc10e2bc0e708f4d8ad01d4d3d7a27d95707162ef45c4478ff858d6b6b5a2f598b6c411bf0e4942f02f0a13a642b04746e79fb124c2c6d70e58cb
-  data.tar.gz: db9436660c4fa4e2bdd80af101dbc8723f46781f17eeeecc57e8015a2510d9429bce6f38f93b210c82b2499b3dae787df26c1d0e898280af98174738a29eb984
+  metadata.gz: baeda2f4c8fa2b36c5fb29b2afc1daecbbd6a242e9e761b65503eba7868f55d7a9ccd0c39fe645c032cd5aab3f6d79a6ce63bdba6950277fab588883d89911e7
+  data.tar.gz: d8b888c42e7731b07c15a283b17ee28e2b6dc0a279f6dd417390b087fd6454bbcf3ff5659a73f3ec27067260499765584952e8e107ecd2be6d858a913d775cea

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,10 @@
+## 0.3.0 (2021-02-08)
+- Added column alias
+- Added support for percentiles with SQLite (switched extensions)
+- Raise `ActiveRecord::UnknownAttributeReference` for non-attribute arguments
+- Dropped support for Active Record < 5.2
 ## 0.2.8 (2021-01-16)
 - Fixed bug with removing order

data/README.md CHANGED Viewed

@@ -44,19 +44,6 @@ Works with grouping, too
 Order.group(:store_id).median(:total)
 ```
-## User Input
-If passing user input as the column, be sure to sanitize it first [like you must](https://rails-sqli.org/) with other aggregate methods like `sum`.
-```ruby
-column = params[:column]
-# check against permitted columns
-raise "Unpermitted column" unless ["column_a", "column_b"].include?(column)
-User.median(column)
-```
 ## Arrays and Hashes
 Median
@@ -94,10 +81,10 @@ mysql <options> < load.sql
 ### SQLite
-SQLite requires a [community extension](https://www.sqlite.org/contrib). Download [extension-functions.c](https://www.sqlite.org/contrib/download/extension-functions.c) and follow the [instructions for compiling loadable extensions](https://www.sqlite.org/loadext.html#compiling_a_loadable_extension) for your platform. On Mac, use:
+SQLite requires an extension. Download [percentile.c](https://www.sqlite.org/src/file?name=ext/misc/percentile.c&ci=d49c32e6e7cc341b) and follow the [instructions for compiling loadable extensions](https://www.sqlite.org/loadext.html#compiling_a_loadable_extension) for your platform. On Mac, use:
 ```sh
-gcc -g -fPIC -dynamiclib extension-functions.c -o extension-functions.dylib
+gcc -g -fPIC -dynamiclib -L/usr/local/opt/sqlite/lib -lsqlite3 percentile.c -o percentile.dylib
 ```
 To load it in Rails, create an initializer with:
@@ -105,15 +92,21 @@ To load it in Rails, create an initializer with:
 ```ruby
 db = ActiveRecord::Base.connection.raw_connection
 db.enable_load_extension(1)
-db.load_extension("extension-functions.dylib")
+db.load_extension("percentile.dylib")
 db.enable_load_extension(0)
 ```
 ## Upgrading
-### 0.2.0
+### 0.3.0
+ActiveMedian 0.3.0 protects against unsafe input by default. For non-attribute arguments, use:
+```ruby
+Item.median(Arel.sql(known_safe_value))
+```
-A user-defined function is no longer needed for Postgres. Create a migration with `ActiveMedian.drop_function` to remove it.
+Also, percentiles are now supported with SQLite. Use the [percentile extension](#sqlite) instead of `extension-functions`.
 ## Contributing

data/lib/active_median/model.rb CHANGED Viewed

@@ -1,20 +1,34 @@
 module ActiveMedian
   module Model
     def median(column)
-      percentile(column, 0.5)
+      calculate_percentile(column, 0.5, "median")
     end
     def percentile(column, percentile)
+      calculate_percentile(column, percentile, "percentile")
+    end
+    private
+    def calculate_percentile(column, percentile, operation)
       percentile = percentile.to_f
       raise ArgumentError, "percentile is not between 0 and 1" if percentile < 0 || percentile > 1
       # basic version of Active Record disallow_raw_sql!
       # symbol = column (safe), Arel node = SQL (safe), other = untrusted
       # matches table.column and column
-      unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral) || /\A\w+(\.\w+)?\z/i.match(column.to_s)
-        warn "[active_median] Non-attribute argument: #{column}. Use Arel.sql() for known-safe values. This will raise an error in ActiveMedian 0.3.0"
+      unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral)
+        column = column.to_s
+        unless /\A\w+(\.\w+)?\z/i.match(column)
+          raise ActiveRecord::UnknownAttributeReference, "Query method called with non-attribute argument(s): #{column.inspect}. Use Arel.sql() for known-safe values."
+        end
       end
+      column_alias = relation.send(:column_alias_for, "#{operation} #{column.to_s.downcase}")
+      # safety check
+      # could quote, but want to keep consistent with Active Record
+      raise "Bad column alias: #{column_alias}. Please report a bug." unless column_alias =~ /\A[a-z0-9_]+\z/
       # column resolution
       node = relation.send(:arel_columns, [column]).first
       node = Arel::Nodes::SqlLiteral.new(node) if node.is_a?(String)
@@ -37,31 +51,21 @@ module ActiveMedian
               over = "PARTITION BY #{group_values.join(", ")}"
             end
-            select(*group_values, "PERCENTILE_CONT(#{percentile}) WITHIN GROUP (ORDER BY #{column}) OVER (#{over})").unscope(:group)
+            select(*group_values, "PERCENTILE_CONT(#{percentile}) WITHIN GROUP (ORDER BY #{column}) OVER (#{over}) AS #{column_alias}").unscope(:group)
           else
             # if mysql gets native function, check (and memoize) version first
-            select(*group_values, "PERCENTILE_CONT(#{column}, #{percentile})")
+            select(*group_values, "PERCENTILE_CONT(#{column}, #{percentile}) AS #{column_alias}")
           end
         when /sqlserver/i
           if group_values.any?
             over = "PARTITION BY #{group_values.join(", ")}"
           end
-          select(*group_values, "PERCENTILE_CONT(#{percentile}) WITHIN GROUP (ORDER BY #{column}) OVER (#{over})").unscope(:group)
+          select(*group_values, "PERCENTILE_CONT(#{percentile}) WITHIN GROUP (ORDER BY #{column}) OVER (#{over}) AS #{column_alias}").unscope(:group)
         when /sqlite/i
-          case percentile.to_f
-          when 0
-            select(*group_values, "MIN(#{column})")
-          when 0.5
-            select(*group_values, "MEDIAN(#{column})")
-          when 1
-            select(*group_values, "MAX(#{column})")
-          else
-            # LOWER_QUARTILE and UPPER_QUARTILE use different calculation than 0.25 and 0.75
-            raise "SQLite only supports 0, 0.5, and 1 percentiles"
-          end
+          select(*group_values, "PERCENTILE(#{column}, #{percentile} * 100) AS #{column_alias}")
         when /postg/i, /redshift/i # postgis too
-          select(*group_values, "PERCENTILE_CONT(#{percentile}) WITHIN GROUP (ORDER BY #{column})")
+          select(*group_values, "PERCENTILE_CONT(#{percentile}) WITHIN GROUP (ORDER BY #{column}) AS #{column_alias}")
         else
           raise "Connection adapter not supported: #{connection.adapter_name}"
         end

data/lib/active_median/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ActiveMedian
-  VERSION = "0.2.8"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: active_median
 version: !ruby/object:Gem::Version
-  version: 0.2.8
+  version: 0.3.0
 platform: ruby
 authors:
 - Andrew Kane
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-17 00:00:00.000000000 Z
+date: 2021-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,100 +16,16 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: pg
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: activerecord
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: groupdate
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
+        version: '5.2'
 description:
-email: andrew@chartkick.com
+email: andrew@ankane.org
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -134,7 +50,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.4'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="