forest_admin_datasource_active_record 1.8.8 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b16fe13a23203f8a9cd4fc0d2d6d2d2ea0e6ae67199eeb3f24e532f5b48ba6b5
-  data.tar.gz: 443f1a78c1b248ccd87bf47a9389384ca734c971930afe328370a79b549a0c4d
+  metadata.gz: 170e64b890a05d2f678230fba338694e6cebef10c78457da444dfb9ab4844b15
+  data.tar.gz: e45e041d369193105109cced86355df152791bdb3fc895d3b66cc7ec248bd963
 SHA512:
-  metadata.gz: e5753a7d39a2bbb7b32e88b4ba0aaf0953c57ea926f2674669d633ab85b70422cc0428afeb3d64838f27a2ebb6b468ea85e1e6d30dbf154b659966663f5b9503
-  data.tar.gz: 2e1e77c261b33343aebcfd94172c843031249d8e61fc6f0a7a3ec2d0219f12ea420c2fdceb4ba8082c5435069ab6068f2704361b7935514b303b8e1a638ac298
+  metadata.gz: 28680f12d1bc77bca4e1eb7b61208c2f5491184ea7d5a8a58a242069f6c922ba693d89eee1b3708070ce41776e43b72fd166896310fdc08869cdd95f69607ff7
+  data.tar.gz: 2f6a6ad5ac5407dab6ace295cc0c988dd79ffbd0e2da56beeb2e40639774e2342d8a20a34e5bf42f72a177334a90d2e64cee215fe3021e6f705c686c11730ce5

data/lib/forest_admin_datasource_active_record/utils/query_aggregate.rb

@@ -21,7 +21,8 @@ module ForestAdminDatasourceActiveRecord
         @aggregation.groups.each do |group|
           field = format_field(group[:field])
           if group[:operation]
-            date_trunc_expression = date_trunc_sql(group[:operation], field)
+            # Pass original field name for validation before SQL generation
+            date_trunc_expression = date_trunc_sql(group[:operation], field, group[:field])
             @select << "#{date_trunc_expression} AS \"#{group[:field]}\""
             group_fields << date_trunc_expression
           else
@@ -56,11 +57,31 @@ module ForestAdminDatasourceActiveRecord
         @query
       end
 
+      # Whitelist of valid date truncation operations
+      VALID_DATE_OPERATIONS = %w[
+        second
+        minute
+        hour
+        day
+        week
+        month
+        quarter
+        year
+      ].freeze
+
       private
 
-      def date_trunc_sql(operation, field)
+      def date_trunc_sql(operation, field, original_field_name = nil)
         adapter_name = @collection.model.connection.adapter_name.downcase
-        operation = operation.downcase
+        operation = operation.to_s.downcase
+
+        unless VALID_DATE_OPERATIONS.include?(operation)
+          raise ForestAdminDatasourceToolkit::Exceptions::ValidationError,
+                "Invalid date truncation operation: '#{operation}'. " \
+                "Allowed values: #{VALID_DATE_OPERATIONS.join(", ")}"
+        end
+
+        validate_field_exists!(original_field_name || field)
 
         case adapter_name
         when 'postgresql'
@@ -74,6 +95,14 @@ module ForestAdminDatasourceActiveRecord
         end
       end
 
+      def validate_field_exists!(field)
+        ForestAdminDatasourceToolkit::Utils::Collection.get_field_schema(@collection, field)
+      rescue ForestAdminDatasourceToolkit::Exceptions::ForestException => e
+        # Re-raise as ValidationError for consistency with other validation errors in this class
+        raise ForestAdminDatasourceToolkit::Exceptions::ValidationError,
+              "Invalid field '#{field}': #{e.message}"
+      end
+
       # rubocop:disable Layout/LineLength
       def mysql_date_trunc(operation, field)
         case operation

data/lib/forest_admin_datasource_active_record/version.rb

@@ -1,3 +1,3 @@
 module ForestAdminDatasourceActiveRecord
-  VERSION = "1.8.8"
+  VERSION = "1.9.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: forest_admin_datasource_active_record
 version: !ruby/object:Gem::Version
-  version: 1.8.8
+  version: 1.9.0
 platform: ruby
 authors:
 - Matthieu