pod4 0.7.2 → 0.8.0

data/lib/pod4/tds_interface.rb

@@ -5,6 +5,7 @@ require 'bigdecimal'
 
 require_relative 'interface'
 require_relative 'errors'
+require_relative 'sql_helper'
 
 
 module Pod4
@@ -22,7 +23,10 @@ module Pod4
   #       set_id_fld :id
   #     end
   #
+  # Note: TinyTDS does not appear to support parameterised queries! 
+  #
   class TdsInterface < Interface
+    include SQLHelper
 
     attr_reader :id_fld
 
@@ -89,9 +93,10 @@ module Pod4
     # much ignored.
     #
     def initialize(connectHash, testClient=nil)
-      raise(Pod4Error, 'no call to set_db in the interface definition') if self.class.db.nil?
-      raise(Pod4Error, 'no call to set_table in the interface definition') if self.class.table.nil?
-      raise(Pod4Error, 'no call to set_id_fld in the interface definition') if self.class.id_fld.nil?
+      sc = self.class
+      raise(Pod4Error, 'no call to set_db in the interface definition')     if sc.db.nil?
+      raise(Pod4Error, 'no call to set_table in the interface definition')  if sc.table.nil?
+      raise(Pod4Error, 'no call to set_id_fld in the interface definition') if sc.id_fld.nil?
       raise(ArgumentError, 'invalid connection hash') unless connectHash.kind_of?(Hash)
 
       @connect_hash = connectHash.dup
@@ -115,6 +120,10 @@ module Pod4
       schema ? %Q|[#{schema}].[#{table}]| : %Q|[#{table}]|
     end
 
+    def quote_field(fld)
+      "[#{super(fld, nil)}]"
+    end
+
 
     ##
     # Selection is a hash or something like it: keys should be field names. We return any records
@@ -125,17 +134,8 @@ module Pod4
       raise(Pod4::DatabaseError, 'selection parameter is not a hash') \
         unless selection.nil? || selection.respond_to?(:keys)
 
-      if selection
-        sel = selection.map {|k,v| "[#{k}] = #{quote v}" }.join(" and ")
-        sql = %Q|select * 
-                     from #{quoted_table}
-                     where #{sel};|
-
-      else
-        sql = %Q|select * from #{quoted_table};|
-      end
-
-      select(sql) {|r| Octothorpe.new(r) }
+      sql, vals = sql_select(nil, selection)
+      select( sql_subst(sql, *vals.map{|v| quote v}) ) {|r| Octothorpe.new(r) }
 
     rescue => e
       handle_error(e)
@@ -145,22 +145,13 @@ module Pod4
     ##
     # Record is a hash of field: value
     #
-    # By a happy coincidence, insert returns the unique ID for the record, which is just what we
-      # want to do, too.
-    #
     def create(record)
       raise(ArgumentError, "Bad type for record parameter") \
             unless record.kind_of?(Hash) || record.kind_of?(Octothorpe)
 
-      ks = record.keys.map   {|k| "[#{k}]" }
-      vs = record.values.map {|v| quote v } 
-
-      sql = "insert into #{quoted_table}\n"
-      sql << "    ( " << ks.join(",") << ")\n"
-      sql << "    output inserted.[#{id_fld}]\n"
-      sql << "    values( " << vs.join(",") << ");"
+      sql, vals = sql_insert(record)
 
-      x = select(sql)
+      x = select sql_subst(sql, *vals.map{|v| quote v})
       x.first[id_fld]
 
     rescue => e
@@ -174,18 +165,17 @@ module Pod4
     def read(id)
       raise(ArgumentError, "ID parameter is nil") if id.nil?
 
-      sql = %Q|select * 
-                   from #{quoted_table} 
-                   where [#{id_fld}] = #{quote id};|
-
-      Octothorpe.new( select(sql).first )
+      sql, vals = sql_select(nil, id_fld => id) 
+      rows = select sql_subst(sql, *vals.map{|v| quote v}) 
+      Octothorpe.new(rows.first)
 
     rescue => e
       # select already wrapped any error in a Pod4::DatabaseError, but in this case we want to try
       # to catch something. (Side note: TinyTds' error class structure is a bit poor...)
       raise CantContinue, "Problem reading record. Is '#{id}' really an ID?" \
         if e.cause.class   == TinyTds::Error \
-        && e.cause.message =~ /invalid column/i
+        && e.cause.message =~ /conversion failed/i
+
 
       handle_error(e)
     end
@@ -193,7 +183,7 @@ module Pod4
 
     ##
     # ID is whatever you set in the interface using set_id_fld record should be a Hash or
-      # Octothorpe.
+    # Octothorpe.
     #
     def update(id, record)
       raise(ArgumentError, "Bad type for record parameter") \
@@ -201,12 +191,8 @@ module Pod4
 
       read_or_die(id)
 
-      sets = record.map {|k,v| "    [#{k}] = #{quote v}" }
-
-      sql = "update #{quoted_table} set\n"
-      sql << sets.join(",") << "\n"
-      sql << "where [#{id_fld}] = #{quote id};"
-      execute(sql)
+      sql, vals = sql_update(record, id_fld => id)
+      execute sql_subst(sql, *vals.map{|v| quote v})
 
       self
 
@@ -220,7 +206,9 @@ module Pod4
     #
     def delete(id)
       read_or_die(id)
-      execute( %Q|delete #{quoted_table} where [#{id_fld}] = #{quote id};| )
+
+      sql, vals = sql_delete(id_fld => id)
+      execute sql_subst(sql, *vals.map{|v| quote v})
 
       self
 
@@ -229,6 +217,22 @@ module Pod4
     end
 
 
+    ##
+    # Override the sql_insert method in sql_helper since our SQL is rather different
+    #
+    def sql_insert(record)
+      flds, vals = parse_fldsvalues(record)
+      ph = vals.map{|x| placeholder }
+
+      sql = %Q|insert into #{quoted_table}
+                 ( #{flds.join ','} )
+                 output inserted.#{quote_field id_fld}
+                 values( #{ph.join ','} );|
+
+      [sql, vals]
+    end
+
+
     ##
     # Run SQL code on the server. Return the results.
     #
@@ -287,6 +291,16 @@ module Pod4
     end
 
 
+    ##
+    # Wrapper for the data source library escape routine, which is all we can offer in terms of SQL
+    # injection protection. (Its not much.)
+    #
+    def escape(thing)
+      open unless connected?
+      thing.kind_of?(String) ? @client.escape(thing) : thing
+    end
+
+
     protected
 
 
@@ -354,21 +368,22 @@ module Pod4
     end
 
 
+    ##
+    # Overrride the quote routine in sql_helper.
+    #
+    # * TinyTDS doesn't cope with datetime
+    #
+    # * We might as well use it to escape strings, since that's the best we can do -- although I
+    #   suspect that it's just turning ' into '' and nothing else...
+    #
     def quote(fld)
-
       case fld
         when DateTime, Time
           %Q|'#{fld.to_s[0..-7]}'|
-        when Date
-          %Q|'#{fld}'|
-        when String
-          %Q|'#{fld.gsub("'", "''")}'|
-        when BigDecimal
-          fld.to_f
-        when nil
-          'NULL'
-        else 
-          fld
+        when String, Symbol
+          %Q|'#{escape fld.to_s}'|
+        else
+          super
       end
 
     end

data/lib/pod4/version.rb

@@ -1,3 +1,3 @@
 module Pod4 
-  VERSION = '0.7.2'
+  VERSION = '0.8.0'
 end

data/md/roadmap.md

@@ -1,41 +1,95 @@
-Connection Object
-=================
+Transactions
+============
 
-PgInterface and TdsInterface both take a connection Hash, which is all very
-well, but it means that we are running one database connection per model.
-Presumably this is a bad idea. :-)
+I'd like to support basic transactions because without it we can't really claim to do optimistic
+locking properly. And it would be nice to claim that.
 
-This actually hasn't come up in my own use of Pod4 -- for complex reasons I'm
-either using SequelInterface or running transient jobs which start up a couple
-of models, do some work, and then stop entirely -- but it _is_ rather silly.
+Thought I had a solid idea of how to do it without any faffing around, but, it had some holes. Will
+have to think again.
 
-Connection is baked into those interfaces, and interface dependant. So I'm
-thinking in terms of a memoising object that stores the connection hash and
-then gets passed to the interface. When the interface wants a connection, then
-it asks the connection object. If the connection object doesn't have one, then
-the interface connects, and gives the connection to the connection object.
+But, this is top of my wish list.
 
+For the record, my current thinking: 
 
-Transactions
-============
+    customer.new(4).read.or_die
+    customer.transaction do |c|
+      c.update(foo: 'bar')
+      c.orders.update(foo: 'bar')
+    end.or_die
+
+* a method supports_transactions() will control whether the interface does that. sql_helper will
+  define it to return true.
+
+* sql_helper will define a sql_transaction method which wraps SQL as a transaction.
 
-We really need this, because without it we can't even pretend to be doing
-proper pessimistic locking.
+* interface methods create() delete() and update now accept an extra parameter, a boolean; if true,
+  they will return sql (and values), rather than doing anything. This is defined in Pod4::Interface.
 
-I've got a pretty solid idea for a nice, simple way to make this happen. It
-will be in place soon.
+* BasicModel defines @in_transaction = false; @tx_sql = ""; @tx_vals = [].
+
+* When a Model is @in_transaction, the create, delete and update methods pass the extra parameter
+  to the corresponding interface methods. The results are accumulated in @tx_sql and @tx_vals.
+
+* the method BasicModel.transaction will:
+
+    * set interface.in_transaction = true, or raise an error if the interface doesn't support them
+    * yield a block passing the model instance so that the caller can run methods inside it
+    * set in_transaction back to false.
+    * call interface.executep( interface._sql_transaction( @tx_sql ), @tx_vals )
+
+Notes:
+
+* We will either have to standardize the execute method or check for it each time?
+* Ditto with executep. Ditto with whether an interface supports parameterisation.
+* trying to do a transaction across databases will fall over, but, really, no expectation there.
+* You can't have a transaction that uses the result of the first half to do the last half.
+* You can no longer call select() in a create, as we currently do for some interfaces? This is the
+  real problem I am wrestling with -- how to allow a transaction that returns a value from create().
 
 
 Migrations
 ==========
 
-This will almost certainly be something crude -- since we don't really control
-the database connection in the same way as, say, ActiveRecord -- but I honestly
-think it's a worthwhile feature.  Just having something that you can version
-control and run to update a data model is enough, really.
+This will almost certainly be something crude -- since we don't really control the database
+connection in the same way as, say, ActiveRecord -- but I honestly think it's a worthwhile feature.
+Just having something that you can version control and run to update a data model is enough,
+really.
+
+I'm not yet sure of the least useless way to implement it.  Again, I favour SQL as the DSL.
+
+We will clearly need transactions first, though.
 
-I'm not yet sure of the least useless way to implement it.  Again, I favour SQL
-as the DSL.
+My Current thoughts:
+
+* a migration against a database is on a par with a model but very different. You subclass
+  migration and give it an interface, pointing to the table that stores the current migration
+  state.  
+
+* The methods in a module are exectute() up() and down() -- the last two call the first one.
+
+* Each instance of a model is stored in a file and contains up and down SQL somehow. Each instance
+  has a version number.
+
+* You run a migration by running up or down on your migration class, passing a version?
+
+
+Connection Object
+=================
+
+PgInterface and TdsInterface both take a connection Hash, which is all very well, but it means that
+we are running one database connection per model.  Presumably this is a bad idea. :-)
+
+This actually hasn't come up in my own use of Pod4 -- for complex reasons I'm either using
+SequelInterface or running transient jobs which start up a couple of models, do some work, and then
+stop entirely.
+
+Connection is baked into those interfaces, and interface dependant. So I'm thinking in terms of a
+memoising object that stores the connection hash and then gets passed to the interface. When the
+interface wants a connection, then it asks the connection object. If the connection object doesn't
+have one, then the interface connects, and gives the connection to the connection object.
+
+It's looking as if we don't need this right now. One connection per model might not be as daft as
+it seems.
 
 
 JDBC-SQL interface
@@ -67,3 +121,5 @@ For the jdbc-msssqlserver gem.  Doable ... I *think*.
     conn.close
 
     see https://github.com/jruby/jruby/wiki/JDBC
+
+

data/spec/common/basic_model_spec.rb

@@ -78,6 +78,11 @@ describe 'WeirdModel' do
       expect( WeirdModel.new.alerts ).to eq([])
     end
 
+    it 'doesn''t freak out if the ID is not an integer' do
+      expect{ CustomerModel.new("france") }.not_to raise_exception
+      expect( CustomerModel.new("france").model_id ).to eq "france"
+    end
+
   end
   ##
 

data/spec/common/model_spec.rb

@@ -61,6 +61,7 @@ describe 'CustomerModel' do
       {id: 20, name: 'Morticia',  price: 2.34, groups: 'spanish'      },
       {id: 30, name: 'Wednesday', price: 3.45, groups: 'school'       },
       {id: 40, name: 'Pugsley',   price: 4.56, groups: 'trains,school'} ]
+
   end
 
   let(:recordsx) do
@@ -83,21 +84,26 @@ describe 'CustomerModel' do
   let(:model2) do
     m = CustomerModel.new(30)
 
-    allow( m.interface ).to receive(:read).
-      and_return( Octothorpe.new(records[2]) )
-
+    allow( m.interface ).to receive(:read).and_return( Octothorpe.new(records[2]) )
     m.read.or_die
   end
 
   let(:model3) do
     m = CustomerModel.new(40)
 
-    allow( m.interface ).to receive(:read).
-      and_return( Octothorpe.new(records[3]) )
-
+    allow( m.interface ).to receive(:read).and_return( Octothorpe.new(records[3]) )
     m.read.or_die
   end
 
+  # Model4 is for a non-integer id
+  let(:thing) { Octothorpe.new(id: 'eek', name: 'thing',  price: 9.99, groups: 'scuttering') }
+
+  let(:model4) do
+    m = CustomerModel.new('eek')
+
+    allow( m.interface ).to receive(:read).and_return(thing)
+    m.read.or_die
+  end
 
   ##
 
@@ -242,6 +248,11 @@ describe 'CustomerModel' do
       expect( CustomerModel.new.alerts ).to eq([])
     end
 
+    it 'doesn''t freak out if the ID is not an integer' do
+      expect{ CustomerModel.new("france") }.not_to raise_exception
+      expect( CustomerModel.new("france").model_id ).to eq "france"
+    end
+
   end
   ##
 
@@ -532,6 +543,14 @@ describe 'CustomerModel' do
       new_model.create
     end
 
+    it 'doesn\'t freak out if the model is not an integer' do
+      expect( new_model.interface ).to receive(:create)
+      new_model.id   = "handy"
+      new_model.name = "Thing"
+
+      expect{ new_model.create }.not_to raise_error
+    end
+
   end
   ##
 
@@ -597,6 +616,12 @@ describe 'CustomerModel' do
       expect( model.model_status ).to eq :warning
     end
 
+    it 'doesn\'t freak out if the model is non-integer' do
+      allow( model.interface ).to receive(:read).and_return( thing )
+
+      expect{ CustomerModel.new('eek').read }.not_to raise_error
+    end
+
     context 'if the interface.read returns an empty Octothorpe' do
       let(:missing) { CustomerModel.new(99) }
 
@@ -658,7 +683,7 @@ describe 'CustomerModel' do
       model3.update
     end
 
-    it 'doesnt call update on the interface if the validation fails' do
+    it 'doesn\'t call update on the interface if the validation fails' do
       expect( model3.interface ).not_to receive(:update)
 
       model3.name = "fall over"  # triggers validation
@@ -670,6 +695,14 @@ describe 'CustomerModel' do
       model3.update
     end
 
+    it 'doesn\'t freak out if the model is non-integer' do
+      expect( model4.interface ).
+        to receive(:update).
+        and_return( model4.interface )
+
+      model4.update
+    end
+
     context 'when the record already has error alerts' do
 
       it 'passes if there is no longer anything wrong' do
@@ -753,6 +786,15 @@ describe 'CustomerModel' do
       expect( model2.model_status ).to eq :deleted
     end
 
+    it 'doesn\'t freak out if the model is non-integer' do
+      expect( model4.interface ).
+        to receive(:delete).
+        and_return( model4.interface )
+
+      model4.delete
+    end
+
+
   end
   ##
 

data/spec/common/nebulous_interface_spec.rb

@@ -88,6 +88,8 @@ class FakeRequester
     end
 
     req = NebulousStomp::NebRequestNull.new('faketarget', verb, paramStr)
+    hash2[:inReplyTo] = req.replyID
+
     mess = NebulousStomp::Message.from_cache( hash1.merge(hash2).to_json )
     req.insert_fake_stomp(mess)
     req