RubyGems - rails_age - Versions diffs - 0.6.2 → 0.6.3 - Mend

rails_age 0.6.2 → 0.6.3

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +8 -7
data/lib/apache_age/entities/class_methods.rb +2 -2
data/lib/apache_age/entities/query_builder.rb +97 -13
data/lib/rails_age/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '01018a3efe8d4cef46fce365b6fd442882d8bf4ff51e0ad3d3bdb235db80ebb7'
-  data.tar.gz: 69a20eb39f9609c6350463d6a391b7f08887079e51e56602a6357d914571ed8f
+  metadata.gz: e8bae6566d3be3dc932bc834d67b969ddab46efb5bc72dfde5b245a861f9c09f
+  data.tar.gz: 04ab7c0d236560abefbe9d637a24e5e027ada6a2f3c0279d4aace865262c5808
 SHA512:
-  metadata.gz: cc2ea56dcb102213397ca5ffc19edc095341e51307b0500d0be7bc7595cb65f64e74c6490a678703f5faf903d0396010b63b8dd33e162ed218e038a4e95e05f5
-  data.tar.gz: 30e0472fb006bf883cb57a5c7406571d4fc4715a9d6d96e792dd5d3b4998e538eab74f809b5d384072d88e77ce2d6fb143cdb6a5c20fd044fd74673edd2bb13a
+  metadata.gz: 6e2b16c1934dbdf79dce10028ee5d6066e93416a0ea2a31f378b2239db72383b11dec44a892a254721c75130f2b0fad5c4ab4a4dda0bdbf747ecb66bc695c8b7
+  data.tar.gz: 5883fcd0e9a36c965683ec01702b9a8e6b8d31e66d991ef2331c21ab11aa49c894965f666937d456dbd5fc7aaea1b35577f9f9c9b8115c4775a83bf18eed4354

data/CHANGELOG.md CHANGED Viewed

@@ -35,21 +35,22 @@ breaking change?: namespaces (by default) will use their own schema? (add to dat
 - **Age Path** - nodes and edges combined
   * add `rails generate apache_age:path_scaffold HasJob employee_role start_node:person end_node:company`
+## VERSION 0.6.4 - 2024-xx-xx
-## VERSION 0.6.3 - 2024-xx-xx
+- **Query Sanitize**:
+  * reject attributes not defined in model (throw error?)
+  * allow and sanitize query strings with multiple attributes, ie: `Person.where("find.first_name = ? AND find.last_name = ?", 'John', 'Doe')`
+## VERSION 0.6.3 - 2024-10-27
 - **Query Sanitize**:
-  * reject attributes not defined in model
   * sanitize strings using: id(find) = ?, 23 & find.first_name = ?, 'John'
+    NOTE: this sanitization only works (so far) for strings containing ONE attribute. ie: `Person.where("find.first_name = ?", 'John')` or `Person.where("first_name = ?", 'John')` works but `Person.where("find.first_name = ? AND find.last_name = ?", 'John', 'Doe')` does not yet work
 ## VERSION 0.6.2 - 2024-09-30
 - **Query Sanitize**
-  * hashes sanitized
-- **TODO**:
-  * reject attributes not defined in model
-  * sanitize strings using: id(find) = ?, 23 & find.first_name = ?, 'John'
+  * hash queries sanitized
 ## VERSION 0.6.1 - 2024-09-29

data/lib/apache_age/entities/class_methods.rb CHANGED Viewed

@@ -8,9 +8,9 @@ module ApacheAge
         instance
       end
-      def where(attributes)
+      def where(*attributes)
         query_builder = QueryBuilder.new(self)
-        query_builder.where(attributes)
+        query_builder.where(*attributes)
       end
       def all = QueryBuilder.new(self).all

data/lib/apache_age/entities/query_builder.rb CHANGED Viewed

@@ -41,32 +41,116 @@ module ApacheAge
         self
       end
-      # TODO: need to handle string inputs too: instead of: \
-      # "id(find) = #{id}" & "find.name = #{name}"
-      # we can have: "id(find) = ?", id & "find.name = ?", name
-      # ActiveRecord::Base.sanitize_sql([query_string, v])
-      def where(attributes)
-        return self if attributes.blank?
+      # # TODO: need to handle string inputs too: instead of: \
+      # # "id(find) = #{id}" & "find.name = #{name}"
+      # # we can have: "id(find) = ?", id & "find.name = ?", name
+      # # ActiveRecord::Base.sanitize_sql([query_string, v])
+      def where(*args)
+        return self if args.blank?
         @where_clauses <<
-          if attributes.is_a?(String)
-            if attributes.include?('id(') || attributes.include?('find.')
-              attributes
+          # not able to sanitize the query string in this case
+          # ["first_name = 'Barney'"]
+          if args.length == 1 && args.first.is_a?(String)
+            string_query = args.first
+            if string_query.include?('id = ?')
+              "id(find) = ?"
+            elsif string_query.include?('id(') || string_query.include?('find.')
+              string_query
             else
-              "find.#{attributes}"
+              "find.#{string_query}"
             end
-          else
+          # Handling & sanitizing parameterized string queries
+          elsif args.length > 1 && args.first.is_a?(String)
+            raw_query_string = args.first
+            query_string =
+              if raw_query_string.include?('id = ?')
+                "id(find) = ?"
+              elsif raw_query_string.include?('id(') || raw_query_string.include?('find.')
+                raw_query_string
+              else
+                "find.#{raw_query_string}"
+              end
+            values = args[1..-1]
+            ActiveRecord::Base.sanitize_sql_array([query_string, *values])
+          # Hashes are sanitized in the model class
+          # [{:first_name=>"Barney", :last_name=>"Rubble", :gender=>"male"}]
+          elsif args.first.is_a?(Hash)
+            attributes = args.first
             edge_keys = [:start_id, :start_node, :end_id, :end_node]
             if edge_keys.any? { |key| attributes.include?(key) }
-              model_class.send(:where_edge_clause, attributes)
+              model_class.send(:where_edge_clause, **attributes)
             else
-              model_class.send(:where_node_clause, attributes)
+              model_class.send(:where_node_clause, **attributes)
             end
+          else
+            raise ArgumentError, "Invalid arguments for `where` method"
           end
         self
       end
+      # # where is sanitized in the model class with hash values
+      # def where(attributes)
+      #   return self if attributes.blank?
+      #   @where_clauses <<
+      #     if attributes.is_a?(String)
+      #       puts "HANDLE PURE STRING QUERIES"
+      #       if attributes.include?('id(') || attributes.include?('find.')
+      #         attributes
+      #       else
+      #         "find.#{attributes}"
+      #       end
+      #     else
+      #       puts "HANDLE HASHES"
+      #       pp attributes
+      #       edge_keys = [:start_id, :start_node, :end_id, :end_node]
+      #       if edge_keys.any? { |key| attributes.include?(key) }
+      #         puts "HANDLE EDGE CLAUSES"
+      #         model_class.send(:where_edge_clause, attributes)
+      #       else
+      #         puts "HANDLE NODE CLAUSES"
+      #         model_class.send(:where_node_clause, attributes)
+      #       end
+      #     end
+      #   self
+      # end
+      # # Pre-sanitize where statements
+      # # def where(*args)
+      # #   return self if args.blank?
+      # #   # Handling parameterized query strings with values
+      # #   if args.length == 1 && args.first.is_a?(Hash)
+      # #     # If a hash of attributes is provided, use the existing logic
+      # #     attributes = args.first
+      # #     edge_keys = [:start_id, :start_node, :end_id, :end_node]
+      # #     if edge_keys.any? { |key| attributes.include?(key) }
+      # #       @where_clauses << model_class.send(:where_edge_clause, attributes)
+      # #     else
+      # #       @where_clauses << model_class.send(:where_node_clause, attributes)
+      # #     end
+      # #   elsif args.length > 1 && args.first.is_a?(String)
+      # #     # If a query string with placeholders and values is provided
+      # #     query_string = args.first
+      # #     values = args[1..-1]
+      # #     sanitized_query = ActiveRecord::Base.send(:sanitize_sql_array, [query_string, *values])
+      # #     @where_clauses << sanitized_query
+      # #   elsif args.length == 1 && args.first.is_a?(String)
+      # #     # If a single string is provided, use it directly (assuming it is already sanitized or trusted)
+      # #     @where_clauses << args.first
+      # #   else
+      # #     raise ArgumentError, "Invalid arguments for `where` method"
+      # #   end
+      # #   self
+      # # end
       # New return method
       def return(*variables)
         return self if variables.blank?

data/lib/rails_age/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RailsAge
-  VERSION = '0.6.2'
+  VERSION = '0.6.3'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_age
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.6.3
 platform: ruby
 authors:
 - Bill Tihen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-30 00:00:00.000000000 Z
+date: 2024-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails