RubyGems - rails_age - Versions diffs - 0.6.2 → 0.6.3 - Mend

rails_age 0.6.2 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +8 -7
data/lib/apache_age/entities/class_methods.rb +2 -2
data/lib/apache_age/entities/query_builder.rb +97 -13
data/lib/rails_age/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '01018a3efe8d4cef46fce365b6fd442882d8bf4ff51e0ad3d3bdb235db80ebb7'
-  data.tar.gz: 69a20eb39f9609c6350463d6a391b7f08887079e51e56602a6357d914571ed8f
+  metadata.gz: e8bae6566d3be3dc932bc834d67b969ddab46efb5bc72dfde5b245a861f9c09f
+  data.tar.gz: 04ab7c0d236560abefbe9d637a24e5e027ada6a2f3c0279d4aace865262c5808
 SHA512:
-  metadata.gz: cc2ea56dcb102213397ca5ffc19edc095341e51307b0500d0be7bc7595cb65f64e74c6490a678703f5faf903d0396010b63b8dd33e162ed218e038a4e95e05f5
-  data.tar.gz: 30e0472fb006bf883cb57a5c7406571d4fc4715a9d6d96e792dd5d3b4998e538eab74f809b5d384072d88e77ce2d6fb143cdb6a5c20fd044fd74673edd2bb13a
+  metadata.gz: 6e2b16c1934dbdf79dce10028ee5d6066e93416a0ea2a31f378b2239db72383b11dec44a892a254721c75130f2b0fad5c4ab4a4dda0bdbf747ecb66bc695c8b7
+  data.tar.gz: 5883fcd0e9a36c965683ec01702b9a8e6b8d31e66d991ef2331c21ab11aa49c894965f666937d456dbd5fc7aaea1b35577f9f9c9b8115c4775a83bf18eed4354

data/CHANGELOG.md CHANGED Viewed

@@ -35,21 +35,22 @@ breaking change?: namespaces (by default) will use their own schema? (add to dat
 - **Age Path** - nodes and edges combined
   * add `rails generate apache_age:path_scaffold HasJob employee_role start_node:person end_node:company`
+## VERSION 0.6.4 - 2024-xx-xx
-## VERSION 0.6.3 - 2024-xx-xx
+- **Query Sanitize**:
+  * reject attributes not defined in model (throw error?)
+  * allow and sanitize query strings with multiple attributes, ie: `Person.where("find.first_name = ? AND find.last_name = ?", 'John', 'Doe')`
+## VERSION 0.6.3 - 2024-10-27
 - **Query Sanitize**:
-  * reject attributes not defined in model
   * sanitize strings using: id(find) = ?, 23 & find.first_name = ?, 'John'
+    NOTE: this sanitization only works (so far) for strings containing ONE attribute. ie: `Person.where("find.first_name = ?", 'John')` or `Person.where("first_name = ?", 'John')` works but `Person.where("find.first_name = ? AND find.last_name = ?", 'John', 'Doe')` does not yet work
 ## VERSION 0.6.2 - 2024-09-30
 - **Query Sanitize**
-  * hashes sanitized
-- **TODO**:
-  * reject attributes not defined in model
-  * sanitize strings using: id(find) = ?, 23 & find.first_name = ?, 'John'
+  * hash queries sanitized
 ## VERSION 0.6.1 - 2024-09-29

data/lib/apache_age/entities/class_methods.rb CHANGED Viewed

@@ -8,9 +8,9 @@ module ApacheAge
         instance
       end
-      def where(attributes)
+      def where(*attributes)
         query_builder = QueryBuilder.new(self)
-        query_builder.where(attributes)
+        query_builder.where(*attributes)
       end
       def all = QueryBuilder.new(self).all

data/lib/apache_age/entities/query_builder.rb CHANGED Viewed

@@ -41,32 +41,116 @@ module ApacheAge
         self
       end
-      # TODO: need to handle string inputs too: instead of: \
-      # "id(find) = #{id}" & "find.name = #{name}"
-      # we can have: "id(find) = ?", id & "find.name = ?", name
-      # ActiveRecord::Base.sanitize_sql([query_string, v])
-      def where(attributes)
-        return self if attributes.blank?
+      # # TODO: need to handle string inputs too: instead of: \
+      # # "id(find) = #{id}" & "find.name = #{name}"
+      # # we can have: "id(find) = ?", id & "find.name = ?", name
+      # # ActiveRecord::Base.sanitize_sql([query_string, v])
+      def where(*args)
+        return self if args.blank?
         @where_clauses <<
-          if attributes.is_a?(String)
-            if attributes.include?('id(') || attributes.include?('find.')
-              attributes
+          # not able to sanitize the query string in this case
+          # ["first_name = 'Barney'"]
+          if args.length == 1 && args.first.is_a?(String)
+            string_query = args.first
+            if string_query.include?('id = ?')
+              "id(find) = ?"
+            elsif string_query.include?('id(') || string_query.include?('find.')
+              string_query
             else
-              "find.#{attributes}"
+              "find.#{string_query}"
             end
-          else
+          # Handling & sanitizing parameterized string queries
+          elsif args.length > 1 && args.first.is_a?(String)
+            raw_query_string = args.first
+            query_string =
+              if raw_query_string.include?('id = ?')
+                "id(find) = ?"
+              elsif raw_query_string.include?('id(') || raw_query_string.include?('find.')
+                raw_query_string
+              else
+                "find.#{raw_query_string}"
+              end
+            values = args[1..-1]
+            ActiveRecord::Base.sanitize_sql_array([query_string, *values])
+          # Hashes are sanitized in the model class
+          # [{:first_name=>"Barney", :last_name=>"Rubble", :gender=>"male"}]
+          elsif args.first.is_a?(Hash)
+            attributes = args.first
             edge_keys = [:start_id, :start_node, :end_id, :end_node]
             if edge_keys.any? { |key| attributes.include?(key) }
-              model_class.send(:where_edge_clause, attributes)
+              model_class.send(:where_edge_clause, **attributes)
             else
-              model_class.send(:where_node_clause, attributes)
+              model_class.send(:where_node_clause, **attributes)
             end
+          else
+            raise ArgumentError, "Invalid arguments for `where` method"
           end
         self
       end
+      # # where is sanitized in the model class with hash values
+      # def where(attributes)
+      #   return self if attributes.blank?
+      #   @where_clauses <<
+      #     if attributes.is_a?(String)
+      #       puts "HANDLE PURE STRING QUERIES"
+      #       if attributes.include?('id(') || attributes.include?('find.')
+      #         attributes
+      #       else
+      #         "find.#{attributes}"
+      #       end
+      #     else
+      #       puts "HANDLE HASHES"
+      #       pp attributes
+      #       edge_keys = [:start_id, :start_node, :end_id, :end_node]
+      #       if edge_keys.any? { |key| attributes.include?(key) }
+      #         puts "HANDLE EDGE CLAUSES"
+      #         model_class.send(:where_edge_clause, attributes)
+      #       else
+      #         puts "HANDLE NODE CLAUSES"
+      #         model_class.send(:where_node_clause, attributes)
+      #       end
+      #     end
+      #   self
+      # end
+      # # Pre-sanitize where statements
+      # # def where(*args)
+      # #   return self if args.blank?
+      # #   # Handling parameterized query strings with values
+      # #   if args.length == 1 && args.first.is_a?(Hash)
+      # #     # If a hash of attributes is provided, use the existing logic
+      # #     attributes = args.first
+      # #     edge_keys = [:start_id, :start_node, :end_id, :end_node]
+      # #     if edge_keys.any? { |key| attributes.include?(key) }
+      # #       @where_clauses << model_class.send(:where_edge_clause, attributes)
+      # #     else
+      # #       @where_clauses << model_class.send(:where_node_clause, attributes)
+      # #     end
+      # #   elsif args.length > 1 && args.first.is_a?(String)
+      # #     # If a query string with placeholders and values is provided
+      # #     query_string = args.first
+      # #     values = args[1..-1]
+      # #     sanitized_query = ActiveRecord::Base.send(:sanitize_sql_array, [query_string, *values])
+      # #     @where_clauses << sanitized_query
+      # #   elsif args.length == 1 && args.first.is_a?(String)
+      # #     # If a single string is provided, use it directly (assuming it is already sanitized or trusted)
+      # #     @where_clauses << args.first
+      # #   else
+      # #     raise ArgumentError, "Invalid arguments for `where` method"
+      # #   end
+      # #   self
+      # # end
       # New return method
       def return(*variables)
         return self if variables.blank?

data/lib/rails_age/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RailsAge
-  VERSION = '0.6.2'
+  VERSION = '0.6.3'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_age
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.6.3
 platform: ruby
 authors:
 - Bill Tihen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-30 00:00:00.000000000 Z
+date: 2024-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails