search_cop 1.0.8 → 1.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d4a775b683b6b8ac71ce65abf70db3c1765bc7af
-  data.tar.gz: b6ddb81eb3bb8655cfe5db72ed4b15643591cc02
+  metadata.gz: ec8667b85e0e2df63ebb83e3d4af5319e52483b9
+  data.tar.gz: 0a1fd1d2c76c9395ac50adc9e1139dbc58ea2cd5
 SHA512:
-  metadata.gz: 0eddb0f8dabfe5628931ecf79f2663c58b76e0e373beb77dc6e3e0dbf7b1020e415494bcd00422bc9ff7cd991b4b9acfd0ca469819dab48fa80ebb00f0bc7677
-  data.tar.gz: 3c7abb35d981b0c8e5068eefdcf4096b66bc785fea90c161ff0c5de453d0dd766753ebf8863415f4ee9eac791490dbe357343f87d61b25f47245d0ef593020fb
+  metadata.gz: ca9b2397fb9bd9b7e3b339f001c58b36c42be50f5a9314094735f6633bb75cb26a91b9e08120a10750653ae5067a82eda96d2a562cff31b92ea3aaa390487c51
+  data.tar.gz: 6479e2365da9aa3ae8c9a9f6587c6f00a0f0c7d2546d05438dc4738eb810b5eed9a0d5ff432b91a1a9757486d99f795e86f556d55e379a4ce240ed21d89714de

data/.travis.yml

@@ -18,13 +18,13 @@ env:
   - DATABASE=postgres
 matrix:
   include:
-    - rvm: 2.3.1
+    - rvm: 2.4.1
       gemfile: gemfiles/5.0-Gemfile
       env: DATABASE=sqlite
-    - rvm: 2.3.1
+    - rvm: 2.4.1
       gemfile: gemfiles/5.0-Gemfile
       env: DATABASE=mysql
-    - rvm: 2.3.1
+    - rvm: 2.4.1
       gemfile: gemfiles/5.0-Gemfile
       env: DATABASE=postgres
   allow_failures:

data/README.md

@@ -29,16 +29,17 @@ to make optimal use of them. Read more below.
 Complex hash-based queries are supported as well:
 
 ```ruby
-Book.search(:author => "Rowling", :title => "Harry Potter")
-Book.search(:or => [{:author => "Rowling"}, {:author => "Tolkien"}])
-Book.search(:and => [{:price => {:gt => 10}}, {:not => {:stock => 0}}, :or => [{:title => "Potter"}, {:author => "Rowling"}]])
-Book.search(:or => [{:query => "Rowling -Potter"}, {:query => "Tolkien -Rings"}])
+Book.search(author: "Rowling", title: "Harry Potter")
+Book.search(or: [{author: "Rowling"}, {author: "Tolkien"}])
+Book.search(and: [{price: {gt: 10}}, {not: {stock: 0}}, or: [{title: "Potter"}, {author: "Rowling"}]])
+Book.search(or: [{query: "Rowling -Potter"}, {query: "Tolkien -Rings"}])
+Book.search(title: {my_custom_sql_query: "Rowl"}})
 # ...
 ```
 
 ## Installation
 
-For Rails/ActiveRecord 3 (or 4), add this line to your application's Gemfile:
+Add this line to your application's Gemfile:
 
     gem 'search_cop'
 
@@ -61,8 +62,8 @@ class Book < ActiveRecord::Base
 
   search_scope :search do
     attributes :title, :description, :stock, :price, :created_at, :available
-    attributes :comment => ["comments.title", "comments.message"]
-    attributes :author => "author.name"
+    attributes comment: ["comments.title", "comments.message"]
+    attributes author: "author.name"
     # ...
   end
 
@@ -114,7 +115,7 @@ As `Book.search(...)` returns an `ActiveRecord::Relation`, you are free to pre-
 or post-process the search results in every possible way:
 
 ```ruby
-Book.where(:available => true).search("Harry Potter").order("books.id desc").paginate(:page => params[:page])
+Book.where(available: true).search("Harry Potter").order("books.id desc").paginate(page: params[:page])
 ```
 
 ## Fulltext index capabilities
@@ -164,12 +165,12 @@ search in, such that SearchCop must no longer search within all fields:
 
 ```ruby
 search_scope :search do
-  attributes :all => [:author, :title]
+  attributes all: [:author, :title]
 
-  options :all, :type => :fulltext, :default => true
+  options :all, :type => :fulltext, default: true
 
-  # Use :default => true to explicitly enable fields as default fields (whitelist approach)
-  # Use :default => false to explicitly disable fields as default fields (blacklist approach)
+  # Use default: true to explicitly enable fields as default fields (whitelist approach)
+  # Use default: false to explicitly disable fields as default fields (blacklist approach)
 end
 ```
 
@@ -298,7 +299,7 @@ class User < ActiveRecord::Base
   search_scope :search do
     attributes :username
 
-    options :username, :left_wildcard => false
+    options :username, left_wildcard: false
   end
 
   # ...
@@ -322,7 +323,7 @@ class Book < ActiveRecord::Base
   belongs_to :author
 
   search_scope :search do
-    attributes :author => "author.name"
+    attributes author: "author.name"
   end
 
   # ...
@@ -356,13 +357,13 @@ class Book < ActiveRecord::Base
   # ...
 
   search_scope :search do
-    attributes :similar => ["similar_books.title", "similar_books.description"]
+    attributes similar: ["similar_books.title", "similar_books.description"]
 
     scope do
       joins "left outer join books similar_books on ..."
     end
 
-    aliases :similar_books => Book # Tell SearchCop how to map SQL aliases to models
+    aliases similar_books: Book # Tell SearchCop how to map SQL aliases to models
   end
 
   # ...
@@ -379,7 +380,7 @@ class Book < ActiveRecord::Base
   has_many :users, :through => :comments
 
   search_scope :search do
-    attributes :user => "users.username"
+    attributes user: "users.username"
   end
 
   # ...
@@ -402,7 +403,7 @@ class Book < ActiveRecord::Base
   belongs_to :user
 
   search_scope :search do
-    attributes :user => ["user.username", "users_books.username"]
+    attributes user: ["user.username", "users_books.username"]
   end
 
   # ...
@@ -440,12 +441,44 @@ Query string queries support `AND/and`, `OR/or`, `:`, `=`, `!=`, `<`, `<=`,
 and `matches`, `OR` has precedence over `AND`. `NOT` can only be used as infix
 operator regarding a single attribute.
 
-Hash based queries support `:and => [...]` and `:or => [...]`, which take an array
-of `:not => {...}`, `:matches => {...}`, `:eq => {...}`, `:not_eq => {...}`,
-`:lt => {...}`, `:lteq => {...}`, `:gt => {...}`, `:gteq => {...}` and `:query => "..."`
-arguments. Moreover, `:query => "..."` makes it possible to create sub-queries.
+Hash based queries support `and: [...]` and `or: [...]`, which take an array
+of `not: {...}`, `matches: {...}`, `eq: {...}`, `not_eq: {...}`,
+`lt: {...}`, `lteq: {...}`, `gt: {...}`, `gteq: {...}` and `query: "..."`
+arguments. Moreover, `query: "..."` makes it possible to create sub-queries.
 The other rules for query string queries apply to hash based queries as well.
 
+### Custom operators (Hash based queries)
+
+SearchCop also provides the ability to define custom operators by defining a
+`generator` in `search_scope`. They can then be used with the hash based query
+search. This is useful when you want to use database operators that are not
+supported by SearchCop.
+
+For example, if you wanted to perform a `LIKE` query where a book title starts
+with a string, you can define the search scope like so:
+
+```ruby
+search_scope :search do
+  attributes :title
+
+  generator :starts_with do |column_name, raw_value|
+    pattern = "#{raw_value}%"
+    "#{column_name} LIKE #{quote pattern}"
+  end
+end
+```
+
+When you want to perform the search you use it like this:
+
+```ruby
+Book.search(title: { starts_with: "The Great" })
+```
+
+Security Note: The query returned from the generator will be interpolated
+directly into the query that goes to your database. This opens up a potential
+SQL Injection point in your app. If you use this feature you'll want to make
+sure the query you're returning is safe to execute.
+
 ## Mapping
 
 When searching in boolean, datetime, timestamp, etc. fields, SearchCop
@@ -530,7 +563,7 @@ class Product < ActiveRecord::Base
   search_scope :search do
     attributes :title, :description
 
-    options :title, :default => true
+    options :title, default: true
   end
 end
 

data/lib/search_cop/hash_parser.rb

@@ -31,9 +31,13 @@ class SearchCop::HashParser
     collection = SearchCopGrammar::Attributes::Collection.new(query_info, key.to_s)
 
     if value.is_a?(Hash)
-      raise(SearchCop::ParseError, "Unknown operator #{value.keys.first}") unless [:matches, :eq, :not_eq, :gt, :gteq, :lt, :lteq].include?(value.keys.first)
+      raise(SearchCop::ParseError, "Unknown operator #{value.keys.first}") unless collection.valid_operator?(value.keys.first)
 
-      collection.send value.keys.first, value.values.first.to_s
+      if generator = collection.generator_for(value.keys.first)
+        collection.generator generator, value.values.first
+      else
+        collection.send value.keys.first, value.values.first.to_s
+      end
     else
       collection.send :matches, value.to_s
     end

data/lib/search_cop/search_scope.rb

@@ -1,12 +1,13 @@
 
 module SearchCop
   class Reflection
-    attr_accessor :attributes, :options, :aliases, :scope
+    attr_accessor :attributes, :options, :aliases, :scope, :generators
 
     def initialize
       self.attributes = {}
       self.options = {}
       self.aliases = {}
+      self.generators = {}
     end
 
     def default_attributes
@@ -46,6 +47,10 @@ module SearchCop
       reflection.scope = block
     end
 
+    def generator(name, &block)
+      reflection.generators[name] = block
+    end
+
     private
 
     def attributes_hash(hash)

data/lib/search_cop/version.rb

@@ -1,3 +1,3 @@
 module SearchCop
-  VERSION = "1.0.8"
+  VERSION = "1.0.9"
 end

data/lib/search_cop/visitors/visitor.rb

@@ -55,6 +55,10 @@ module SearchCop
         "NOT (#{visit node.object})"
       end
 
+      def visit_SearchCopGrammar_Nodes_Generator(node)
+        instance_exec visit(node.left), node.right[:value], &node.right[:generator]
+      end
+
       def quote_table_name(name)
         connection.quote_table_name name
       end
@@ -90,6 +94,7 @@ module SearchCop
       alias :visit_Float :quote
       alias :visit_Fixnum :quote
       alias :visit_Symbol :quote
+      alias :visit_Integer :quote
     end
   end
 end

data/lib/search_cop_grammar/attributes.rb

@@ -6,6 +6,8 @@ module SearchCopGrammar
     class Collection
       attr_reader :query_info, :key
 
+      INCLUDED_OPERATORS = [:matches, :eq, :not_eq, :gt, :gteq, :lt, :lteq].freeze
+
       def initialize(query_info, key)
         raise(SearchCop::UnknownColumn, "Unknown column #{key}") unless query_info.scope.reflection.attributes[key]
 
@@ -31,6 +33,12 @@ module SearchCopGrammar
          end
       end
 
+      def generator(generator, value)
+        attributes.collect! do |attribute|
+          SearchCopGrammar::Nodes::Generator.new(attribute, generator: generator, value: value)
+        end.inject(:or)
+      end
+
       def matches(value)
         if fulltext?
           SearchCopGrammar::Nodes::MatchesFulltext.new self, value.to_s
@@ -88,6 +96,18 @@ module SearchCopGrammar
 
         Attributes.const_get(klass.columns_hash[column].type.to_s.classify).new(klass, alias_for(table), column, options)
       end
+
+      def generator_for(name)
+        generators[name]
+      end
+
+      def valid_operator?(operator)
+        (INCLUDED_OPERATORS + generators.keys).include?(operator)
+      end
+
+      def generators
+        query_info.scope.reflection.generators
+      end
     end
 
     class Base

data/lib/search_cop_grammar/nodes.rb

@@ -73,6 +73,7 @@ module SearchCopGrammar
     class LessThan < Binary; end
     class LessThanOrEqual < Binary; end
     class Matches < Binary; end
+    class Generator < Binary; end
 
     class Not
       include Base

data/test/hash_test.rb

@@ -93,5 +93,15 @@ class HashTest < SearchCop::TestCase
     assert_includes results, expected
     refute_includes results, rejected
   end
+
+  def test_custom_matcher
+    expected = create(:product, :title => "Expected")
+    rejected = create(:product, :title => "Rejected")
+
+    results = Product.search(:title => { :custom_eq => "Expected" })
+
+    assert_includes results, expected
+    refute_includes results, rejected
+  end
 end
 

data/test/test_helper.rb

@@ -52,6 +52,10 @@ class Product < ActiveRecord::Base
     if DATABASE == "postgres"
       options :title, :dictionary => "english"
     end
+
+    generator :custom_eq do |column_name, raw_value|
+      "#{column_name} = #{quote raw_value}"
+    end
   end
 
   search_scope :user_search do

data/test/visitor_test.rb

@@ -97,5 +97,14 @@ class VisitorTest < SearchCop::TestCase
     assert_equal("(MATCH(`products`.`title`) AGAINST('(Query1) (Query2)' IN BOOLEAN MODE))", SearchCop::Visitors::Visitor.new(ActiveRecord::Base.connection).visit(node)) if ENV["DATABASE"] == "mysql"
     assert_equal("(to_tsvector('english', COALESCE(\"products\".\"title\", '')) @@ to_tsquery('english', '(''Query1'') | (''Query2'')'))", SearchCop::Visitors::Visitor.new(ActiveRecord::Base.connection).visit(node)) if ENV["DATABASE"] == "postgres"
   end
+
+  def test_generator
+    generator = ->(column_name, value) do
+      "#{column_name} = #{quote value}"
+    end
+    node = SearchCopGrammar::Attributes::Collection.new(SearchCop::QueryInfo.new(Product, Product.search_scopes[:search]), "title").generator(generator, "value").optimize!
+
+    assert_equal "#{quote_table_name "products"}.#{quote_column_name "title"} = 'value'", SearchCop::Visitors::Visitor.new(ActiveRecord::Base.connection).visit(node)
+  end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: search_cop
 version: !ruby/object:Gem::Version
-  version: 1.0.8
+  version: 1.0.9
 platform: ruby
 authors:
 - Benjamin Vetter
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-23 00:00:00.000000000 Z
+date: 2017-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: treetop