searchlogic 1.5.3

data/lib/searchlogic/search/conditions.rb

@@ -0,0 +1,53 @@
+module Searchlogic
+  module Search
+    # = Searchlogic Conditions
+    #
+    # Implements all of the conditions functionality into a searchlogic search. All of this functonality is extracted out into its own class Searchlogic::Conditions::Base. This is a separate module to help keep the code
+    # clean and organized.
+    module Conditions
+      def self.included(klass)
+        klass.class_eval do
+          alias_method_chain :initialize, :conditions
+          alias_method_chain :conditions=, :conditions
+          alias_method_chain :sanitize, :conditions
+        end
+      end
+      
+      def initialize_with_conditions(init_options = {})
+        self.conditions = Searchlogic::Conditions::Base.create_virtual_class(klass).new
+        initialize_without_conditions(init_options)
+      end
+      
+      # Sets conditions on the search. Accepts a hash or a Searchlogic::Conditions::Base object.
+      #
+      # === Examples
+      #
+      #   search.conditions = {:first_name_like => "Ben"}
+      #   search.conditions = User.new_conditions
+      #
+      # or to set a scope
+      #
+      #   search.conditions = "user_group_id = 6"
+      #
+      # now you can create the rest of your search and your "scope" will get merged into your final SQL.
+      # What this does is determine if the value a hash or a conditions object, if not it sets it up as a scope.
+      def conditions_with_conditions=(values)
+        case values
+        when Searchlogic::Conditions::Base
+          @conditions = values
+        else
+          @conditions.conditions = values
+        end
+      end
+      
+      def sanitize_with_conditions(searching = true) # :nodoc:
+        find_options = sanitize_without_conditions(searching)
+        if conditions_obj = find_options.delete(:conditions)
+          new_conditions = conditions_obj.sanitize
+          find_options[:conditions] = new_conditions unless new_conditions.blank?
+        end
+        find_options
+      end
+    end
+  end
+end

data/lib/searchlogic/search/ordering.rb

@@ -0,0 +1,244 @@
+module Searchlogic
+  module Search
+    # = Search Ordering
+    #
+    # The purpose of this module is to provide easy ordering for your searches. All that these options do is
+    # build :order for you. This plays a huge part in ordering your data on the interface. See the options and examples below. The readme also touches on ordering. It's pretty simple thought:
+    #
+    # === Examples
+    #
+    #   search.order_by = :id
+    #   search.order_by = [:id, :first_name]
+    #   search.order_by = {:user_group => :name}
+    #   search.order_by = [:id, {:user_group => :name}]
+    #   search.order_by = {:user_group => {:account => :name}} # you can traverse through all of your relationships
+    #
+    #   search.order_as = "DESC"
+    #   search.order_as = "ASC"
+    module Ordering
+      def self.included(klass)
+        klass.class_eval do
+          alias_method_chain :order=, :ordering
+          alias_method_chain :sanitize, :ordering
+          attr_reader :priority_order
+        end
+      end
+      
+      def order_with_ordering=(value) # :nodoc
+        @order_by = nil
+        @order_as = nil
+        @order_by_auto_joins = nil
+        self.order_without_ordering = value
+      end
+      
+      # Convenience method for determining if the ordering is ascending
+      def asc?
+        !desc?
+      end
+      
+      # Convenience method for determining if the ordering is descending
+      def desc?
+        return false if order_as.nil?
+        order_as == "DESC"
+      end
+      
+      # Determines how the search is being ordered: as DESC or ASC
+      def order_as
+        return if order.blank?
+        return @order_as if @order_as
+        
+        case order
+        when /ASC$/i
+          @order_as = "ASC"
+        when /DESC$/i 
+          @order_as = "DESC"
+        else
+          nil
+        end
+      end
+      
+      # Sets how the results will be ordered: ASC or DESC
+      def order_as=(value)
+        value = value.blank? ? nil : value.to_s.upcase
+        raise(ArgumentError, "order_as only accepts a blank string / nil or a string as 'ASC' or 'DESC'") if !value.blank? && !["ASC", "DESC"].include?(value)
+        if @order_by
+          @order = order_by_to_order(@order_by, value)
+        elsif order
+          @order.gsub!(/(ASC|DESC)/i, value)
+        end
+        @order_as = value
+      end
+      
+      # Determines by what columns the search is being ordered. This is nifty in that is reverse engineers the order SQL to determine this, only
+      # if you haven't explicitly set the order_by option yourself.
+      def order_by
+        return if order.blank?
+        @order_by ||= order_to_order_by(order)
+      end
+      
+      # Lets you set how to order the data
+      #
+      # === Examples
+      #
+      # In these examples "ASC" is determined by the value of order_as
+      #
+      #   order_by = :id # => users.id ASC
+      #   order_by = [:id, name] # => users.id ASC, user.name ASC
+      #   order_by = [:id, {:user_group => :name}] # => users.id ASC, user_groups.name ASC
+      def order_by=(value)  
+        @order_by_auto_joins = nil
+        @order_by = get_order_by_value(value)
+        @order = order_by_to_order(@order_by, @order_as)
+        @order_by
+      end
+      
+      # Returns the joins neccessary for the "order" statement so that we don't get an SQL error
+      def order_by_auto_joins
+        @order_by_auto_joins ||= build_order_by_auto_joins(order_by)
+      end
+      
+      # Let's you set a priority order. Meaning this will get ordered first before anything else, but is unnoticeable and abstracted out from your regular order. For example, lets say you have a model called Product
+      # that had a "featured" boolean column. You want to order the products by the price, quantity, etc., but you want the featured products to always be first.
+      #
+      # Without a priority order your controller would get cluttered and your code would be much more complicated. All of your order_by_link methods would have to be order_by_link [:featured, :price], :text => "Price"
+      # Your order_by_link methods alternate between ASC and DESC, so the featured products would jump from the top the bottom. It presents a lot of "work arounds". So priority_order solves this.
+      def priority_order=(value)
+        @priority_order = value
+      end
+      
+      # Same as order_by but for your priority order. See priority_order= for more informaton on priority_order.
+      def priority_order_by
+        return if priority_order.blank?
+        @priority_order_by ||= order_to_order_by(priority_order)
+      end
+      
+      # Same as order_by= but for your priority order. See priority_order= for more informaton on priority_order.
+      def priority_order_by=(value)
+        @priority_order_by_auto_joins = nil
+        @priority_order_by = get_order_by_value(value)
+        @priority_order = order_by_to_order(@priority_order_by, @priority_order_as)
+        @priority_order_by
+      end
+      
+      # Same as order_as but for your priority order. See priority_order= for more informaton on priority_order.
+      def priority_order_as
+        return if priority_order.blank?
+        return @priority_order_as if @priority_order_as
+        
+        case priority_order
+        when /ASC$/i
+          @priority_order_as = "ASC"
+        when /DESC$/i 
+          @priority_order_as = "DESC"
+        else
+          nil
+        end
+      end
+      
+      # Same as order_as= but for your priority order. See priority_order= for more informaton on priority_order.
+      def priority_order_as=(value)
+        value = value.blank? ? nil : value.to_s.upcase
+        raise(ArgumentError, "priority_order_as only accepts a blank string / nil or a string as 'ASC' or 'DESC'") if !value.blank? && !["ASC", "DESC"].include?(value)
+        if @priority_order_by
+          @priority_order = order_by_to_order(@priority_order_by, value)
+        elsif priority_order
+          @priority_order.gsub!(/(ASC|DESC)/i, value)
+        end
+        @priority_order_as = value
+      end
+      
+      def priority_order_by_auto_joins
+        @priority_order_by_auto_joins ||= build_order_by_auto_joins(priority_order_by)
+      end
+      
+      def sanitize_with_ordering(searching = true)
+        find_options = sanitize_without_ordering(searching)
+        unless priority_order.blank?
+          order_parts = [priority_order, find_options[:order]].compact
+          find_options[:order] = order_parts.join(", ")
+        end
+        find_options
+      end
+      
+      private
+        def order_by_to_order(order_by, order_as, alt_klass = nil)
+          return if order_by.blank?
+          
+          k = alt_klass || klass
+          table_name = k.table_name
+          sql_parts = []
+          
+          case order_by
+          when Array
+            order_by.each { |part| sql_parts << order_by_to_order(part, order_as, alt_klass) }
+          when Hash
+            raise(ArgumentError, "when passing a hash to order_by you must only have 1 key: {:user_group => :name} not {:user_group => :name, :user_group => :id}. The latter should be [{:user_group => :name}, {:user_group => :id}]") if order_by.keys.size != 1
+            key = order_by.keys.first
+            reflection = k.reflect_on_association(key.to_sym)
+            value = order_by.values.first
+            sql_parts << order_by_to_order(value, order_as, reflection.klass)
+          when Symbol, String
+            part = "#{quote_table_name(table_name)}.#{quote_column_name(order_by)}"
+            part += " #{order_as}" unless order_as.blank?
+            sql_parts << part
+          end
+          
+          sql_parts.join(", ")
+        end
+        
+        def order_to_order_by(order)
+          # Reversege engineer order, only go 1 level deep with relationships, anything beyond that is probably excessive and not good for performance
+          order_parts = order.split(",").collect do |part|
+            part.strip!
+            part.gsub!(/ (ASC|DESC)$/i, "")
+            part.gsub!(/(.*)\./, "")
+            table_name = ($1 ? $1.gsub(/[^a-z0-9_]/i, "") : nil)
+            part.gsub!(/[^a-z0-9_]/i, "")
+            reflection = nil
+            if table_name && table_name != klass.table_name
+              reflection = klass.reflect_on_association(table_name.to_sym) || klass.reflect_on_association(table_name.singularize.to_sym)
+              next unless reflection
+              {reflection.name.to_s => part}
+            else
+              part
+            end
+          end.compact
+          order_parts.size <= 1 ? order_parts.first : order_parts
+        end
+        
+        def build_order_by_auto_joins(order_by_value)
+          case order_by_value
+          when Array
+            order_by_value.collect { |value| build_order_by_auto_joins(value) }.uniq.compact
+          when Hash
+            key = order_by_value.keys.first
+            value = order_by_value.values.first
+            case value
+            when Hash
+              {key.to_sym => build_order_by_auto_joins(value)}
+            else
+              key.to_sym
+            end
+          else
+            nil
+          end
+        end
+        
+        def get_order_by_value(value)
+          Marshal.load(value.unpack("m").first) rescue value
+        end
+        
+        def quote_column_name(column_name)
+          klass_connection.quote_column_name(column_name)
+        end
+
+        def quote_table_name(table_name)
+          klass_connection.quote_table_name(table_name)
+        end
+        
+        def klass_connection
+          @connection ||= klass.connection
+        end
+    end
+  end
+end

data/lib/searchlogic/search/pagination.rb

@@ -0,0 +1,121 @@
+module Searchlogic
+  module Search
+    # = Searchlogic Pagination
+    #
+    # Adds in pagination functionality to searchlogic
+    module Pagination
+      def self.included(klass)
+        klass.class_eval do
+          alias_method_chain :limit=, :pagination
+          alias_method_chain :offset=, :pagination
+          alias_method :per_page, :limit
+          alias_method :per_page=, :limit=
+        end
+      end
+      
+      def limit_with_pagination=(value) # :nodoc:
+        r_value = self.limit_without_pagination = value
+        @page_count = nil
+        if @set_page
+          self.page = (@queued_page || @page) # retry setting page
+        else
+          @page = nil # the memoized page is invalid, so reset it
+        end
+        r_value
+      end
+      
+      def offset_with_pagination=(value) #:nodoc
+        r_value = self.offset_without_pagination = value
+        @set_page = @queued_page = @page = nil
+        r_value
+      end
+      
+      # The current page that the search is on
+      def page
+        @page ||= (offset.blank? || limit.blank?) ? 1 : (offset.to_f / limit).floor + 1
+      end
+      alias_method :current_page, :page
+      
+      # Lets you change the page for the next search
+      def page=(value)
+        @set_page = true
+        
+        if value.blank?
+          value = nil
+          @page = value
+          return @offset = @page
+        end
+        
+        v = value.to_i
+        
+        if limit.blank?
+          @queued_page = v
+          @page = 1
+          @offset = nil
+        else
+          @queued_page = nil
+          @page = v
+          v -= 1 unless v == 0
+          @offset = v * limit
+        end
+        value
+      end
+      
+      # The total number of pages in your next search
+      def page_count
+        @page_count ||= (per_page.blank? || per_page <= 0) ? 1 : (count / per_page.to_f).ceil
+      end
+      alias_method :page_total, :page_count
+      
+      # Always returns 1, this is a convenience method
+      def first_page
+        1
+      end
+      
+      # Changes the page to 1 and then runs the "all" search. What's different about this method is that it does not raise an exception if you are on the first page. Unlike prev_page! and next_page!
+      # I don't think an exception raised is warranted, because you are expecting the same results each time it is ran.
+      def first_page!
+        self.page = first_page
+        all
+      end
+      
+      # Changes the page to the page - 1
+      def prev_page
+        self.page - 1
+      end
+      
+      # Changes the page to page - 1 and runs the "all" search. Be careful with this method because if you are on the first page an exception is raised telling you that you are on the first page.
+      # I thought about just running the first page search again, but that seems confusing and unexpected.
+      def prev_page!
+        raise("You are on the first page") if page == first_page
+        self.page = prev_page
+        all
+      end
+      
+      # Change the page to page + 1
+      def next_page
+        self.page + 1
+      end
+      
+      # Changes the page to page + 1 and calls the "all" method. Be careful with this method because if you are on the last page an exception is raised telling you that you are on the last page.
+      # I thought about just running the lat page search again, but that seems confusing and unexpected.
+      def next_page!
+        raise("You are on the last page") if page == last_page
+        self.page = next_page
+        all
+      end
+      
+      # Always returns the page_count, this is a convenience method
+      def last_page
+        page_count
+      end
+      
+      # Changes the page to the last page and runs the "all" search. What's different about this method is that it does not raise an exception if you are on the last page. Unlike prev_page! and next_page!
+      # I don't think an exception raised is warranted, because you are expecting the same results each time it is ran.
+      def last_page!
+        self.page = last_page
+        all
+      end
+    end
+  end
+end

data/lib/searchlogic/search/protection.rb

@@ -0,0 +1,89 @@
+module Searchlogic
+  module Search
+    # = Searchlogic Protection
+    #
+    # This adds protection during mass asignments *only*. This allows you to pass a params object when doing mass assignments and not have to worry about Billy 13 year old adding in SQL injections.
+    # There is a section in the readme that covers protection but to reiterate:
+    #
+    # === Protected
+    #
+    #   User.new_search(params[:search])
+    #   User.new_conditions(params[:search])
+    #
+    #   search.options = params[:search]
+    #   conditions.conditions = params[:conditions]
+    #
+    # === NOT Protected
+    #
+    #   User.new_search!(params[:search])
+    #   User.new_conditions!(params[:search])
+    #   User.find(:all, params[:search])
+    #   User.first(params[:search])
+    #   User.all(params[:search])
+    module Protection
+      # Options that are allowed when protecting against SQL injections (still checked though)
+      SAFE_OPTIONS = Base::SPECIAL_FIND_OPTIONS + [:conditions, :limit, :offset] - [:priority_order]
+      
+      VULNERABLE_FIND_OPTIONS = Base::AR_FIND_OPTIONS - SAFE_OPTIONS + [:priority_order]
+      
+      VULNERABLE_CALCULATIONS_OPTIONS = Base::AR_CALCULATIONS_OPTIONS - SAFE_OPTIONS + [:priority_order]
+      
+      # Options that are not allowed, at all, when protecting against SQL injections
+      VULNERABLE_OPTIONS = Base::OPTIONS - SAFE_OPTIONS
+      
+      def self.included(klass)
+        klass.class_eval do
+          attr_reader :protect
+          alias_method_chain :options=, :protection
+        end
+      end
+      
+      def options_with_protection=(values) # :nodoc:
+        return unless values.is_a?(Hash)
+        self.protect = values.delete(:protect) if values.has_key?(:protect) # make sure we do this first
+        frisk!(values) if protect?
+        self.options_without_protection = values
+      end
+      
+      # Accepts a boolean. Will protect mass assignemnts if set to true, and unprotect mass assignments if set to false
+      def protect=(value)
+        conditions.protect = value
+        @protect = value
+      end
+      
+      # Convenience methof for determing if the search is protected or not.
+      def protect?
+        protect == true
+      end
+      alias_method :protected?, :protect?
+      
+      private
+        def order_by_safe?(order_by, alt_klass = nil)
+          return true if order_by.blank?
+          
+          k = alt_klass || klass
+          column_names = k.column_names
+                    
+          [order_by].flatten.each do |column|
+            case column
+            when Hash
+              reflection = k.reflect_on_association(column.keys.first.to_sym)
+              return false unless reflection
+              return false unless order_by_safe?(column.values.first, reflection.klass)
+            when Array
+              return false unless order_by_safe?(column)
+            else
+              return false unless column_names.include?(column.to_s)
+            end
+          end
+          
+          true
+        end
+        
+        def frisk!(options)
+          options.symbolize_keys.fast_assert_valid_keys(SAFE_OPTIONS)
+          raise(ArgumentError, ":order_by can only contain colum names in the string, hash, or array format") unless order_by_safe?(get_order_by_value(options[:order_by]))
+        end
+    end    
+  end
+end