@saltcorn/sql 0.3.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -1
- package/package.json +1 -1
- package/table-provider.js +8 -2
package/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Actions and views based on SQL
|
|
4
4
|
|
|
5
|
-
### SQLView
|
|
5
|
+
### SQLView view
|
|
6
6
|
|
|
7
7
|
Use this view to create HTML code views of the results of arbitrary SQL queries
|
|
8
8
|
|
|
@@ -12,3 +12,29 @@ Use this view to create HTML code views of the results of arbitrary SQL queries
|
|
|
12
12
|
4. When you are happy with the SQL query, switch to output type = HTML
|
|
13
13
|
5. Create your HTML code, use `{{ rows }}` to access rows. For instance if your query is an aggregation with a single row result (e.g. `SELECT COUNT(*) FROM...`), access this with `{{ rows[0].count }}`, for example `<h2>{{ rows[0].count }}</h2>`. You can also loop, e.g. `{{# for(const row of rows) { }}`
|
|
14
14
|
6. When you are happy with both you are SQL and HTML code, Think about whether you need any parameters from the state. List these comma-separated, in order and use in the SQL code as `$1`, `$2` etc. Example SQL code: `select * from _sc_config where key = $1;`
|
|
15
|
+
|
|
16
|
+
### run_sql_code action
|
|
17
|
+
|
|
18
|
+
This action allows you to run arbitrary SQL. You specify values from the row that needs to be included in the query using positional parameters `$1`, `$2` etc.
|
|
19
|
+
|
|
20
|
+
### SQL query table provider
|
|
21
|
+
|
|
22
|
+
This will give you a Saltcorn "virtual table" based on an SQL
|
|
23
|
+
query and specifying result fields (these will be guessed from the query
|
|
24
|
+
result, but you need to check and assign a primary key).
|
|
25
|
+
|
|
26
|
+
Normally you don't need to worry about the where clause when this is
|
|
27
|
+
filtered by one of the columns in a view. Your query will be parsed,
|
|
28
|
+
and the appropriate where clause will be inserted before the final query
|
|
29
|
+
is run.
|
|
30
|
+
|
|
31
|
+
There are some very specific cases in which you need to include information
|
|
32
|
+
about the user in the query in a way that cannot be done in the normal way by state filtering. In this case, you can use string interpolation to include information about the user. For instance:
|
|
33
|
+
|
|
34
|
+
```
|
|
35
|
+
... where baz in (select id from zubs where user_zub = {{ user.myzub }} ) ...
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
User row values used in this way are automatically escaped by the
|
|
39
|
+
[sqlstring](https://www.npmjs.com/package/sqlstring) to prevent SQL
|
|
40
|
+
injection.
|
package/package.json
CHANGED
package/table-provider.js
CHANGED
|
@@ -96,7 +96,7 @@ const configuration_workflow = (req) =>
|
|
|
96
96
|
name: "primary_key",
|
|
97
97
|
label: "Primary key",
|
|
98
98
|
type: "Bool",
|
|
99
|
-
showIf: { type: pkey_options },
|
|
99
|
+
//showIf: { type: pkey_options },
|
|
100
100
|
},
|
|
101
101
|
],
|
|
102
102
|
}),
|
|
@@ -172,10 +172,16 @@ const runQuery = async (cfg, where) => {
|
|
|
172
172
|
const phValues = [];
|
|
173
173
|
for (const k of Object.keys(where)) {
|
|
174
174
|
if (!colNames.has(k)) continue;
|
|
175
|
+
const sqlCol = (ast[0].columns || []).find((c) => k === c.as);
|
|
176
|
+
let left = {
|
|
177
|
+
type: "column_ref",
|
|
178
|
+
table: sqlCol?.expr?.table,
|
|
179
|
+
column: db.sqlsanitize(k),
|
|
180
|
+
};
|
|
175
181
|
const newClause = {
|
|
176
182
|
type: "binary_expr",
|
|
177
183
|
operator: "=",
|
|
178
|
-
left
|
|
184
|
+
left,
|
|
179
185
|
right: { type: "number", value: "$" + phIndex },
|
|
180
186
|
};
|
|
181
187
|
phIndex += 1;
|