@saltcorn/sql 0.3.1 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -1
- package/package.json +1 -1
- package/table-provider.js +14 -6
package/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Actions and views based on SQL
|
|
4
4
|
|
|
5
|
-
### SQLView
|
|
5
|
+
### SQLView view
|
|
6
6
|
|
|
7
7
|
Use this view to create HTML code views of the results of arbitrary SQL queries
|
|
8
8
|
|
|
@@ -12,3 +12,29 @@ Use this view to create HTML code views of the results of arbitrary SQL queries
|
|
|
12
12
|
4. When you are happy with the SQL query, switch to output type = HTML
|
|
13
13
|
5. Create your HTML code, use `{{ rows }}` to access rows. For instance if your query is an aggregation with a single row result (e.g. `SELECT COUNT(*) FROM...`), access this with `{{ rows[0].count }}`, for example `<h2>{{ rows[0].count }}</h2>`. You can also loop, e.g. `{{# for(const row of rows) { }}`
|
|
14
14
|
6. When you are happy with both you are SQL and HTML code, Think about whether you need any parameters from the state. List these comma-separated, in order and use in the SQL code as `$1`, `$2` etc. Example SQL code: `select * from _sc_config where key = $1;`
|
|
15
|
+
|
|
16
|
+
### run_sql_code action
|
|
17
|
+
|
|
18
|
+
This action allows you to run arbitrary SQL. You specify values from the row that needs to be included in the query using positional parameters `$1`, `$2` etc.
|
|
19
|
+
|
|
20
|
+
### SQL query table provider
|
|
21
|
+
|
|
22
|
+
This will give you a Saltcorn "virtual table" based on an SQL
|
|
23
|
+
query and specifying result fields (these will be guessed from the query
|
|
24
|
+
result, but you need to check and assign a primary key).
|
|
25
|
+
|
|
26
|
+
Normally you don't need to worry about the where clause when this is
|
|
27
|
+
filtered by one of the columns in a view. Your query will be parsed,
|
|
28
|
+
and the appropriate where clause will be inserted before the final query
|
|
29
|
+
is run.
|
|
30
|
+
|
|
31
|
+
There are some very specific cases in which you need to include information
|
|
32
|
+
about the user in the query in a way that cannot be done in the normal way by state filtering. In this case, you can use string interpolation to include information about the user. For instance:
|
|
33
|
+
|
|
34
|
+
```
|
|
35
|
+
... where baz in (select id from zubs where user_zub = {{ user.myzub }} ) ...
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
User row values used in this way are automatically escaped by the
|
|
39
|
+
[sqlstring](https://www.npmjs.com/package/sqlstring) to prevent SQL
|
|
40
|
+
injection.
|
package/package.json
CHANGED
package/table-provider.js
CHANGED
|
@@ -96,7 +96,7 @@ const configuration_workflow = (req) =>
|
|
|
96
96
|
name: "primary_key",
|
|
97
97
|
label: "Primary key",
|
|
98
98
|
type: "Bool",
|
|
99
|
-
showIf: { type: pkey_options },
|
|
99
|
+
//showIf: { type: pkey_options },
|
|
100
100
|
},
|
|
101
101
|
],
|
|
102
102
|
}),
|
|
@@ -145,7 +145,7 @@ const sqlEscapeObject = (o) => {
|
|
|
145
145
|
return r;
|
|
146
146
|
};
|
|
147
147
|
|
|
148
|
-
const runQuery = async (cfg, where) => {
|
|
148
|
+
const runQuery = async (cfg, where, opts) => {
|
|
149
149
|
const sqlTmpl = cfg?.sql || "";
|
|
150
150
|
const template = _.template(sqlTmpl || "", {
|
|
151
151
|
evaluate: /\{\{#(.+?)\}\}/g,
|
|
@@ -154,7 +154,9 @@ const runQuery = async (cfg, where) => {
|
|
|
154
154
|
|
|
155
155
|
const qctx = {};
|
|
156
156
|
|
|
157
|
-
if (
|
|
157
|
+
if (opts?.forUser) qctx.user = sqlEscapeObject(opts.forUser);
|
|
158
|
+
else if (where?.forUser)
|
|
159
|
+
qctx.user = sqlEscapeObject(where.forUser); //workaround legacy bug
|
|
158
160
|
else qctx.user = null;
|
|
159
161
|
|
|
160
162
|
const sql = template(qctx);
|
|
@@ -172,10 +174,16 @@ const runQuery = async (cfg, where) => {
|
|
|
172
174
|
const phValues = [];
|
|
173
175
|
for (const k of Object.keys(where)) {
|
|
174
176
|
if (!colNames.has(k)) continue;
|
|
177
|
+
const sqlCol = (ast[0].columns || []).find((c) => k === c.as);
|
|
178
|
+
let left = {
|
|
179
|
+
type: "column_ref",
|
|
180
|
+
table: sqlCol?.expr?.table,
|
|
181
|
+
column: db.sqlsanitize(k),
|
|
182
|
+
};
|
|
175
183
|
const newClause = {
|
|
176
184
|
type: "binary_expr",
|
|
177
185
|
operator: "=",
|
|
178
|
-
left
|
|
186
|
+
left,
|
|
179
187
|
right: { type: "number", value: "$" + phIndex },
|
|
180
188
|
};
|
|
181
189
|
phIndex += 1;
|
|
@@ -227,8 +235,8 @@ module.exports = {
|
|
|
227
235
|
fields: (cfg) => cfg?.columns || [],
|
|
228
236
|
get_table: (cfg) => {
|
|
229
237
|
return {
|
|
230
|
-
getRows: async (where) => {
|
|
231
|
-
const qres = await runQuery(cfg, where);
|
|
238
|
+
getRows: async (where, opts) => {
|
|
239
|
+
const qres = await runQuery(cfg, where, opts);
|
|
232
240
|
return qres.rows;
|
|
233
241
|
},
|
|
234
242
|
};
|