Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FINERACT-854 Removed string concatenated SQL from CenterReadPlatform #1123

Merged
merged 1 commit into from
Aug 26, 2020
Merged

FINERACT-854 Removed string concatenated SQL from CenterReadPlatform #1123

merged 1 commit into from
Aug 26, 2020
+20 −69

Conversation

thesmallstar
Copy link
Member

Refer: https://issues.apache.org/jira/browse/FINERACT-854 and #725 #723 for background.
The work for this part is completed, but SQLbuilder currently does not support the use of "limit" and "order by" query which I will be adding before this can be merged.

thesmallstar
thesmallstar commented Jun 29, 2020
View reviewed changes
...src/main/java/org/apache/fineract/portfolio/group/service/CenterReadPlatformServiceImpl.java
Comment on lines -135 to -136
extraCriteria.append(" and (").append(sqlQueryCriteria).append(") ");
this.columnValidator.validateSqlInjection(schemaSl, sqlQueryCriteria);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also removing this part is not correct as of NOW, the problem is we are talking SQL query as a query to give users more functionality and certainly that is not supported in SQL builder currently, we probably would need to parse things find relevant queries and then add those to extra criteria still thinking on it.
Will be looked after limit and order by are supported.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vorburger WDYT on this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thesmallstar I'm not sure I fully understand what you mean here, but starting to think about adding parsing things sounds like the wrong direction - try not to have to do that (it will be a mess - trust me).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thesmallstar sorry for the huge delay in getting back to you on this one. I've re-read it again now (took me a minute to get back into it). Are you suggesting that we merge this now? Because, unless I misunderstand, this would break the currently existing functionality for these sqlQueryCriteria, agreed? But they really are a problem, huh? I need to dig more into the code to understand where this is coming from..

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't (shouldn't) merge this PR as is, because it will break support for sqlSearch. We need to EITHER support it here, OR (my preference) should just cleanly remove it all together - as (now) suggested in https://issues.apache.org/jira/browse/FINERACT-1095.

@thesmallstar
Copy link
Member Author

Blocked by: https://issues.apache.org/jira/browse/FINERACT-1058

@vorburger
Copy link
Member

vorburger commented Jul 1, 2020
edited
Loading 

CenterIntegrationTest > testListCenters() FAILED
    java.lang.AssertionError: 1 expectation failed.
    Expected status code <200> but was <500>.```

@thesmallstar thesmallstar force-pushed the sqlsec1 branch 2 times, most recently from 19d9137 to 4ab4d9d Compare July 1, 2020 16:52
@thesmallstar
Copy link
Member Author

Failed due to https://issues.apache.org/jira/browse/FINERACT-1016
Looking into it.

@thesmallstar
Copy link
Member Author

@vorburger @awasum if you like this approach Before we merge this I will add the tests for the same, if not do you have any suggestions?

vorburger
vorburger requested changes Jul 3, 2020
View reviewed changes
Copy link
Member

@vorburger vorburger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm OK with something like this, but have several feedbacks:

  1. I don't know if this actually works (PreparedStatement), so will have to trust you that you test that it really does.

  2. The current implementation seems to assume that setLimit() & Co. would only ever be called after addCriteria() - right? That's... not a good idea. Imagine some dumb developer coming along in a few months, not knowing how you implemented this internally (and correctly so, they should not have to). So they do new SQLBuilder().addOrderBy().addCriteria(...).getSQLTemplate() - and that would create invalid SQL - agreed?

  3. SQLBuidlerTest must be extended to cover these new methods.

I'll re-review this week after next (vacation).

vorburger
vorburger reviewed Jul 3, 2020
View reviewed changes
...act-provider/src/main/java/org/apache/fineract/infrastructure/security/utils/SQLBuilder.java Outdated
* @param orderBy
* The value that will be used as orderBy
*/
public void addOrderBY(Object orderBy) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lower-case y:

Suggested change
public void addOrderBY(Object orderBy) {
public void addOrderBy(Object orderBy) {

@thesmallstar
Copy link
Member Author

  1. I don't know if this actually works (PreparedStatement), so will have to trust you that you test that it really does.

-> Yes it works! I have tested it :)

  1. The current implementation seems to assume that setLimit() & Co. would only ever be called after addCriteria() - right? That's... not a good idea. Imagine some dumb developer coming along in a few months, not knowing how you implemented this internally (and correctly so, they should not have to). So they do new SQLBuilder().addOrderBy().addCriteria(...).getSQLTemplate() - and that would create invalid SQL - agreed?

->Agreed I am making the change.

  1. SQLBuidlerTest must be extended to cover these new methods.

->Extending, I was waiting for the approach to be marked correct :)

@thesmallstar
Copy link
Member Author

failed due to connection error. Closing and opening this PR to retest.

@thesmallstar thesmallstar reopened this Jul 4, 2020
@thesmallstar thesmallstar marked this pull request as draft July 5, 2020 21:05
@thesmallstar
Copy link
Member Author

I am removing the part to add limit and orderby to SQL builder separate from this PR, so as to review this properly, and also we can merge this quickly then and not keep it blocked by the work and testing on that part.

@thesmallstar thesmallstar force-pushed the sqlsec1 branch 2 times, most recently from f70ae3b to adc0701 Compare July 5, 2020 22:15
@thesmallstar thesmallstar mentioned this pull request Jul 12, 2020
Merged
@thesmallstar thesmallstar changed the title FINERACT-854 Removed string concatenated SQL from CenterReadPlatformS… FINERACT-854 Removed string concatenated SQL from CenterReadPlatform Jul 12, 2020
@thesmallstar thesmallstar marked this pull request as ready for review July 12, 2020 20:41
@thesmallstar thesmallstar mentioned this pull request Jul 12, 2020
Closed
vorburger
vorburger requested changes Jul 22, 2020
View reviewed changes
...src/main/java/org/apache/fineract/portfolio/group/service/CenterReadPlatformServiceImpl.java
Comment on lines -135 to -136
extraCriteria.append(" and (").append(sqlQueryCriteria).append(") ");
this.columnValidator.validateSqlInjection(schemaSl, sqlQueryCriteria);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thesmallstar sorry for the huge delay in getting back to you on this one. I've re-read it again now (took me a minute to get back into it). Are you suggesting that we merge this now? Because, unless I misunderstand, this would break the currently existing functionality for these sqlQueryCriteria, agreed? But they really are a problem, huh? I need to dig more into the code to understand where this is coming from..

@thesmallstar thesmallstar mentioned this pull request Aug 17, 2020
Closed
@github-actions
Copy link

This pull request seems to be stale. Are you still planning to work on it? We will automatically close it in 30 days.

@github-actions github-actions bot added the stale label Aug 22, 2020
@xurror
Copy link
Contributor

xurror commented Aug 22, 2020

@thesmallstar any updates on this?

@thesmallstar
Copy link
Member Author

This build will fail now, will pass only after rebase from #1171

@thesmallstar
Copy link
Member Author

@vorburger review/merge this?
Removed SQLsearch
Fixed small error in groups
SQL concatenation remove ;)

vorburger
vorburger approved these changes Aug 26, 2020
View reviewed changes
Copy link
Member

@vorburger vorburger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vorburger vorburger merged commit b22d4b6 into apache:develop Aug 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vorburger vorburger vorburger approved these changes

Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thesmallstar @vorburger @xurror