Permalink
Browse files

Ensure table names are generated by the ORM in join queries

  • Loading branch information...
mraerino committed Nov 14, 2018
1 parent 952a5b7 commit 8ee1f4d88135f32161cd98a64a6704bb682e0b9b
Showing with 12 additions and 12 deletions.
  1. +3 −3 api/download.go
  2. +6 −6 api/params.go
  3. +3 −3 api/reports.go
@@ -110,11 +110,11 @@ func (a *API) DownloadList(w http.ResponseWriter, r *http.Request) error {
orderTable := a.db.NewScope(models.Order{}).QuotedTableName()
downloadsTable := a.db.NewScope(models.Download{}).QuotedTableName()
query := a.db.Joins("join " + orderTable + " as orders ON " + downloadsTable + ".order_id = orders.id and orders.payment_state = 'paid'")
query := a.db.Joins("join " + orderTable + " as orders ON " + downloadsTable + ".order_id = " + orderTable + ".id and " + orderTable + ".payment_state = 'paid'")
if order != nil {
query = query.Where("orders.id = ?", order.ID)
query = query.Where(orderTable+".id = ?", order.ID)
} else {
query = query.Where("orders.user_id = ?", claims.Subject)
query = query.Where(orderTable+".user_id = ?", claims.Subject)
}
offset, limit, err := paginate(w, r, query.Model(&models.Download{}))
@@ -39,11 +39,11 @@ func parsePaymentQueryParams(query *gorm.DB, params url.Values) (*gorm.DB, error
})
if values, exists := params["min_amount"]; exists {
query = query.Where("amount >= ?", values[0])
query = query.Where(transactionTable+".amount >= ?", values[0])
}
if values, exists := params["max_amount"]; exists {
query = query.Where("amount <= ?", values[0])
query = query.Where(transactionTable+".amount <= ?", values[0])
}
query, err := parseLimitQueryParam(query, params)
@@ -124,11 +124,13 @@ func addNegativeAddressFilter(query *gorm.DB, params url.Values, queryField stri
}
func parseOrderParams(query *gorm.DB, params url.Values) (*gorm.DB, error) {
orderTable := query.NewScope(models.Order{}).QuotedTableName()
if tax := params.Get("tax"); tax != "" {
if tax == "yes" || tax == "true" {
query = query.Where("taxes > 0")
query = query.Where(orderTable + ".taxes > 0")
} else {
query = query.Where("taxes = 0")
query = query.Where(orderTable + ".taxes = 0")
}
}
@@ -160,8 +162,6 @@ func parseOrderParams(query *gorm.DB, params url.Values) (*gorm.DB, error) {
query = query.Order("created_at desc")
}
orderTable := query.NewScope(models.Order{}).QuotedTableName()
if items := params.Get("items"); items != "" {
lineItemTable := query.NewScope(models.LineItem{}).QuotedTableName()
statement := "JOIN " + lineItemTable + " as line_item on line_item.order_id = " +
@@ -67,16 +67,16 @@ func (a *API) ProductsReport(w http.ResponseWriter, r *http.Request) error {
Group("sku, path, currency").
Order("total desc")
query = query.Where("orders.instance_id = ?", instanceID)
query = query.Where(ordersTable+".instance_id = ?", instanceID)
from, to, err := getTimeQueryParams(r.URL.Query())
if err != nil {
return badRequestError(err.Error())
}
if from != nil {
query = query.Where("orders.created_at >= ?", from)
query = query.Where(ordersTable+".created_at >= ?", from)
}
if to != nil {
query.Where("orders.created_at <= ?", to)
query.Where(ordersTable+".created_at <= ?", to)
}
rows, err := query.Rows()

0 comments on commit 8ee1f4d

Please sign in to comment.