Skip to content
This repository has been archived by the owner on Sep 2, 2021. It is now read-only.

Changes InteractionBase.select() to preserve where clause when id argument is provided #69

Merged
merged 2 commits into from
Apr 15, 2016
Merged

Changes InteractionBase.select() to preserve where clause when id argument is provided #69

merged 2 commits into from
Apr 15, 2016

Conversation

nocko
Copy link
Contributor

@nocko nocko commented Apr 14, 2016

This works as expected when an id is not provided to
DBObject.find(where=...), but failed to work when using specifying an
id DBObject.find(id, where=...). InteractionBase.select() discards the
clause if an id is provided. This patch retains any provided where
clause.

@nocko
Changes InteractionBase to preserve where clause when selecting by id
b06fac3 
This works as expected when an id is not provided to
DBObject.find(where=...), but failed to work when using specifying an
id DBObject.find(id, where=...). InteractionBase.select() discards the
clause if an id is provided. This patch retains any provided where
clause.
@coveralls
Copy link

Coverage Status

Coverage increased (+0.08%) to 85.863% when pulling b06fac3 on nocko:select-id-where-preserve into d982304 on bmuller:master.

@nocko
Copy link
Contributor Author

nocko commented Apr 14, 2016

I recently ran into a use case (permissions checking in an API); where it was convenient to let the database filter results based on permissions subquery. I doubt it's a common pattern, but it's helpful for me...

@nocko nocko changed the title Changes InteractionBase to preserve where clause when selecting by id Changes InteractionBase.select() to preserve where clause when id argument is provided Apr 14, 2016
@bmuller
Copy link
Owner

bmuller commented Apr 14, 2016

Hey @nocko - just to be clear - you know what the unique key id is for the query but you'd like to add additional criteria (that won't affect the query results)?

@nocko
Copy link
Contributor Author

nocko commented Apr 14, 2016

It could effect the query results, instead of returning the unique key'd item, a failed where clause would return no results. This is the desired behaviour.

@nocko
Copy link
Contributor Author

nocko commented Apr 14, 2016

Example:

Zone.find(1, where=['owner_id = ANY ((select ARRAY(select org_id from users_orgs where user_id = ?) || ?)::int[])', 1, 1])

generates:

SELECT * FROM zones WHERE owner_id = ANY ((select ARRAY(select org_id from users_orgs where user_id = 1) || 1)::int[]) AND id = 1;

Explanation: Return zone row with unique id = 1, if the user or one of the user's organizations owns the zone, otherwise return no results.

This works well for filtering a collection of rows, but I'd like the same decorator to enforce access control on collections of rows (already working) and specific rows (failed because where clause is overwritten by InteractionBase.select() without falling back to adbapi.ConnectionPool methods.

bmuller
bmuller reviewed Apr 15, 2016
View reviewed changes
twistar/dbconfig/base.py
if where is None:
where = ["id = ?", id]
else:
where = [" AND ".join([where[0], "id = ?"])] + where[1:] + [id]
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line should use the joinWheres function from utils.py.

@bmuller
Copy link
Owner

bmuller commented Apr 15, 2016

OK - makes sense. I'll merge if you make the one change I suggest in the comments. Thanks for the PR!

@nocko
Copy link
Contributor Author

nocko commented Apr 15, 2016

I've never noticed twistar.utils, those are handy. I've implemented at least two of those functions in my own code. Should spend more time reading the code. Thanks.

@coveralls
Copy link

Coverage Status

Coverage increased (+0.09%) to 85.872% when pulling 8098c46 on nocko:select-id-where-preserve into d982304 on bmuller:master.

@bmuller bmuller merged commit f7e834c into bmuller:master Apr 15, 2016
@bmuller
Copy link
Owner

bmuller commented Apr 15, 2016

Thanks @nocko! I bumped the minor version on pypi as well. Let me know if anything is missing from utils.py.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nocko @coveralls @bmuller