From 5bfbec89ab696c0b67c9451175bf858f2308a504 Mon Sep 17 00:00:00 2001
From: Giuseppe Nespolino <gnespolino@users.noreply.github.com>
Date: Wed, 15 Sep 2021 10:26:48 +0200
Subject: [PATCH] fix: fixed lower case for "IN" operator in queryFilters
 [DHIS2-11770] (#8724)

* fix: fixed lower case for "IN" operator in queryFilters

* fix: quote only string values
---
 .../org/hisp/dhis/common/InQueryFilter.java   | 22 ++++++++++++++++++-
 .../org/hisp/dhis/common/QueryFilter.java     |  2 +-
 .../data/JdbcEnrollmentAnalyticsManager.java  |  5 +++--
 .../event/data/JdbcEventAnalyticsManager.java |  5 +++--
 4 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/InQueryFilter.java b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/InQueryFilter.java
index 8d54d7790938..3fcf4d5803a3 100644
--- a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/InQueryFilter.java
+++ b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/InQueryFilter.java
@@ -31,6 +31,8 @@
 import static org.hisp.dhis.common.QueryOperator.IN;
 
 import java.util.List;
+import java.util.Objects;
+import java.util.function.Function;
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -63,13 +65,16 @@ public InQueryFilter( String field, QueryFilter queryFilter )
      * @param encodedFilter actual "in" parameters
      * @return a SQL condition representing this InQueryFilter
      */
-    public String getSqlFilter( String encodedFilter )
+    public String getSqlFilter( String encodedFilter, boolean isText )
     {
         List<String> filterItems = getFilterItems( encodedFilter );
         String condition = "";
         if ( hasNonMissingValue( filterItems ) )
         {
             condition = field + " " + operator.getValue() + streamOfNonMissingValues( filterItems )
+                .filter( Objects::nonNull )
+                .map( item -> toLowerIfNecessary( item, isText ) )
+                .map( item -> quoteIfNecessary( item, isText ) )
                 .collect( Collectors.joining( ",", " (", ")" ) );
             if ( hasMissingValue( filterItems ) )
             {
@@ -87,6 +92,21 @@ public String getSqlFilter( String encodedFilter )
         return condition + " ";
     }
 
+    private String quoteIfNecessary( String item, boolean isText )
+    {
+        return isText ? quote( item ) : item;
+    }
+
+    private String toLowerIfNecessary( String item, boolean isText )
+    {
+        return isText ? item.toLowerCase() : item;
+    }
+
+    public String renderSqlFilter( boolean isText, Function<String, String> encoder )
+    {
+        return this.getSqlFilter( encoder.apply( this.getFilter() ), isText );
+    }
+
     private boolean hasMissingValue( List<String> filterItems )
     {
         return anyMatch( filterItems, this::isMissingItem );
diff --git a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/QueryFilter.java b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/QueryFilter.java
index 7317066b3a95..063bd47dd5fa 100644
--- a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/QueryFilter.java
+++ b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/QueryFilter.java
@@ -146,7 +146,7 @@ else if ( QueryOperator.IN.equals( operator ) )
         return "'" + encodedFilter + "'";
     }
 
-    private String quote( String filterItem )
+    protected String quote( String filterItem )
     {
         return "'" + filterItem + "'";
     }
diff --git a/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEnrollmentAnalyticsManager.java b/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEnrollmentAnalyticsManager.java
index ae68e7e6e5da..78ed624a11fb 100644
--- a/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEnrollmentAnalyticsManager.java
+++ b/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEnrollmentAnalyticsManager.java
@@ -290,8 +290,9 @@ else if ( params.isOrganisationUnitMode( OrganisationUnitSelectionMode.CHILDREN
 
                     if ( IN.equals( filter.getOperator() ) )
                     {
-                        QueryFilter inQueryFilter = new InQueryFilter( field, filter );
-                        sql += "and " + getSqlFilter( inQueryFilter, item );
+                        InQueryFilter inQueryFilter = new InQueryFilter( field, filter );
+                        sql += hlp.whereAnd() + " " + inQueryFilter.renderSqlFilter( item.isText(),
+                            toEncode -> statementBuilder.encode( toEncode, false ) );
                     }
                     else
                     {
diff --git a/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java b/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java
index 35a368698acd..38f1dde59f64 100644
--- a/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java
+++ b/dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java
@@ -487,8 +487,9 @@ else if ( params.isOrganisationUnitMode( OrganisationUnitSelectionMode.CHILDREN
 
                     if ( IN.equals( filter.getOperator() ) )
                     {
-                        QueryFilter inQueryFilter = new InQueryFilter( field, filter );
-                        sql += hlp.whereAnd() + " " + getSqlFilter( inQueryFilter, item );
+                        InQueryFilter inQueryFilter = new InQueryFilter( field, filter );
+                        sql += hlp.whereAnd() + " " + inQueryFilter.renderSqlFilter( item.isText(),
+                            toEncode -> statementBuilder.encode( toEncode, false ) );
                     }
                     else
                     {