1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
51 RT::SearchBuilder - a baseclass for RT collection objects
65 package RT::SearchBuilder;
68 use DBIx::SearchBuilder "1.50";
73 use base qw(DBIx::SearchBuilder RT::Base);
78 $self->{'user'} = shift;
79 unless(defined($self->CurrentUser)) {
81 Carp::confess("$self was created without a CurrentUser");
82 $RT::Logger->err("$self was created without a CurrentUser");
85 $self->SUPER::_Init( 'Handle' => $RT::Handle);
92 next if defined $s->{FIELD} and $s->{FIELD} =~ /\W/;
93 $s->{FIELD} = $s->{FUNCTION} if $s->{FUNCTION};
96 return $self->SUPER::OrderByCols( @sort );
99 # If we're setting RowsPerPage or FirstRow, ensure we get a natural number or undef.
102 return if @_ and defined $_[0] and $_[0] =~ /\D/;
103 return $self->SUPER::RowsPerPage(@_);
108 return if @_ and defined $_[0] and $_[0] =~ /\D/;
109 return $self->SUPER::FirstRow(@_);
112 =head2 LimitToEnabled
114 Only find items that haven't been disabled
121 $self->{'handled_disabled_column'} = 1;
122 $self->Limit( FIELD => 'Disabled', VALUE => '0' );
125 =head2 LimitToDeleted
127 Only find items that have been deleted.
134 $self->{'handled_disabled_column'} = $self->{'find_disabled_rows'} = 1;
135 $self->Limit( FIELD => 'Disabled', VALUE => '1' );
140 Find all matching rows, regardless of whether they are disabled or not
145 shift->{'find_disabled_rows'} = 1;
148 =head2 LimitAttribute PARAMHASH
150 Takes NAME, OPERATOR and VALUE to find records that has the
153 If EMPTY is set, also select rows with an empty string as
156 If NULL is set, also select rows without the named Attribute.
167 'LIKE' => 'NOT LIKE',
168 'NOT LIKE' => 'LIKE',
174 my ($self, %args) = @_;
175 my $clause = 'ALIAS';
176 my $operator = ($args{OPERATOR} || '=');
178 if ($args{NULL} and exists $args{VALUE}) {
179 $clause = 'LEFTJOIN';
180 $operator = $Negate{$operator};
182 elsif ($args{NEGATE}) {
183 $operator = $Negate{$operator};
186 my $alias = $self->Join(
188 ALIAS1 => $args{ALIAS} || 'main',
190 TABLE2 => 'Attributes',
194 my $type = ref($self);
195 $type =~ s/(?:s|Collection)$//; # XXX - Hack!
199 FIELD => 'ObjectType',
207 VALUE => $args{NAME},
208 ) if exists $args{NAME};
210 return unless exists $args{VALUE};
215 OPERATOR => $operator,
216 VALUE => $args{VALUE},
219 # Capture rows with the attribute defined as an empty string.
225 ENTRYAGGREGATOR => $args{NULL} ? 'AND' : 'OR',
228 # Capture rows without the attribute defined
233 OPERATOR => ($args{NEGATE} ? 'IS NOT' : 'IS'),
238 =head2 LimitCustomField
240 Takes a paramhash of key/value pairs with the following keys:
244 =item CUSTOMFIELD - CustomField id. Optional
246 =item OPERATOR - The usual Limit operators
248 =item VALUE - The value to compare against
256 my $class = ref($self);
257 $class =~ s/s$// or die "Cannot deduce SingularClass for $class";
261 sub LimitCustomField {
263 my %args = ( VALUE => undef,
264 CUSTOMFIELD => undef,
268 my $alias = $self->Join(
272 TABLE2 => 'ObjectCustomFieldValues',
277 FIELD => 'CustomField',
279 VALUE => $args{'CUSTOMFIELD'},
280 ) if ($args{'CUSTOMFIELD'});
283 FIELD => 'ObjectType',
285 VALUE => $self->_SingularClass,
290 OPERATOR => $args{'OPERATOR'},
291 VALUE => $args{'VALUE'},
295 =head2 Limit PARAMHASH
297 This Limit sub calls SUPER::Limit, but defaults "CASESENSITIVE" to 1, thus
298 making sure that by default lots of things don't do extra work trying to
299 match lower(colname) agaist lc($val);
301 We also force VALUE to C<NULL> when the OPERATOR is C<IS> or C<IS NOT>.
302 This ensures that we don't pass invalid SQL to the database or allow SQL
303 injection attacks when we pass through user specified values.
315 # We use the same regex here that DBIx::SearchBuilder uses to exclude
316 # values from quoting
317 if ( $ARGS{'OPERATOR'} =~ /IS/i ) {
318 # Don't pass anything but NULL for IS and IS NOT
319 $ARGS{'VALUE'} = 'NULL';
322 if ($ARGS{FUNCTION}) {
323 ($ARGS{ALIAS}, $ARGS{FIELD}) = split /\./, delete $ARGS{FUNCTION}, 2;
324 $self->SUPER::Limit(%ARGS);
325 } elsif ($ARGS{FIELD} =~ /\W/
326 or $ARGS{OPERATOR} !~ /^(=|<|>|!=|<>|<=|>=
328 |(NOT\s*)?(STARTS|ENDS)WITH
332 $RT::Logger->crit("Possible SQL injection attack: $ARGS{FIELD} $ARGS{OPERATOR}");
340 $self->SUPER::Limit(%ARGS);
346 If it has a SortOrder attribute, sort the array by SortOrder.
347 Otherwise, if it has a "Name" attribute, sort alphabetically by Name
348 Otherwise, just give up and return it in the order it came from the
357 if ($self->NewItem()->_Accessible('SortOrder','read')) {
358 $items = [ sort { $a->SortOrder <=> $b->SortOrder } @{$items} ];
360 elsif ($self->NewItem()->_Accessible('Name','read')) {
361 $items = [ sort { lc($a->Name) cmp lc($b->Name) } @{$items} ];
369 Return this object's ItemsArray, in the order that ItemsOrderBy sorts
376 return $self->ItemsOrderBy($self->SUPER::ItemsArrayRef());
379 # make sure that Disabled rows never get seen unless
380 # we're explicitly trying to see them.
385 if ( $self->{'with_disabled_column'}
386 && !$self->{'handled_disabled_column'}
387 && !$self->{'find_disabled_rows'}
389 $self->LimitToEnabled;
391 return $self->SUPER::_DoSearch(@_);
396 if ( $self->{'with_disabled_column'}
397 && !$self->{'handled_disabled_column'}
398 && !$self->{'find_disabled_rows'}
400 $self->LimitToEnabled;
402 return $self->SUPER::_DoCount(@_);
405 RT::Base->_ImportOverlays();