-# BEGIN LICENSE BLOCK
-#
-# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
-#
-# (Except where explictly superceded by other copyright notices)
-#
+# BEGIN BPS TAGGED BLOCK {{{
+#
+# COPYRIGHT:
+#
+# This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
+# <sales@bestpractical.com>
+#
+# (Except where explicitly superseded by other copyright notices)
+#
+#
+# LICENSE:
+#
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from www.gnu.org.
-#
+#
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
-#
-# Unless otherwise specified, all modifications, corrections or
-# extensions to this work which alter its source code become the
-# property of Best Practical Solutions, LLC when submitted for
-# inclusion in the work.
-#
-#
-# END LICENSE BLOCK
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+#
+#
+# CONTRIBUTION SUBMISSION POLICY:
+#
+# (The following paragraph is not intended to limit the rights granted
+# to you to modify and distribute this software under the terms of
+# the GNU General Public License and is only of importance to you if
+# you choose to contribute your changes and enhancements to the
+# community by submitting them to Best Practical Solutions, LLC.)
+#
+# By intentionally submitting any modifications, corrections or
+# derivatives to this work, or any other work intended for use with
+# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+# you are the copyright holder for those contributions and you grant
+# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
+# royalty-free, perpetual, license to use, copy, create derivative
+# works based on those contributions, and sublicense and distribute
+# those contributions and any derivatives thereof.
+#
+# END BPS TAGGED BLOCK }}}
+
=head1 NAME
RT::SearchBuilder - a baseclass for RT collection objects
=head1 METHODS
-=begin testing
-
-ok (require RT::SearchBuilder);
-
-=end testing
=cut
package RT::SearchBuilder;
use RT::Base;
-use DBIx::SearchBuilder;
+use DBIx::SearchBuilder "1.50";
use strict;
-use vars qw(@ISA);
-@ISA = qw(DBIx::SearchBuilder RT::Base);
+use warnings;
+
+use base qw(DBIx::SearchBuilder RT::Base);
-# {{{ sub _Init
sub _Init {
my $self = shift;
}
$self->SUPER::_Init( 'Handle' => $RT::Handle);
}
-# }}}
-# {{{ sub LimitToEnabled
+sub OrderByCols {
+ my $self = shift;
+ my @sort;
+ for my $s (@_) {
+ next if defined $s->{FIELD} and $s->{FIELD} =~ /\W/;
+ $s->{FIELD} = $s->{FUNCTION} if $s->{FUNCTION};
+ push @sort, $s;
+ }
+ return $self->SUPER::OrderByCols( @sort );
+}
+
+# If we're setting RowsPerPage or FirstRow, ensure we get a natural number or undef.
+sub RowsPerPage {
+ my $self = shift;
+ return if @_ and defined $_[0] and $_[0] =~ /\D/;
+ return $self->SUPER::RowsPerPage(@_);
+}
+
+sub FirstRow {
+ my $self = shift;
+ return if @_ and defined $_[0] and $_[0] =~ /\D/;
+ return $self->SUPER::FirstRow(@_);
+}
=head2 LimitToEnabled
-Only find items that haven\'t been disabled
+Only find items that haven't been disabled
=cut
sub LimitToEnabled {
my $self = shift;
-
- $self->Limit( FIELD => 'Disabled',
- VALUE => '0',
- OPERATOR => '=' );
-}
-# }}}
-# {{{ sub LimitToDisabled
+ $self->{'handled_disabled_column'} = 1;
+ $self->Limit( FIELD => 'Disabled', VALUE => '0' );
+}
=head2 LimitToDeleted
sub LimitToDeleted {
my $self = shift;
-
- $self->{'find_disabled_rows'} = 1;
- $self->Limit( FIELD => 'Disabled',
- OPERATOR => '=',
- VALUE => '1'
- );
-}
-# }}}
-# {{{ sub FindAllRows
+ $self->{'handled_disabled_column'} = $self->{'find_disabled_rows'} = 1;
+ $self->Limit( FIELD => 'Disabled', VALUE => '1' );
+}
=head2 FindAllRows
=cut
sub FindAllRows {
- shift->{'find_disabled_rows'} = 1;
+ shift->{'find_disabled_rows'} = 1;
}
-# {{{ sub Limit
+=head2 LimitAttribute PARAMHASH
-=head2 Limit PARAMHASH
+Takes NAME, OPERATOR and VALUE to find records that has the
+matching Attribute.
-This Limit sub calls SUPER::Limit, but defaults "CASESENSITIVE" to 1, thus
-making sure that by default lots of things don't do extra work trying to
-match lower(colname) agaist lc($val);
+If EMPTY is set, also select rows with an empty string as
+Attribute's Content.
-=cut
+If NULL is set, also select rows without the named Attribute.
-sub Limit {
- my $self = shift;
- my %args = ( CASESENSITIVE => 1,
- @_ );
+=cut
- return $self->SUPER::Limit(%args);
+my %Negate = (
+ '=' => '!=',
+ '!=' => '=',
+ '>' => '<=',
+ '<' => '>=',
+ '>=' => '<',
+ '<=' => '>',
+ 'LIKE' => 'NOT LIKE',
+ 'NOT LIKE' => 'LIKE',
+ 'IS' => 'IS NOT',
+ 'IS NOT' => 'IS',
+);
+
+sub LimitAttribute {
+ my ($self, %args) = @_;
+ my $clause = 'ALIAS';
+ my $operator = ($args{OPERATOR} || '=');
+
+ if ($args{NULL} and exists $args{VALUE}) {
+ $clause = 'LEFTJOIN';
+ $operator = $Negate{$operator};
+ }
+ elsif ($args{NEGATE}) {
+ $operator = $Negate{$operator};
+ }
+
+ my $alias = $self->Join(
+ TYPE => 'left',
+ ALIAS1 => $args{ALIAS} || 'main',
+ FIELD1 => 'id',
+ TABLE2 => 'Attributes',
+ FIELD2 => 'ObjectId'
+ );
+
+ my $type = ref($self);
+ $type =~ s/(?:s|Collection)$//; # XXX - Hack!
+
+ $self->Limit(
+ $clause => $alias,
+ FIELD => 'ObjectType',
+ OPERATOR => '=',
+ VALUE => $type,
+ );
+ $self->Limit(
+ $clause => $alias,
+ FIELD => 'Name',
+ OPERATOR => '=',
+ VALUE => $args{NAME},
+ ) if exists $args{NAME};
+
+ return unless exists $args{VALUE};
+
+ $self->Limit(
+ $clause => $alias,
+ FIELD => 'Content',
+ OPERATOR => $operator,
+ VALUE => $args{VALUE},
+ );
+
+ # Capture rows with the attribute defined as an empty string.
+ $self->Limit(
+ $clause => $alias,
+ FIELD => 'Content',
+ OPERATOR => '=',
+ VALUE => '',
+ ENTRYAGGREGATOR => $args{NULL} ? 'AND' : 'OR',
+ ) if $args{EMPTY};
+
+ # Capture rows without the attribute defined
+ $self->Limit(
+ %args,
+ ALIAS => $alias,
+ FIELD => 'id',
+ OPERATOR => ($args{NEGATE} ? 'IS NOT' : 'IS'),
+ VALUE => 'NULL',
+ ) if $args{NULL};
}
-# }}}
+=head2 LimitCustomField
-# {{{ sub ItemsArrayRef
+Takes a paramhash of key/value pairs with the following keys:
-=item ItemsArrayRef
+=over 4
-Return this object's ItemsArray.
-If it has a SortOrder attribute, sort the array by SortOrder.
-Otherwise, if it has a "Name" attribute, sort alphabetically by Name
-Otherwise, just give up and return it in the order it came from the db.
+=item CUSTOMFIELD - CustomField id. Optional
+
+=item OPERATOR - The usual Limit operators
+
+=item VALUE - The value to compare against
+
+=back
+
+=cut
+sub _SingularClass {
+ my $self = shift;
+ my $class = ref($self);
+ $class =~ s/s$// or die "Cannot deduce SingularClass for $class";
+ return $class;
+}
-=begin testing
+sub LimitCustomField {
+ my $self = shift;
+ my %args = ( VALUE => undef,
+ CUSTOMFIELD => undef,
+ OPERATOR => '=',
+ @_ );
+
+ my $alias = $self->Join(
+ TYPE => 'left',
+ ALIAS1 => 'main',
+ FIELD1 => 'id',
+ TABLE2 => 'ObjectCustomFieldValues',
+ FIELD2 => 'ObjectId'
+ );
+ $self->Limit(
+ ALIAS => $alias,
+ FIELD => 'CustomField',
+ OPERATOR => '=',
+ VALUE => $args{'CUSTOMFIELD'},
+ ) if ($args{'CUSTOMFIELD'});
+ $self->Limit(
+ ALIAS => $alias,
+ FIELD => 'ObjectType',
+ OPERATOR => '=',
+ VALUE => $self->_SingularClass,
+ );
+ $self->Limit(
+ ALIAS => $alias,
+ FIELD => 'Content',
+ OPERATOR => $args{'OPERATOR'},
+ VALUE => $args{'VALUE'},
+ );
+}
-use_ok(RT::Queues);
-ok(my $queues = RT::Queues->new($RT::SystemUser), 'Created a queues object');
-ok( $queues->UnLimit(),'Unlimited the result set of the queues object');
-my $items = $queues->ItemsArrayRef();
-my @items = @{$items};
+=head2 Limit PARAMHASH
-ok($queues->NewItem->_Accessible('Name','read'));
-my @sorted = sort {lc($a->Name) cmp lc($b->Name)} @items;
-ok (@sorted, "We have an array of queues, sorted". join(',',map {$_->Name} @sorted));
+This Limit sub calls SUPER::Limit, but defaults "CASESENSITIVE" to 1, thus
+making sure that by default lots of things don't do extra work trying to
+match lower(colname) agaist lc($val);
-ok (@items, "We have an array of queues, raw". join(',',map {$_->Name} @items));
-my @sorted_ids = map {$_->id } @sorted;
-my @items_ids = map {$_->id } @items;
+We also force VALUE to C<NULL> when the OPERATOR is C<IS> or C<IS NOT>.
+This ensures that we don't pass invalid SQL to the database or allow SQL
+injection attacks when we pass through user specified values.
-is ($#sorted, $#items);
-is ($sorted[0]->Name, $items[0]->Name);
-is ($sorted[-1]->Name, $items[-1]->Name);
-is_deeply(\@items_ids, \@sorted_ids, "ItemsArrayRef sorts alphabetically by name");;
+=cut
+sub Limit {
+ my $self = shift;
+ my %ARGS = (
+ CASESENSITIVE => 1,
+ OPERATOR => '=',
+ @_,
+ );
+
+ # We use the same regex here that DBIx::SearchBuilder uses to exclude
+ # values from quoting
+ if ( $ARGS{'OPERATOR'} =~ /IS/i ) {
+ # Don't pass anything but NULL for IS and IS NOT
+ $ARGS{'VALUE'} = 'NULL';
+ }
+
+ if ($ARGS{FUNCTION}) {
+ ($ARGS{ALIAS}, $ARGS{FIELD}) = split /\./, delete $ARGS{FUNCTION}, 2;
+ $self->SUPER::Limit(%ARGS);
+ } elsif ($ARGS{FIELD} =~ /\W/
+ or $ARGS{OPERATOR} !~ /^(=|<|>|!=|<>|<=|>=
+ |(NOT\s*)?LIKE
+ |(NOT\s*)?(STARTS|ENDS)WITH
+ |(NOT\s*)?MATCHES
+ |IS(\s*NOT)?
+ |IN)$/ix) {
+ $RT::Logger->crit("Possible SQL injection attack: $ARGS{FIELD} $ARGS{OPERATOR}");
+ $self->SUPER::Limit(
+ %ARGS,
+ FIELD => 'id',
+ OPERATOR => '<',
+ VALUE => '0',
+ );
+ } else {
+ $self->SUPER::Limit(%ARGS);
+ }
+}
-=end testing
+=head2 ItemsOrderBy
+
+If it has a SortOrder attribute, sort the array by SortOrder.
+Otherwise, if it has a "Name" attribute, sort alphabetically by Name
+Otherwise, just give up and return it in the order it came from the
+db.
=cut
-sub ItemsArrayRef {
+sub ItemsOrderBy {
my $self = shift;
- my @items;
-
+ my $items = shift;
+
if ($self->NewItem()->_Accessible('SortOrder','read')) {
- @items = sort { $a->SortOrder <=> $b->SortOrder } @{$self->SUPER::ItemsArrayRef()};
+ $items = [ sort { $a->SortOrder <=> $b->SortOrder } @{$items} ];
}
elsif ($self->NewItem()->_Accessible('Name','read')) {
- @items = sort { lc($a->Name) cmp lc($b->Name) } @{$self->SUPER::ItemsArrayRef()};
- }
- else {
- @items = @{$self->SUPER::ItemsArrayRef()};
+ $items = [ sort { lc($a->Name) cmp lc($b->Name) } @{$items} ];
}
- return(\@items);
+ return $items;
+}
+
+=head2 ItemsArrayRef
+
+Return this object's ItemsArray, in the order that ItemsOrderBy sorts
+it.
+=cut
+
+sub ItemsArrayRef {
+ my $self = shift;
+ return $self->ItemsOrderBy($self->SUPER::ItemsArrayRef());
}
-# }}}
+# make sure that Disabled rows never get seen unless
+# we're explicitly trying to see them.
-eval "require RT::SearchBuilder_Vendor";
-die $@ if ($@ && $@ !~ qr{^Can't locate RT/SearchBuilder_Vendor.pm});
-eval "require RT::SearchBuilder_Local";
-die $@ if ($@ && $@ !~ qr{^Can't locate RT/SearchBuilder_Local.pm});
+sub _DoSearch {
+ my $self = shift;
-1;
+ if ( $self->{'with_disabled_column'}
+ && !$self->{'handled_disabled_column'}
+ && !$self->{'find_disabled_rows'}
+ ) {
+ $self->LimitToEnabled;
+ }
+ return $self->SUPER::_DoSearch(@_);
+}
+sub _DoCount {
+ my $self = shift;
+ if ( $self->{'with_disabled_column'}
+ && !$self->{'handled_disabled_column'}
+ && !$self->{'find_disabled_rows'}
+ ) {
+ $self->LimitToEnabled;
+ }
+ return $self->SUPER::_DoCount(@_);
+}
+RT::Base->_ImportOverlays();
+
+1;