# frozen_string_literal: true # Redmine - project management software # Copyright (C) 2006- Jean-Philippe Lang # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. class QueryColumn attr_accessor :name, :totalable, :default_order attr_writer :sortable, :groupable include Redmine::I18n def initialize(name, options={}) self.name = name self.sortable = options[:sortable] self.groupable = options[:groupable] || false self.totalable = options[:totalable] || false self.default_order = options[:default_order] @inline = options.key?(:inline) ? options[:inline] : true @caption_key = options[:caption] || :"field_#{name}" @frozen = options[:frozen] end def caption case @caption_key when Symbol l(@caption_key) when Proc @caption_key.call else @caption_key end end def groupable? @groupable end # Returns true if the column is sortable, otherwise false def sortable? @sortable.present? end def sortable @sortable.is_a?(Proc) ? @sortable.call : @sortable end def inline? @inline end def frozen? @frozen end def value(object) object.send name end def value_object(object) object.send name end # Returns the group that object belongs to when grouping query results def group_value(object) value(object) end def css_classes name end def group_by_statement name.to_s end end class TimestampQueryColumn < QueryColumn def groupable? group_by_statement.present? end def group_by_statement Redmine::Database.timestamp_to_date(sortable, User.current.time_zone) end def group_value(object) if time = value(object) User.current.time_to_date(time) end end end class WatcherQueryColumn < QueryColumn def value_object(object) return nil unless User.current.allowed_to?(:"view_#{object.class.name.underscore}_watchers", object.try(:project)) super end end class QueryAssociationColumn < QueryColumn def initialize(association, attribute, options={}) @association = association @attribute = attribute name_with_assoc = :"#{association}.#{attribute}" super(name_with_assoc, options) end def value_object(object) assoc = object.send(@association) if assoc && assoc.visible? assoc.send @attribute end end def css_classes @css_classes ||= "#{@association}-#{@attribute}" end end class QueryCustomFieldColumn < QueryColumn def initialize(custom_field, options={}) name = :"cf_#{custom_field.id}" super( name, :sortable => custom_field.order_statement || false, :totalable => options.key?(:totalable) ? !!options[:totalable] : custom_field.totalable?, :inline => custom_field.full_width_layout? ? false : true ) @cf = custom_field end def groupable? group_by_statement.present? end def group_by_statement @cf.group_statement end def caption @cf.name end def custom_field @cf end def value_object(object) project = object.project if object.respond_to?(:project) if custom_field.visible_by?(project, User.current) cv = object.custom_values.select {|v| v.custom_field_id == @cf.id} cv.size > 1 ? cv.sort_by {|e| e.value.to_s} : cv.first else nil end end def value(object) raw = value_object(object) if raw.is_a?(Array) raw.map {|r| @cf.cast_value(r.value)} elsif raw @cf.cast_value(raw.value) else nil end end def css_classes @css_classes ||= "#{name} #{@cf.field_format}" end end class QueryAssociationCustomFieldColumn < QueryCustomFieldColumn def initialize(association, custom_field, options={}) super(custom_field, options) self.name = :"#{association}.cf_#{custom_field.id}" # TODO: support sorting by association custom field self.sortable = false self.groupable = false @association = association end def value_object(object) assoc = object.send(@association) if assoc && assoc.visible? super(assoc) end end def css_classes @css_classes ||= "#{@association}_cf_#{@cf.id} #{@cf.field_format}" end # TODO: support grouping by association custom field def groupable? false end end class QueryFilter include Redmine::I18n def initialize(field, options) @field = field.to_s @options = options @options[:name] ||= l(options[:label] || "field_#{field}".delete_suffix('_id')) # Consider filters with a Proc for values as remote by default @remote = options.key?(:remote) ? options[:remote] : options[:values].is_a?(Proc) end def [](arg) if arg == :values values else @options[arg] end end def values @values ||= begin values = @options[:values] if values.is_a?(Proc) values = values.call end values end end def remote @remote end end class Query < ApplicationRecord class StatementInvalid < ::ActiveRecord::StatementInvalid end class QueryError < StandardError end include Redmine::SubclassFactory VISIBILITY_PRIVATE = 0 VISIBILITY_ROLES = 1 VISIBILITY_PUBLIC = 2 belongs_to :project belongs_to :user has_and_belongs_to_many :roles, :join_table => "#{table_name_prefix}queries_roles#{table_name_suffix}", :foreign_key => "query_id" serialize :filters serialize :column_names serialize :sort_criteria, type: Array serialize :options, type: Hash validates_presence_of :name validates_length_of :name, :maximum => 255 validates :visibility, :inclusion => {:in => [VISIBILITY_PUBLIC, VISIBILITY_ROLES, VISIBILITY_PRIVATE]} validate :validate_query_filters validate do |query| errors.add(:base, l(:label_role_plural) + ' ' + l('activerecord.errors.messages.blank')) if query.visibility == VISIBILITY_ROLES && roles.blank? end after_save do |query| if query.saved_change_to_visibility? && query.visibility != VISIBILITY_ROLES query.roles.clear end end class_attribute :operators self.operators = { "=" => :label_equals, "!" => :label_not_equals, "o" => :label_open_issues, "c" => :label_closed_issues, "!*" => :label_none, "*" => :label_any, ">=" => :label_greater_or_equal, "<=" => :label_less_or_equal, "><" => :label_between, " :label_in_less_than, ">t+" => :label_in_more_than, "> :label_in_the_next_days, "t+" => :label_in, "nd" => :label_tomorrow, "t" => :label_today, "ld" => :label_yesterday, "nw" => :label_next_week, "w" => :label_this_week, "lw" => :label_last_week, "l2w" => [:label_last_n_weeks, {:count => 2}], "nm" => :label_next_month, "m" => :label_this_month, "lm" => :label_last_month, "y" => :label_this_year, ">t-" => :label_less_than_ago, " :label_more_than_ago, "> :label_in_the_past_days, "t-" => :label_ago, "~" => :label_contains, "!~" => :label_not_contains, "*~" => :label_contains_any_of, "^" => :label_starts_with, "$" => :label_ends_with, "=p" => :label_any_issues_in_project, "=!p" => :label_any_issues_not_in_project, "!p" => :label_no_issues_in_project, "*o" => :label_any_open_issues, "!o" => :label_no_open_issues, "ev" => :label_has_been, # "ev" stands for "ever" "!ev" => :label_has_never_been, "cf" => :label_changed_from } class_attribute :operators_by_filter_type self.operators_by_filter_type = { :list => [ "=", "!" ], :list_with_history => [ "=", "!", "ev", "!ev", "cf" ], :list_status => [ "o", "=", "!", "ev", "!ev", "cf", "c", "*" ], :list_optional => [ "=", "!", "!*", "*" ], :list_optional_with_history => [ "=", "!", "ev", "!ev", "cf", "!*", "*" ], :list_subprojects => [ "*", "!*", "=", "!" ], :date => [ "=", ">=", "<=", "><", "t+", ">t-", " [ "=", ">=", "<=", "><", ">t-", " [ "~", "*~", "=", "!~", "!", "^", "$", "!*", "*" ], :text => [ "~", "*~", "!~", "^", "$", "!*", "*" ], :search => [ "~", "*~", "!~" ], :integer => [ "=", ">=", "<=", "><", "!*", "*" ], :float => [ "=", ">=", "<=", "><", "!*", "*" ], :relation => ["=", "!", "=p", "=!p", "!p", "*o", "!o", "!*", "*"], :tree => ["=", "~", "!*", "*"] } class_attribute :available_columns self.available_columns = [] class_attribute :queried_class # Permission required to view the queries, set on subclasses. class_attribute :view_permission # Scope of queries that are global or on the given project scope :global_or_on_project, (lambda do |project| where(:project_id => (project.nil? ? nil : [nil, project.id])) end) scope :sorted, lambda {order(:name, :id)} scope :only_public, ->{ where(visibility: VISIBILITY_PUBLIC) } # to be implemented in subclasses that have a way to determine a default # query for the given options def self.default(**_) nil end # Scope of visible queries, can be used from subclasses only. # Unlike other visible scopes, a class methods is used as it # let handle inheritance more nicely than scope DSL. def self.visible(*args) if self == ::Query # Visibility depends on permissions for each subclass, # raise an error if the scope is called from Query (eg. Query.visible) raise "Cannot call .visible scope from the base Query class, but from subclasses only." end user = args.shift || User.current base = Project.allowed_to_condition(user, view_permission, *args) scope = joins("LEFT OUTER JOIN #{Project.table_name} ON #{table_name}.project_id = #{Project.table_name}.id"). where("#{table_name}.project_id IS NULL OR (#{base})") if user.admin? scope.where("#{table_name}.visibility <> ? OR #{table_name}.user_id = ?", VISIBILITY_PRIVATE, user.id) elsif user.memberships.any? scope.where( "#{table_name}.visibility = ?" \ " OR (#{table_name}.visibility = ? AND EXISTS (SELECT 1" \ " FROM #{table_name_prefix}queries_roles#{table_name_suffix} qr" \ " INNER JOIN #{MemberRole.table_name} mr ON mr.role_id = qr.role_id" \ " INNER JOIN #{Member.table_name} m ON m.id = mr.member_id AND m.user_id = ?" \ " INNER JOIN #{Project.table_name} p ON p.id = m.project_id AND p.status <> ?" \ " WHERE qr.query_id = #{table_name}.id" \ " AND (#{table_name}.project_id IS NULL OR #{table_name}.project_id = m.project_id)))" \ " OR #{table_name}.user_id = ?", VISIBILITY_PUBLIC, VISIBILITY_ROLES, user.id, Project::STATUS_ARCHIVED, user.id ) elsif user.logged? scope.where("#{table_name}.visibility = ? OR #{table_name}.user_id = ?", VISIBILITY_PUBLIC, user.id) else scope.where("#{table_name}.visibility = ?", VISIBILITY_PUBLIC) end end # Returns true if the query is visible to +user+ or the current user. def visible?(user=User.current) return true if user.admin? return false unless project.nil? || user.allowed_to?(self.class.view_permission, project) case visibility when VISIBILITY_PUBLIC true when VISIBILITY_ROLES if project (user.roles_for_project(project) & roles).any? else user.memberships.joins(:member_roles).where(:member_roles => {:role_id => roles.map(&:id)}).any? end else user == self.user end end def is_private? visibility == VISIBILITY_PRIVATE end def is_public? !is_private? end # Returns true if the query is available for all projects def is_global? new_record? ? project_id.nil? : project_id_in_database.nil? end def queried_table_name @queried_table_name ||= self.class.queried_class.table_name end # Builds the query from the given params def build_from_params(params, defaults={}) if params[:fields] || params[:f] self.filters = {} add_filters(params[:fields] || params[:f], params[:operators] || params[:op], params[:values] || params[:v]) else available_filters.each_key do |field| add_short_filter(field, params[field]) if params[field] end end query_params = params[:query] || defaults || {} self.group_by = params[:group_by] || query_params[:group_by] || self.group_by self.column_names = params[:c] || query_params[:column_names] || self.column_names self.totalable_names = params[:t] || query_params[:totalable_names] || self.totalable_names self.sort_criteria = params[:sort] || query_params[:sort_criteria] || self.sort_criteria self.display_type = params[:display_type] || query_params[:display_type] || self.display_type self end # Builds a new query from the given params and attributes def self.build_from_params(params, attributes={}) new(attributes).build_from_params(params) end def as_params if new_record? params = {} filters.each do |field, options| params[:f] ||= [] params[:f] << field params[:op] ||= {} params[:op][field] = options[:operator] params[:v] ||= {} params[:v][field] = options[:values] end params[:c] = column_names params[:group_by] = group_by.to_s if group_by.present? params[:t] = totalable_names.map(&:to_s) if totalable_names.any? params[:sort] = sort_criteria.to_param params[:set_filter] = 1 params else {:query_id => id} end end def validate_query_filters filters.each_key do |field| if values_for(field) case type_for(field) when :integer if values_for(field).detect {|v| v.present? && !/\A[+-]?\d+(,[+-]?\d+)*\z/.match?(v)} add_filter_error(field, :invalid) end when :float if values_for(field).detect {|v| v.present? && !/\A[+-]?\d+(\.\d*)?\z/.match?(v)} add_filter_error(field, :invalid) end when :date, :date_past case operator_for(field) when "=", ">=", "<=", "><" if values_for(field).detect do |v| v.present? && (!/\A\d{4}-\d{2}-\d{2}(T\d{2}((:)?\d{2}){0,2}(Z|\d{2}:?\d{2})?)?\z/.match?(v) || parse_date(v).nil?) end add_filter_error(field, :invalid) end when ">t-", "t+", " 'activerecord.errors.messages') errors.add(:base, m) end def editable_by?(user) return false unless user # Admin can edit them all and regular users can edit their private queries return true if user.admin? || (is_private? && self.user_id == user.id) # Members can not edit public queries that are for all project (only admin is allowed to) is_public? && !is_global? && user.allowed_to?(:manage_public_queries, project) end def trackers @trackers ||= (project.nil? ? Tracker.all : project.rolled_up_trackers).visible.sorted end # Returns a hash of localized labels for all filter operators def self.operators_labels operators.inject({}) {|h, operator| h[operator.first] = l(*operator.last); h} end # Returns a representation of the available filters for JSON serialization def available_filters_as_json json = {} available_filters.each do |field, filter| options = {:type => filter[:type], :name => filter[:name]} options[:remote] = true if filter.remote if has_filter?(field) || !filter.remote options[:values] = filter.values if options[:values] && values_for(field) missing = Array(values_for(field)).select(&:present?) - options[:values].pluck(1) if missing.any? && respond_to?(method = "find_#{field}_filter_values") options[:values] += send(method, missing) end end end json[field] = options.stringify_keys end json end def all_projects @all_projects ||= Project.visible.to_a end def all_projects_values return @all_projects_values if @all_projects_values values = [] Project.project_tree(all_projects) do |p, level| prefix = (level > 0 ? ('--' * level + ' ') : '') values << ["#{prefix}#{p.name}", p.id.to_s] end @all_projects_values = values end def project_values project_values = [] if User.current.logged? project_values << ["<< #{l(:label_my_projects).downcase} >>", "mine"] if User.current.memberships.any? project_values << ["<< #{l(:label_my_bookmarks).downcase} >>", "bookmarks"] if User.current.bookmarked_project_ids.any? end project_values += all_projects_values project_values end def subproject_values project.descendants.visible.pluck(:name, :id).map {|name, id| [name, id.to_s]} end def principals @principal ||= begin principals = [] if project principals += Principal.member_of(project).visible unless project.leaf? principals += Principal.member_of(project.descendants.visible).visible end else principals += Principal.member_of(all_projects).visible end principals.uniq! principals.sort! principals.reject! {|p| p.is_a?(GroupBuiltin)} principals end end def users principals.select {|p| p.is_a?(User)} end def author_values author_values = [] author_values << ["<< #{l(:label_me)} >>", "me"] if User.current.logged? author_values += users.sort_by(&:status). collect{|s| [s.name, s.id.to_s, l("status_#{User::LABEL_BY_STATUS[s.status]}")]} author_values << [l(:label_user_anonymous), User.anonymous.id.to_s] author_values end def assigned_to_values assigned_to_values = [] assigned_to_values << ["<< #{l(:label_me)} >>", "me"] if User.current.logged? assigned_to_values += (Setting.issue_group_assignment? ? principals : users).sort_by(&:status). collect{|s| [s.name, s.id.to_s, l("status_#{User::LABEL_BY_STATUS[s.status]}")]} assigned_to_values end def fixed_version_values versions = [] if project versions = project.shared_versions.to_a else versions = Version.visible.to_a end Version.sort_by_status(versions). collect{|s| ["#{s.project.name} - #{s.name}", s.id.to_s, l("version_status_#{s.status}")]} end # Returns a scope of issue statuses that are available as columns for filters def issue_statuses_values if project statuses = project.rolled_up_statuses else statuses = IssueStatus.all.sorted end statuses.pluck(:name, :id).map {|name, id| [name, id.to_s]} end def watcher_values watcher_values = [["<< #{l(:label_me)} >>", "me"]] if User.current.allowed_to?(:view_issue_watchers, self.project, global: true) watcher_values += principals.sort_by(&:status). collect{|s| [s.name, s.id.to_s, l("status_#{User::LABEL_BY_STATUS[s.status]}")]} end watcher_values end # Returns a scope of issue custom fields that are available as columns or filters def issue_custom_fields if project project.rolled_up_custom_fields else IssueCustomField.sorted end end # Returns a scope of project custom fields that are available as columns or filters def project_custom_fields ProjectCustomField.sorted end # Returns a scope of time entry custom fields that are available as columns or filters def time_entry_custom_fields TimeEntryCustomField.sorted end # Returns a scope of project statuses that are available as columns or filters def project_statuses_values [ [l(:project_status_active), "#{Project::STATUS_ACTIVE}"], [l(:project_status_closed), "#{Project::STATUS_CLOSED}"] ] end # Adds available filters def initialize_available_filters # implemented by sub-classes end protected :initialize_available_filters # Adds an available filter def add_available_filter(field, options) @available_filters ||= ActiveSupport::OrderedHash.new @available_filters[field] = QueryFilter.new(field, options) @available_filters end # Removes an available filter def delete_available_filter(field) if @available_filters @available_filters.delete(field) end end # Return a hash of available filters def available_filters unless @available_filters initialize_available_filters @available_filters ||= {} end @available_filters end def add_filter(field, operator, values=nil) # values must be an array return unless values.nil? || values.is_a?(Array) # check if field is defined as an available filter if available_filters.has_key? field filters[field] = {:operator => operator, :values => (values || [''])} end end def add_short_filter(field, expression) return unless expression && available_filters.has_key?(field) field_type = available_filters[field][:type] operators_by_filter_type[field_type].sort.reverse.detect do |operator| next unless expression =~ /^#{Regexp.escape(operator)}(.*)$/ values = $1 add_filter field, operator, values.present? ? values.split('|') : [''] end || add_filter(field, '=', expression.to_s.split('|')) end # Add multiple filters using +add_filter+ def add_filters(fields, operators, values) if fields.present? && operators.present? fields.each do |field| add_filter(field, operators[field], values && values[field]) end end end def has_filter?(field) filters and filters[field] end def type_for(field) available_filters[field][:type] if available_filters.has_key?(field) end def operator_for(field) has_filter?(field) ? filters[field][:operator] : nil end def values_for(field) has_filter?(field) ? filters[field][:values] : nil end def value_for(field, index=0) (values_for(field) || [])[index] end def label_for(field) label = available_filters[field][:name] if available_filters.has_key?(field) label ||= queried_class.human_attribute_name(field, :default => field) end def self.add_available_column(column) self.available_columns << (column) if column.is_a?(QueryColumn) end # Returns an array of columns that can be used to group the results def groupable_columns available_columns.select(&:groupable?) end # Returns a Hash of columns and the key for sorting def sortable_columns available_columns.inject({}) do |h, column| h[column.name.to_s] = column.sortable h end end def columns return [] if available_columns.empty? # preserve the column_names order cols = (has_default_columns? ? default_columns_names : column_names).filter_map do |name| available_columns.find {|col| col.name == name} end available_columns.select(&:frozen?) | cols end def inline_columns columns.select(&:inline?) end def block_columns columns.reject(&:inline?) end def available_inline_columns available_columns.select(&:inline?) end def available_block_columns available_columns.reject(&:inline?) end def available_totalable_columns available_columns.select(&:totalable) end def default_columns_names [] end def default_totalable_names [] end def default_display_type self.available_display_types.first end def column_names=(names) if names names = names.select {|n| n.is_a?(Symbol) || n.present?} names = names.collect {|n| n.is_a?(Symbol) ? n : n.to_sym} if names.delete(:all_inline) names = available_inline_columns.map(&:name) | names end # Set column_names to nil if default columns if names == default_columns_names names = nil end end write_attribute(:column_names, names) end def has_column?(column) name = column.is_a?(QueryColumn) ? column.name : column columns.detect {|c| c.name == name} end def has_custom_field_column? columns.any?(QueryCustomFieldColumn) end def has_default_columns? column_names.nil? || column_names.empty? end def totalable_columns names = totalable_names available_totalable_columns.select {|column| names.include?(column.name)} end def totalable_names=(names) if names names = names.select(&:present?).map {|n| n.is_a?(Symbol) ? n : n.to_sym} end options[:totalable_names] = names end def totalable_names options[:totalable_names] || default_totalable_names || [] end def default_sort_criteria [] end def sort_criteria=(arg) c = Redmine::SortCriteria.new(arg) write_attribute(:sort_criteria, c.to_a) c end def sort_criteria c = read_attribute(:sort_criteria) if c.blank? c = default_sort_criteria end Redmine::SortCriteria.new(c) end def sort_criteria_key(index) sort_criteria[index].try(:first) end def sort_criteria_order(index) sort_criteria[index].try(:last) end def sort_clause if clause = sort_criteria.sort_clause(sortable_columns) clause.map {|c| Arel.sql c} end end # Returns the SQL sort order that should be prepended for grouping def group_by_sort_order if column = group_by_column order = (sort_criteria.order_for(column.name) || column.default_order || 'asc').try(:upcase) column_sortable = column.sortable if column.is_a?(TimestampQueryColumn) column_sortable = Redmine::Database.timestamp_to_date(column.sortable, User.current.time_zone) end Array(column_sortable).map {|s| Arel.sql("#{s} #{order}")} end end # Returns true if the query is a grouped query def grouped? !group_by_column.nil? end def group_by_column groupable_columns.detect {|c| c.groupable? && c.name.to_s == group_by} end def group_by_statement group_by_column.try(:group_by_statement) end def project_statement project_clauses = [] subprojects_ids = [] subprojects_ids = project.descendants.where.not(status: Project::STATUS_ARCHIVED).ids if project if subprojects_ids.any? if has_filter?("subproject_id") case operator_for("subproject_id") when '=' # include the selected subprojects ids = [project.id] + values_for("subproject_id").map(&:to_i) project_clauses << "#{Project.table_name}.id IN (%s)" % ids.join(',') when '!' # exclude the selected subprojects ids = [project.id] + subprojects_ids - values_for("subproject_id").map(&:to_i) project_clauses << "#{Project.table_name}.id IN (%s)" % ids.join(',') when '!*' # main project only project_clauses << "#{Project.table_name}.id = %d" % project.id else # all subprojects project_clauses << "#{Project.table_name}.lft >= #{project.lft} AND #{Project.table_name}.rgt <= #{project.rgt}" end elsif Setting.display_subprojects_issues? project_clauses << "#{Project.table_name}.lft >= #{project.lft} AND #{Project.table_name}.rgt <= #{project.rgt}" else project_clauses << "#{Project.table_name}.id = %d" % project.id end elsif project project_clauses << "#{Project.table_name}.id = %d" % project.id end project_clauses.any? ? project_clauses.join(' AND ') : nil end def statement # filters clauses filters_clauses = [] filters.each_key do |field| next if field == "subproject_id" v = values_for(field).clone next unless v and !v.empty? operator = operator_for(field) # "me" value substitution if %w(assigned_to_id author_id user_id watcher_id updated_by last_updated_by).include?(field) if v.delete("me") if User.current.logged? v.push(User.current.id.to_s) v += User.current.group_ids.map(&:to_s) if %w(assigned_to_id watcher_id).include?(field) else v.push("0") end end end if field == 'project_id' || (self.type == 'ProjectQuery' && %w[id parent_id].include?(field)) if v.delete('mine') v += User.current.memberships.pluck(:project_id).map(&:to_s) end if v.delete('bookmarks') v += User.current.bookmarked_project_ids end end if field =~ /^cf_(\d+)\.cf_(\d+)$/ filters_clauses << sql_for_chained_custom_field(field, operator, v, $1, $2) elsif field =~ /cf_(\d+)$/ # custom field filters_clauses << sql_for_custom_field(field, operator, v, $1) elsif field =~ /^cf_(\d+)\.(.+)$/ filters_clauses << sql_for_custom_field_attribute(field, operator, v, $1, $2) elsif respond_to?(method = "sql_for_#{field.tr('.', '_')}_field") # specific statement filters_clauses << send(method, field, operator, v) else # regular field filters_clauses << '(' + sql_for_field(field, operator, v, queried_table_name, field) + ')' end end if filters and valid? if (c = group_by_column) && c.is_a?(QueryCustomFieldColumn) # Excludes results for which the grouped custom field is not visible filters_clauses << c.custom_field.visibility_by_project_condition end filters_clauses << project_statement filters_clauses.reject!(&:blank?) filters_clauses.any? ? filters_clauses.join(' AND ') : nil end # Returns the result count by group or nil if query is not grouped def result_count_by_group grouped_query do |scope| scope.count end end # Returns the sum of values for the given column def total_for(column) total_with_scope(column, base_scope) end # Returns a hash of the sum of the given column for each group, # or nil if the query is not grouped def total_by_group_for(column) grouped_query do |scope| total_with_scope(column, scope) end end def totals totals = totalable_columns.map {|column| [column, total_for(column)]} yield totals if block_given? totals end def totals_by_group totals = totalable_columns.map {|column| [column, total_by_group_for(column)]} yield totals if block_given? totals end def css_classes s = sort_criteria.first if s.present? key, asc = s "sort-by-#{key.to_s.dasherize} sort-#{asc}" end end def display_type options[:display_type] || self.default_display_type end def display_type=(type) unless type && self.available_display_types.include?(type) type = self.available_display_types.first end options[:display_type] = type end def available_display_types ['list'] end private def grouped_query(&block) r = nil if grouped? r = yield base_group_scope c = group_by_column if c.is_a?(QueryCustomFieldColumn) r = r.keys.inject({}) {|h, k| h[c.custom_field.cast_value(k)] = r[k]; h} end end r rescue ::ActiveRecord::StatementInvalid => e raise StatementInvalid.new(e.message) end def total_with_scope(column, scope) unless column.is_a?(QueryColumn) column = column.to_sym column = available_totalable_columns.detect {|c| c.name == column} end if column.is_a?(QueryCustomFieldColumn) custom_field = column.custom_field send :total_for_custom_field, custom_field, scope else send :"total_for_#{column.name}", scope end rescue ::ActiveRecord::StatementInvalid => e raise StatementInvalid.new(e.message) end def base_scope raise "unimplemented" end def base_group_scope base_scope. joins(joins_for_order_statement(group_by_statement)). group(group_by_statement) end def total_for_custom_field(custom_field, scope, &block) total = custom_field.format.total_for_scope(custom_field, scope) total = map_total(total) {|t| custom_field.format.cast_total_value(custom_field, t)} total end def map_total(total, &block) if total.is_a?(Hash) total.each_key {|k| total[k] = yield total[k]} else total = yield total end total end def sql_for_custom_field(field, operator, value, custom_field_id) db_table = CustomValue.table_name db_field = 'value' filter = @available_filters[field] return nil unless filter if filter[:field].format.target_class && filter[:field].format.target_class <= User if value.delete('me') value.push User.current.id.to_s end end not_in = nil if operator == '!' # Makes ! operator work for custom fields with multiple values operator = '=' not_in = 'NOT' end customized_key = "id" customized_class = queried_class if field =~ /^(.+)\.cf_/ assoc = $1 customized_key = "#{assoc}_id" customized_class = queried_class.reflect_on_association(assoc.to_sym).klass.base_class rescue nil raise QueryError, "Unknown #{queried_class.name} association #{assoc}" unless customized_class end where = sql_for_field(field, operator, value, db_table, db_field, true) if /[<>]/.match?(operator) where = "(#{where}) AND #{db_table}.#{db_field} <> ''" end "#{not_in} EXISTS (" \ "SELECT ct.id FROM #{customized_class.table_name} ct" \ " LEFT OUTER JOIN #{db_table} ON #{db_table}.customized_type='#{customized_class}'" \ " AND #{db_table}.customized_id=ct.id" \ " AND #{db_table}.custom_field_id=#{custom_field_id}" \ " WHERE #{queried_table_name}.#{customized_key} = ct.id AND " \ " (#{where}) AND (#{filter[:field].visibility_by_project_condition}))" end def sql_for_chained_custom_field(field, operator, value, custom_field_id, chained_custom_field_id) not_in = nil if operator == '!' # Makes ! operator work for custom fields with multiple values operator = '=' not_in = 'NOT' end filter = available_filters[field] target_class = filter[:through].format.target_class.base_class "#{queried_table_name}.id #{not_in} IN (" + "SELECT customized_id FROM #{CustomValue.table_name}" + " WHERE customized_type='#{queried_class}' AND custom_field_id=#{custom_field_id}" + " AND CAST(CASE value WHEN '' THEN '0' ELSE value END AS decimal(30,0)) IN (" + " SELECT customized_id FROM #{CustomValue.table_name}" + " WHERE customized_type='#{target_class}' AND custom_field_id=#{chained_custom_field_id}" + " AND #{sql_for_field(field, operator, value, CustomValue.table_name, 'value', true)}))" end def sql_for_custom_field_attribute(field, operator, value, custom_field_id, attribute) attribute = 'effective_date' if attribute == 'due_date' not_in = nil if operator == '!' # Makes ! operator work for custom fields with multiple values operator = '=' not_in = 'NOT' end filter = available_filters[field] target_table_name = filter[:field].format.target_class.table_name "#{queried_table_name}.id #{not_in} IN (" + "SELECT customized_id FROM #{CustomValue.table_name}" + " WHERE customized_type='#{queried_class}' AND custom_field_id=#{custom_field_id}" + " AND CAST(CASE value WHEN '' THEN '0' ELSE value END AS decimal(30,0)) IN (" + " SELECT id FROM #{target_table_name} WHERE #{sql_for_field(field, operator, value, filter[:field].format.target_class.table_name, attribute)}))" end # Helper method to generate the WHERE sql for a +field+, +operator+ and a +value+ def sql_for_field(field, operator, value, db_table, db_field, is_custom_filter=false) sql = '' case operator when "=" if value.any? case type_for(field) when :date, :date_past sql = date_clause(db_table, db_field, parse_date(value.first), parse_date(value.first), is_custom_filter) when :integer int_values = value.first.to_s.scan(/[+-]?\d+/).map(&:to_i).join(",") if int_values.present? if is_custom_filter sql = "(#{db_table}.#{db_field} <> '' AND " \ "CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' " \ "ELSE #{db_table}.#{db_field} END AS decimal(30,3)) IN (#{int_values}))" else sql = "#{db_table}.#{db_field} IN (#{int_values})" end else sql = "1=0" end when :float if is_custom_filter sql = "(#{db_table}.#{db_field} <> '' AND " \ "CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' " \ "ELSE #{db_table}.#{db_field} END AS decimal(30,3)) " \ "BETWEEN #{value.first.to_f - 1e-5} AND #{value.first.to_f + 1e-5})" else sql = "#{db_table}.#{db_field} BETWEEN #{value.first.to_f - 1e-5} AND #{value.first.to_f + 1e-5}" end else sql = queried_class.send(:sanitize_sql_for_conditions, ["#{db_table}.#{db_field} IN (?)", value]) end else # IN an empty set sql = "1=0" end when "!" if value.any? sql = queried_class.send( :sanitize_sql_for_conditions, ["(#{db_table}.#{db_field} IS NULL OR #{db_table}.#{db_field} NOT IN (?))", value] ) else # NOT IN an empty set sql = "1=1" end when "!*" sql = "#{db_table}.#{db_field} IS NULL" sql += " OR #{db_table}.#{db_field} = ''" if is_custom_filter || [:text, :string].include?(type_for(field)) when "*" sql = "#{db_table}.#{db_field} IS NOT NULL" sql += " AND #{db_table}.#{db_field} <> ''" if is_custom_filter || [:text, :string].include?(type_for(field)) when ">=" if [:date, :date_past].include?(type_for(field)) sql = date_clause(db_table, db_field, parse_date(value.first), nil, is_custom_filter) else if is_custom_filter sql = "(#{db_table}.#{db_field} <> '' AND " \ "CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' " \ "ELSE #{db_table}.#{db_field} END AS decimal(30,3)) >= #{value.first.to_f})" else sql = "#{db_table}.#{db_field} >= #{value.first.to_f}" end end when "<=" if [:date, :date_past].include?(type_for(field)) sql = date_clause(db_table, db_field, nil, parse_date(value.first), is_custom_filter) else if is_custom_filter sql = "(#{db_table}.#{db_field} <> '' AND " \ "CAST(CASE #{db_table}.#{db_field} WHEN '' THEN '0' " \ "ELSE #{db_table}.#{db_field} END AS decimal(30,3)) <= #{value.first.to_f})" else sql = "#{db_table}.#{db_field} <= #{value.first.to_f}" end end when "><" if [:date, :date_past].include?(type_for(field)) sql = date_clause(db_table, db_field, parse_date(value[0]), parse_date(value[1]), is_custom_filter) else if is_custom_filter sql = "(#{db_table}.#{db_field} <> '' AND CAST(CASE #{db_table}.#{db_field} " \ "WHEN '' THEN '0' ELSE #{db_table}.#{db_field} END AS decimal(30,3)) " \ "BETWEEN #{value[0].to_f} AND #{value[1].to_f})" else sql = "#{db_table}.#{db_field} BETWEEN #{value[0].to_f} AND #{value[1].to_f}" end end when "o" if field == "status_id" sql = "#{queried_table_name}.status_id IN " \ "(SELECT id FROM #{IssueStatus.table_name} " \ "WHERE is_closed=#{self.class.connection.quoted_false})" end when "c" if field == "status_id" sql = "#{queried_table_name}.status_id IN " \ "(SELECT id FROM #{IssueStatus.table_name} " \ "WHERE is_closed=#{self.class.connection.quoted_true})" end when ">t-" # >= today - n days sql = relative_date_clause(db_table, db_field, - value.first.to_i, nil, is_custom_filter) when "t+" # >= today + n days sql = relative_date_clause(db_table, db_field, value.first.to_i, nil, is_custom_filter) when "= first_day_of_week day_of_week - first_day_of_week else day_of_week + 7 - first_day_of_week end sql = relative_date_clause(db_table, db_field, - days_ago, - days_ago + 6, is_custom_filter) when "lw" # = last week first_day_of_week = l(:general_first_day_of_week).to_i day_of_week = User.current.today.cwday days_ago = if day_of_week >= first_day_of_week day_of_week - first_day_of_week else day_of_week + 7 - first_day_of_week end sql = relative_date_clause(db_table, db_field, - days_ago - 7, - days_ago - 1, is_custom_filter) when "l2w" # = last 2 weeks first_day_of_week = l(:general_first_day_of_week).to_i day_of_week = User.current.today.cwday days_ago = if day_of_week >= first_day_of_week day_of_week - first_day_of_week else day_of_week + 7 - first_day_of_week end sql = relative_date_clause(db_table, db_field, - days_ago - 14, - days_ago - 1, is_custom_filter) when "nw" # = next week first_day_of_week = l(:general_first_day_of_week).to_i day_of_week = User.current.today.cwday from = -( if day_of_week >= first_day_of_week day_of_week - first_day_of_week else day_of_week + 7 - first_day_of_week end ) + 7 sql = relative_date_clause(db_table, db_field, from, from + 6, is_custom_filter) when "m" # = this month date = User.current.today sql = date_clause(db_table, db_field, date.beginning_of_month, date.end_of_month, is_custom_filter) when "lm" # = last month date = User.current.today.prev_month sql = date_clause(db_table, db_field, date.beginning_of_month, date.end_of_month, is_custom_filter) when "nm" # = next month date = User.current.today.next_month sql = date_clause(db_table, db_field, date.beginning_of_month, date.end_of_month, is_custom_filter) when "y" # = this year date = User.current.today sql = date_clause(db_table, db_field, date.beginning_of_year, date.end_of_year, is_custom_filter) when "~" sql = sql_contains("#{db_table}.#{db_field}", value.first) when "!~" sql = sql_contains("#{db_table}.#{db_field}", value.first, :match => false) when "*~" sql = sql_contains("#{db_table}.#{db_field}", value.first, :all_words => false) when "^" sql = sql_contains("#{db_table}.#{db_field}", value.first, :starts_with => true) when "$" sql = sql_contains("#{db_table}.#{db_field}", value.first, :ends_with => true) when "ev", "!ev", "cf" # has been, has never been, changed from if queried_class == Issue && value.present? neg = (operator.start_with?('!') ? 'NOT' : '') subquery = "SELECT 1 FROM #{Journal.table_name}" + " INNER JOIN #{JournalDetail.table_name} ON #{Journal.table_name}.id = #{JournalDetail.table_name}.journal_id" + " WHERE (#{Journal.visible_notes_condition(User.current, :skip_pre_condition => true)}" + " AND #{Journal.table_name}.journalized_type = 'Issue'" + " AND #{Journal.table_name}.journalized_id = #{db_table}.id" + " AND #{JournalDetail.table_name}.property = 'attr'" + " AND #{JournalDetail.table_name}.prop_key = '#{db_field}'" + " AND " + queried_class.send(:sanitize_sql_for_conditions, ["#{JournalDetail.table_name}.old_value IN (?)", value.map(&:to_s)]) + ")" sql_ev = if %w[ev !ev].include?(operator) " OR " + queried_class.send(:sanitize_sql_for_conditions, ["#{db_table}.#{db_field} IN (?)", value.map(&:to_s)]) else '' end sql = "#{neg} (EXISTS (#{subquery})#{sql_ev})" else sql = '1=0' end else raise QueryError, "Unknown query operator #{operator}" end return sql end # Returns a SQL LIKE statement with wildcards # # valid options: # * :match - use NOT LIKE if false # * :starts_with - use LIKE 'value%' if true # * :ends_with - use LIKE '%value' if true # * :all_words - use OR instead of AND if false # (ignored if :starts_with or :ends_with is true) def sql_contains(db_field, value, options={}) options = {} unless options.is_a?(Hash) options.symbolize_keys! queried_class.sanitize_sql_for_conditions( ::Query.tokenized_like_conditions(db_field, value, **options) ) end # rubocop:disable Lint/IneffectiveAccessModifier def self.tokenized_like_conditions(db_field, value, **options) tokens = Redmine::Search::Tokenizer.new(value).tokens tokens = [value] unless tokens.present? if options[:starts_with] prefix, suffix = nil, '%' logical_opr = ' OR ' elsif options[:ends_with] prefix, suffix = '%', nil logical_opr = ' OR ' else prefix = suffix = '%' logical_opr = options[:all_words] == false ? ' OR ' : ' AND ' end sql, values = tokens.map do |token| [Redmine::Database.like(db_field, '?', options), "#{prefix}#{sanitize_sql_like token}#{suffix}"] end.transpose [sql.join(logical_opr), *values] end # rubocop:enable Lint/IneffectiveAccessModifier # Adds a filter for the given custom field def add_custom_field_filter(field, assoc=nil) options = field.query_filter_options(self) filter_id = "cf_#{field.id}" filter_name = field.name if assoc.present? filter_id = "#{assoc}.#{filter_id}" filter_name = l("label_attribute_of_#{assoc}", :name => filter_name) end add_available_filter( filter_id, options.merge( { :name => filter_name, :field => field } ) ) end # Adds filters for custom fields associated to the custom field target class # Eg. having a version custom field "Milestone" for issues and a date custom field "Release date" # for versions, it will add an issue filter on Milestone'e Release date. def add_chained_custom_field_filters(field) klass = field.format.target_class if klass CustomField.where(:is_filter => true, :type => "#{klass.name}CustomField").each do |chained| options = chained.query_filter_options(self) filter_id = "cf_#{field.id}.cf_#{chained.id}" add_available_filter( filter_id, options.merge( { :name => l(:label_attribute_of_object, :name => chained.name, :object_name => field.name), :field => chained, :through => field } ) ) end end end # Adds filters for the given custom fields scope def add_custom_fields_filters(scope, assoc=nil) scope.visible.where(:is_filter => true).sorted.each do |field| add_custom_field_filter(field, assoc) if assoc.nil? add_chained_custom_field_filters(field) if field.format.target_class && field.format.target_class == Version add_available_filter( "cf_#{field.id}.due_date", :type => :date, :field => field, :name => l(:label_attribute_of_object, :name => l(:field_effective_date), :object_name => field.name) ) add_available_filter( "cf_#{field.id}.status", :type => :list, :field => field, :name => l(:label_attribute_of_object, :name => l(:field_status), :object_name => field.name), :values => Version::VERSION_STATUSES.map{|s| [l("version_status_#{s}"), s]} ) end end end end # Adds filters for the given associations custom fields def add_associations_custom_fields_filters(*associations) fields_by_class = CustomField.visible.where(:is_filter => true).group_by(&:class) associations.each do |assoc| association_klass = queried_class.reflect_on_association(assoc).klass fields_by_class.each do |field_class, fields| if field_class.customized_class <= association_klass fields.sort.each do |field| add_custom_field_filter(field, assoc) end end end end end def quoted_time(time, is_custom_filter) if is_custom_filter # Custom field values are stored as strings in the DB # using this format that does not depend on DB date representation time.strftime("%Y-%m-%d %H:%M:%S") else self.class.connection.quoted_date(time) end end def date_for_user_time_zone(y, m, d) if tz = User.current.time_zone tz.local y, m, d else Time.local y, m, d end end # Returns a SQL clause for a date or datetime field. def date_clause(table, field, from, to, is_custom_filter) s = [] if from if from.is_a?(Date) from = date_for_user_time_zone(from.year, from.month, from.day).yesterday.end_of_day else from = from - 1 # second end if ActiveRecord.default_timezone == :utc from = from.utc end s << ("#{table}.#{field} > '%s'" % [quoted_time(from, is_custom_filter)]) end if to if to.is_a?(Date) to = date_for_user_time_zone(to.year, to.month, to.day).end_of_day end if ActiveRecord.default_timezone == :utc to = to.utc end s << ("#{table}.#{field} <= '%s'" % [quoted_time(to, is_custom_filter)]) end s.join(' AND ') end # Returns a SQL clause for a date or datetime field using relative dates. def relative_date_clause(table, field, days_from, days_to, is_custom_filter) date_clause( table, field, (days_from ? User.current.today + days_from : nil), (days_to ? User.current.today + days_to : nil), is_custom_filter ) end # Returns a Date or Time from the given filter value def parse_date(arg) if /\A\d{4}-\d{2}-\d{2}T/.match?(arg.to_s) Time.parse(arg) rescue nil else Date.parse(arg) rescue nil end end # Additional joins required for the given sort options def joins_for_order_statement(order_options) joins = [] if order_options order_options.scan(/cf_\d+/).uniq.each do |name| column = available_columns.detect {|c| c.name.to_s == name} join = column && column.custom_field.join_for_order_statement if join joins << join end end end joins.any? ? joins.join(' ') : nil end end