#-- encoding: UTF-8 #-- copyright # OpenProject is a project management system. # Copyright (C) 2012-2015 the OpenProject Foundation (OPF) # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License version 3. # # OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: # Copyright (C) 2006-2013 Jean-Philippe Lang # Copyright (C) 2010-2013 the ChiliProject Team # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # See doc/COPYRIGHT.rdoc for more details. #++ class Query < ActiveRecord::Base include ActiveModel::ForbiddenAttributesProtection include Queries::WorkPackages::AvailableFilterOptions # referenced in plugin patches - currently there are only work package queries and filters alias_method :available_filters, :available_work_package_filters @@user_filters = %w{assigned_to_id author_id watcher_id responsible_id}.freeze belongs_to :project belongs_to :user has_one :query_menu_item, -> { order('name') }, class_name: 'MenuItems::QueryMenuItem', dependent: :delete, foreign_key: 'navigatable_id' serialize :filters, Queries::WorkPackages::FilterSerializer serialize :column_names serialize :sort_criteria, Array attr_protected :project_id # , :user_id validates :name, presence: true validates_length_of :name, maximum: 255 validate :validate_work_package_filters after_initialize :remember_project_scope # WARNING: sortable should not contain a column called id (except for the # work_packages.id column). Otherwise naming collisions can happen when AR # optimizes a query into two separate DB queries (e.g. when joining tables). # The first query is employed to fetch all ids which are used as filters in # the second query. The columns mentioned in sortable are used for the first # query. If such a statement selects from two coluns named .id # the second one is taken to get the ids of the work packages. @@available_columns = [ QueryColumn.new(:id, sortable: "#{WorkPackage.table_name}.id", groupable: false), QueryColumn.new(:project, sortable: "#{Project.table_name}.name", groupable: true), QueryColumn.new(:type, sortable: "#{::Type.table_name}.position", groupable: true), QueryColumn.new(:parent, sortable: ["#{WorkPackage.table_name}.root_id", "#{WorkPackage.table_name}.lft ASC"], default_order: 'desc'), QueryColumn.new(:status, sortable: "#{Status.table_name}.position", groupable: true), QueryColumn.new(:priority, sortable: "#{IssuePriority.table_name}.position", default_order: 'desc', groupable: true), QueryColumn.new(:subject, sortable: "#{WorkPackage.table_name}.subject"), QueryColumn.new(:author, sortable: ["#{User.table_name}.lastname", "#{User.table_name}.firstname", "#{WorkPackage.table_name}.author_id"], groupable: true), QueryColumn.new(:assigned_to, sortable: ["#{User.table_name}.lastname", "#{User.table_name}.firstname", "#{WorkPackage.table_name}.assigned_to_id"], groupable: true), QueryColumn.new(:responsible, sortable: ["#{User.table_name}.lastname", "#{User.table_name}.firstname", "#{WorkPackage.table_name}.responsible_id"], groupable: "#{WorkPackage.table_name}.responsible_id", join: 'LEFT OUTER JOIN users as responsible ON ' + "(#{WorkPackage.table_name}.responsible_id = responsible.id)"), QueryColumn.new(:updated_at, sortable: "#{WorkPackage.table_name}.updated_at", default_order: 'desc'), QueryColumn.new(:category, sortable: "#{Category.table_name}.name", groupable: true), QueryColumn.new(:fixed_version, sortable: ["#{Version.table_name}.effective_date", "#{Version.table_name}.name"], default_order: 'desc', groupable: true), # Put empty start_dates in the far future rather than in the far past QueryColumn.new(:start_date, # Put empty start_dates in the far future rather than in the far past sortable: ["CASE WHEN #{WorkPackage.table_name}.start_date IS NULL THEN 1 ELSE 0 END", "#{WorkPackage.table_name}.start_date"]), QueryColumn.new(:due_date, # Put empty due_dates in the far future rather than in the far past sortable: ["CASE WHEN #{WorkPackage.table_name}.due_date IS NULL THEN 1 ELSE 0 END", "#{WorkPackage.table_name}.due_date"]), QueryColumn.new(:estimated_hours, sortable: "#{WorkPackage.table_name}.estimated_hours", summable: true), QueryColumn.new(:done_ratio, sortable: "#{WorkPackage.table_name}.done_ratio", groupable: true), QueryColumn.new(:created_at, sortable: "#{WorkPackage.table_name}.created_at", default_order: 'desc'), ] cattr_reader :available_columns def initialize(attributes = nil, options = {}) super add_default_filter if options[:initialize_with_default_filter] end def add_default_filter self.filters = [Queries::WorkPackages::Filter.new('status_id', operator: 'o', values: [''])] if filters.blank? end # Store the fact that project is nil (used in #editable_by?) def remember_project_scope @is_for_all = project.nil? end def validate_work_package_filters filters.each do |filter| unless filter.valid? messages = filter.errors.messages.values.flatten.join(" #{I18n.t('support.array.sentence_connector')} ") cf_id = custom_field_id filter if cf_id && CustomField.find(cf_id) attribute_name = CustomField.find(cf_id).name errors.add :base, attribute_name + I18n.t(default: ' %{message}', message: messages) else attribute_name = WorkPackage.human_attribute_name(filter.field) errors.add :base, errors.full_message(attribute_name, messages) end end end end def editable_by?(user) return false unless user # Admin can edit them all and regular users can edit their private queries return true if user.admin? || (!is_public && user_id == user.id) # Members can not edit public queries that are for all project (only admin is allowed to) is_public && !@is_for_all && user.allowed_to?(:manage_public_queries, project) end def add_filter(field, operator, values) return unless work_package_filter_available?(field) if filter = filter_for(field) filter.operator = operator filter.values = values else filters << Queries::WorkPackages::Filter.new(field, operator: operator, values: values) end end def add_short_filter(field, expression) return unless expression parms = expression.scan(/\A(o|c|!\*|!|\*)?(.*)\z/).first add_filter field, (parms[0] || '='), [parms[1] || ''] end # Add multiple filters using +add_filter+ def add_filters(fields, operators, values) values ||= {} if fields.is_a?(Array) && operators.is_a?(Hash) && values.is_a?(Hash) fields.each do |field| add_filter(field, operators[field], values[field]) end end end def has_filter?(field) filters.present? && filters.any? { |filter| filter.field.to_s == field.to_s } end def filter_for(field) (filters || []).detect { |filter| filter.field.to_s == field.to_s } end # Deprecated def operator_for(field) warn '#operator_for is deprecated. Query the filter object directly, instead.' filter_for(field).try :operator end # Deprecated def values_for(field) warn '#values_for is deprecated. Query the filter object directly, instead.' filter_for(field).try :values end def label_for(field) label = available_work_package_filters[field][:name] if work_package_filter_available?(field) label ||= field.gsub(/\_id\z/, '') end def normalized_name name.parameterize.underscore end def available_columns return @available_columns if @available_columns @available_columns = ::Query.available_columns @available_columns += (project ? project.all_work_package_custom_fields : WorkPackageCustomField.all ).map { |cf| ::QueryCustomFieldColumn.new(cf) } if WorkPackage.done_ratio_disabled? @available_columns.select! { |column| column.name != :done_ratio } end @available_columns end def self.available_columns=(v) self.available_columns = (v) end def self.add_available_column(column) available_columns << (column) if column.is_a?(QueryColumn) end # Returns an array of columns that can be used to group the results def groupable_columns available_columns.select(&:groupable) end # Returns a Hash of columns and the key for sorting def sortable_columns { 'id' => "#{WorkPackage.table_name}.id" }.merge(available_columns.inject({}) {|h, column| h[column.name.to_s] = column.sortable h }) end def columns if has_default_columns? available_columns.select do |c| # Adds the project column by default for cross-project lists Setting.work_package_list_default_columns.include?(c.name.to_s) || (c.name == :project && project.nil?) end else # preserve the column_names order column_names.map { |name| available_columns.find { |col| col.name == name } }.compact end end def column_names=(names) if names.present? names = names.inject([]) { |out, e| out += e.to_s.split(',') } names = names.select { |n| n.is_a?(Symbol) || !n.blank? } names = names.map { |n| n.is_a?(Symbol) ? n : n.to_sym } # Set column_names to nil if default columns if names.map(&:to_s) == Setting.work_package_list_default_columns names = nil end end write_attribute(:column_names, names) end def has_column?(column) column_names && column_names.include?(column.name) end def has_default_columns? column_names.nil? || column_names.empty? end ## # Returns the columns involved in this query, including those only needed for sorting or grouping # puposes, not only the ones displayed (see :columns). def involved_columns columns = self.columns.map(&:name) columns << group_by.to_sym if group_by columns += sort_criteria.map { |x| x.first.to_sym } columns.uniq end def sort_criteria=(arg) c = [] if arg.is_a?(Hash) arg = arg.keys.sort.map { |k| arg[k] } end c = arg.select { |k, _o| !k.to_s.blank? }.slice(0, 3).map { |k, o| [k.to_s, o == 'desc' ? o : 'asc'] } write_attribute(:sort_criteria, c) end def sort_criteria read_attribute(:sort_criteria) || [] end def sort_criteria_sql criteria = SortHelper::SortCriteria.new criteria.available_criteria = sortable_columns criteria.criteria = sort_criteria criteria.to_sql end def sort_criteria_key(arg) sort_criteria && sort_criteria[arg] && sort_criteria[arg].first end def sort_criteria_order(arg) sort_criteria && sort_criteria[arg] && sort_criteria[arg].last end # Returns the SQL sort order that should be prepended for grouping def group_by_sort_order if grouped? && (column = group_by_column) Array(column.sortable).map { |s| "#{s} #{column.default_order}" }.join(',') end end # Returns true if the query is a grouped query def grouped? !group_by_column.nil? end def display_sums? display_sums && any_summable_columns? end def any_summable_columns? Setting.work_package_list_summable_columns.any? end def group_by_column groupable_columns.detect { |c| c.groupable && c.name.to_s == group_by } end def group_by_statement group_by_column.try(:groupable) end def project_statement project_clauses = [] if project && !project.descendants.active.empty? ids = [project.id] subproject_filter = filter_for 'subproject_id' if subproject_filter case subproject_filter.operator when '=' # include the selected subprojects ids += subproject_filter.values.each(&:to_i) when '!*' # main project only else # all subprojects ids += project.descendants.map(&:id) end elsif Setting.display_subprojects_work_packages? ids += project.descendants.map(&:id) end project_clauses << "#{Project.table_name}.id IN (%s)" % ids.join(',') elsif project project_clauses << "#{Project.table_name}.id = %d" % project.id end project_clauses << WorkPackage.visible_condition(User.current) project_clauses.join(' AND ') end def statement # filters clauses filters_clauses = [] filters.each do |filter| field = filter.field.to_s next if field == 'subproject_id' operator = filter.operator values = filter.values ? filter.values.clone : [''] # HACK - some operators don't require values, but they are needed for building the statement # "me" value substitution if @@user_filters.include? field if values.delete('me') if User.current.logged? values.push(User.current.id.to_s) values += User.current.group_ids.map(&:to_s) if field == 'assigned_to_id' else values.push('0') end end end sql = '' if field =~ /\Acf_(\d+)\z/ # custom field db_table = CustomValue.table_name db_field = 'value' is_custom_filter = true sql << "#{WorkPackage.table_name}.id IN (SELECT #{WorkPackage.table_name}.id FROM #{WorkPackage.table_name} LEFT OUTER JOIN #{db_table} ON #{db_table}.customized_type='WorkPackage' AND #{db_table}.customized_id=#{WorkPackage.table_name}.id AND #{db_table}.custom_field_id=#{$1} WHERE " sql << sql_for_field(field, operator, values, db_table, db_field, true) + ')' elsif field == 'watcher_id' db_table = Watcher.table_name db_field = 'user_id' if User.current.admin? # Admins can always see all watchers sql << "#{WorkPackage.table_name}.id #{operator == '=' ? 'IN' : 'NOT IN'} (SELECT #{db_table}.watchable_id FROM #{db_table} WHERE #{db_table}.watchable_type='WorkPackage' AND #{sql_for_field field, '=', values, db_table, db_field})" else sql_parts = [] if User.current.logged? && user_id = values.delete(User.current.id.to_s) # a user can always see his own watched issues sql_parts << "#{WorkPackage.table_name}.id #{operator == '=' ? 'IN' : 'NOT IN'} (SELECT #{db_table}.watchable_id FROM #{db_table} WHERE #{db_table}.watchable_type='WorkPackage' AND #{sql_for_field field, '=', [user_id], db_table, db_field})" end # filter watchers only in projects the user has the permission to view watchers in project_ids = User.current.projects_by_role.map { |r, p| p if r.permissions.include? :view_work_package_watchers }.flatten.compact.map(&:id).uniq sql_parts << "#{WorkPackage.table_name}.id #{operator == '=' ? 'IN' : 'NOT IN'} (SELECT #{db_table}.watchable_id FROM #{db_table} WHERE #{db_table}.watchable_type='WorkPackage' AND #{sql_for_field field, '=', values, db_table, db_field})"\ " AND #{Project.table_name}.id IN (#{project_ids.join(',')})" unless project_ids.empty? sql << "(#{sql_parts.join(' OR ')})" end elsif field == 'member_of_group' # named field if operator == '*' # Any group groups = Group.all operator = '=' # Override the operator since we want to find by assigned_to elsif operator == '!*' groups = Group.all operator = '!' # Override the operator since we want to find by assigned_to else groups = Group.where(id: values) end groups ||= [] members_of_groups = groups.inject([]) {|user_ids, group| if group && group.user_ids.present? user_ids << group.user_ids end user_ids.flatten.uniq.compact }.sort.map(&:to_s) sql << '(' + sql_for_field('assigned_to_id', operator, members_of_groups, WorkPackage.table_name, 'assigned_to_id', false) + ')' elsif field == 'assigned_to_role' # named field roles = Role.givable if operator == '*' # Any Role operator = '=' # Override the operator since we want to find by assigned_to elsif operator == '!*' # No role operator = '!' # Override the operator since we want to find by assigned_to else roles = roles.where(id: values) end roles ||= [] members_of_roles = roles.inject([]) {|user_ids, role| if role && role.members user_ids << if project_id role.members.reject { |m| m.project_id != project_id }.map(&:user_id) else role.members.map(&:user_id) end end user_ids.flatten.uniq.compact }.sort.map(&:to_s) sql << '(' + sql_for_field('assigned_to_id', operator, members_of_roles, WorkPackage.table_name, 'assigned_to_id', false) + ')' else # regular field db_table = WorkPackage.table_name db_field = field sql << '(' + sql_for_field(field, operator, values, db_table, db_field) + ')' end filters_clauses << sql end if filters.present? and valid? (filters_clauses << project_statement).join(' AND ') end # Returns the result set # Valid options are :order, :include, :conditions def results(options = {}) Results.new(self, options) end # Returns the journals # Valid options are :order, :offset, :limit def work_package_journals(options = {}) query = Journal.includes(:user) .where(journable_type: WorkPackage.to_s) .joins('INNER JOIN work_packages ON work_packages.id = journals.journable_id') .joins('INNER JOIN projects ON work_packages.project_id = projects.id') .joins('INNER JOIN users AS authors ON work_packages.author_id = authors.id') .joins('INNER JOIN types ON work_packages.type_id = types.id') .joins('INNER JOIN statuses ON work_packages.status_id = statuses.id') .where(statement) .order(options[:order]) .limit(options[:limit]) .offset(options[:offset]) .references(:users) query rescue ::ActiveRecord::StatementInvalid => e raise ::Query::StatementInvalid.new(e.message) end # Note: Convenience method to allow the angular front end to deal with query menu items in a non implementation-specific way def starred !!query_menu_item end private def custom_field_id(filter) matchdata = /cf\_(?\d+)/.match(filter.field.to_s) matchdata.nil? ? nil : matchdata[:id] end # Helper method to generate the WHERE sql for a +field+, +operator+ and a +values+ array def sql_for_field(field, operator, values, db_table, db_field, is_custom_filter = false) # code expects strings (e.g. for quoting), but ints would work as well: unify them here values = values.map(&:to_s) sql = '' case operator when '=' if values.present? if values.include?('-1') sql = "#{db_table}.#{db_field} IS NULL OR " end sql += "#{db_table}.#{db_field} IN (" + values.map { |val| "'#{connection.quote_string(val)}'" }.join(',') + ')' else # empty set of allowed values produces no result sql = '0=1' end when '!' if values.present? sql = "(#{db_table}.#{db_field} IS NULL OR #{db_table}.#{db_field} NOT IN (" + values.map { |val| "'#{connection.quote_string(val)}'" }.join(',') + '))' else # empty set of forbidden values allows all results sql = '1=1' end when '!*' sql = "#{db_table}.#{db_field} IS NULL" sql << " OR #{db_table}.#{db_field} = ''" if is_custom_filter when '*' sql = "#{db_table}.#{db_field} IS NOT NULL" sql << " AND #{db_table}.#{db_field} <> ''" if is_custom_filter when '>=' if is_custom_filter sql = "#{db_table}.#{db_field} != '' AND CAST(#{db_table}.#{db_field} AS decimal(60,4)) >= #{values.first.to_f}" else sql = "#{db_table}.#{db_field} >= #{values.first.to_f}" end when '<=' if is_custom_filter sql = "#{db_table}.#{db_field} != '' AND CAST(#{db_table}.#{db_field} AS decimal(60,4)) <= #{values.first.to_f}" else sql = "#{db_table}.#{db_field} <= #{values.first.to_f}" end when 'o' sql = "#{Status.table_name}.is_closed=#{connection.quoted_false}" if field == 'status_id' when 'c' sql = "#{Status.table_name}.is_closed=#{connection.quoted_true}" if field == 'status_id' when '>t-' sql = date_range_clause(db_table, db_field, - values.first.to_i, 0) when 't+' sql = date_range_clause(db_table, db_field, values.first.to_i, nil) when ' '%s'" % [connection.quoted_date((Date.yesterday + from).to_time.end_of_day)]) end if to s << ("#{table}.#{field} <= '%s'" % [connection.quoted_date((Date.today + to).to_time.end_of_day)]) end s.join(' AND ') end def connection self.class.connection end end