Skip to content

Joins3 #686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
fogelito wants to merge 123 commits into from
Closed

Joins3 #686

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
123 commits
Select commit Hold shift + click to select a range
13beed1
joins
fogelito Oct 11, 2024
966631b
query test
fogelito Oct 14, 2024
8004014
Add constructor params
fogelito Oct 28, 2024
c7af565
Join validator
fogelito Oct 28, 2024
a87eed3
Init V2 validators
fogelito Oct 29, 2024
93d414e
validate values
fogelito Oct 30, 2024
35f73e6
Revert Documents validator
fogelito Oct 31, 2024
fc83d9b
Limit Offset validators
fogelito Oct 31, 2024
c5c8010
Merge branch 'main' of github.com:utopia-php/database into joins2
fogelito Feb 17, 2025
f4bddd4
formatting
fogelito Feb 17, 2025
9c85f4e
formatting
fogelito Feb 17, 2025
f99eba7
Validations
fogelito Feb 17, 2025
3c6101f
Validations
fogelito Feb 17, 2025
6276e3b
Context class
fogelito Feb 18, 2025
e7a56b5
Use add context
fogelito Feb 18, 2025
558820b
Add default alias
fogelito Feb 19, 2025
778d8da
Add Join types
fogelito Feb 20, 2025
4a1c539
Init join validation
fogelito Feb 20, 2025
f200707
Use original validator offset limit cursor
fogelito Feb 23, 2025
3ca3335
validate fulltext index
fogelito Feb 23, 2025
ab49c0d
formatting
fogelito Feb 23, 2025
c44bee5
Break groupByType
fogelito Feb 23, 2025
7bc1fe9
Introduce selection query
fogelito Feb 24, 2025
608e5ec
Add Query scope test
fogelito Feb 24, 2025
a0ca81d
Get cursor queries
fogelito Feb 25, 2025
ad0c884
Add $context to Adapter.php
fogelito Feb 25, 2025
601db10
formatting
fogelito Feb 25, 2025
2de99c0
Try new signature
fogelito Feb 26, 2025
c2a4ba1
Add Query alias
fogelito Feb 26, 2025
ba65745
Test Ambiguous alias
fogelito Feb 27, 2025
6bde5ab
Alias validator
fogelito Feb 27, 2025
f41ee35
Binds on the fly
fogelito Mar 2, 2025
67f1bbb
Use generic tenant function
fogelito Mar 2, 2025
1fff442
Add quote function
fogelito Mar 3, 2025
5a21d10
getInternalKeyForAttribute function
fogelito Mar 3, 2025
0d0f591
formatting
fogelito Mar 3, 2025
e38cfcc
Fix right Attribute internals
fogelito Mar 3, 2025
71a45b1
Test relation query exist
fogelito Mar 3, 2025
8c882dc
Test permissions
fogelito Mar 4, 2025
a965c71
Remove getSQLPlaceholder method
fogelito Mar 4, 2025
026ec5e
Some cursor work
fogelito Mar 4, 2025
a7f9a2d
order / cursor
fogelito Mar 4, 2025
22c108d
move find to sql.php
fogelito Mar 5, 2025
8caa65f
Postgres tests
fogelito Mar 5, 2025
93e7265
Test order by
fogelito Mar 5, 2025
bd4387a
Test order by
fogelito Mar 5, 2025
785e0c1
Fix query nesting
fogelito Mar 6, 2025
bf293fc
Remove bindConditionValue
fogelito Mar 6, 2025
1f1ea34
Remove getSQLPlaceholder
fogelito Mar 6, 2025
ccbb984
Remove groupByType
fogelito Mar 9, 2025
f807737
add groupByType for later trace
fogelito Mar 9, 2025
651a24c
removeByType
fogelito Mar 9, 2025
7d0fe4f
remove comments
fogelito Mar 9, 2025
55e752c
Update sum N count to use convertQueries
fogelito Mar 10, 2025
1de5d05
formatting
fogelito Mar 10, 2025
345b251
formatting
fogelito Mar 11, 2025
ab07713
Unit tests
fogelito Mar 11, 2025
9421014
Unit tests
fogelito Mar 11, 2025
daa635b
remove var_dump
fogelito Mar 11, 2025
c15a69b
skipAuth
fogelito Mar 14, 2025
f5e717e
Merge branch 'main' of github.com:utopia-php/database into joins2
fogelito Apr 21, 2025
30d8f87
default alias
fogelito Apr 21, 2025
0f3e6a9
Use order fallback N update postgres
fogelito Apr 21, 2025
6649bd9
merge conflicts
fogelito Apr 21, 2025
7e837ca
Fix Authorization when disabled
fogelito Apr 21, 2025
311555c
Init selects
fogelito Apr 22, 2025
1346015
DecodeV2
fogelito Apr 23, 2025
fd05e50
Remove internal attributes not queried
fogelito Apr 23, 2025
7fea0b3
Remove internal attributes not queried
fogelito Apr 23, 2025
ce0bf8f
Remove select duplications fix $collection issue
fogelito Apr 24, 2025
0ef44d8
Fix select queries
fogelito Apr 24, 2025
40b9aae
Selects
fogelito Apr 27, 2025
3c4db4a
Remove auth set false
fogelito Apr 27, 2025
a681979
Fix deleteDocuments
fogelito Apr 27, 2025
e18746a
Fix Postgres.php
fogelito Apr 27, 2025
dfd5c3c
Fix decoding
fogelito Apr 28, 2025
2e0cd91
Joins tests
fogelito Apr 29, 2025
7d99f75
order by message
fogelito Apr 29, 2025
ffb9ea4
casting
fogelito May 4, 2025
3770ab0
Decode Casting
fogelito May 5, 2025
4586145
decode
fogelito May 8, 2025
9d91078
sync changes
fogelito May 8, 2025
31c25ab
Remove skipAuth auth
fogelito May 11, 2025
bf4219b
Merge branch 'main' of github.com:utopia-php/database into joins2
fogelito May 12, 2025
106da41
Pull main
fogelito May 12, 2025
2f2a64a
Unit tests
fogelito May 13, 2025
735e0d3
Comment ambiguous
fogelito May 15, 2025
c854fdd
Test as test
fogelito May 15, 2025
d4e85d8
As tests
fogelito May 18, 2025
0a1faa1
As tests
fogelito May 19, 2025
d2796e4
Revert lock
fogelito May 19, 2025
1cc6d6c
Change name
fogelito May 20, 2025
45d8e25
Fix permissions
fogelito May 21, 2025
b438259
Add getLimitQueries
fogelito May 21, 2025
ba58a25
getOffsetQueries
fogelito May 21, 2025
e099596
addSelect method
fogelito May 25, 2025
321e468
select internal attributes
fogelito May 25, 2025
70a4b5c
assertArrayHasKey $collection
fogelito May 26, 2025
16c822e
addHiddenAttribute
fogelito Jun 8, 2025
02d269d
addHiddenAttribute
fogelito Jun 11, 2025
f7ae73c
Update Cursor logic
fogelito Jul 6, 2025
cb814c1
Check isset
fogelito Jul 6, 2025
a9032c6
Merge branch 'main' of github.com:utopia-php/database into joins3
fogelito Sep 2, 2025
a427a45
Query tests
fogelito Sep 2, 2025
8f688ae
Special validations
fogelito Sep 3, 2025
747dce3
Sync
fogelito Sep 3, 2025
eb51766
Dbg
fogelito Sep 3, 2025
8f563d7
decode
fogelito Sep 3, 2025
953afd3
Fix decode
fogelito Sep 4, 2025
4c39033
Attr tests check perms
fogelito Sep 4, 2025
4d4caf6
Change $internalid
fogelito Sep 4, 2025
32aa3f9
perms
fogelito Sep 4, 2025
22f92e3
perms
fogelito Sep 4, 2025
dcb4263
$permissions
fogelito Sep 7, 2025
c418511
Fix convert queries
fogelito Sep 7, 2025
f51ca0f
tests
fogelito Sep 7, 2025
f42c411
tests
fogelito Sep 7, 2025
dd15243
processRelationshipQueries
fogelito Sep 7, 2025
d0d0e10
dbg
fogelito Sep 7, 2025
679c278
process Relationship Queries
fogelito Sep 8, 2025
7085327
RelationshipTests
fogelito Sep 8, 2025
39d6689
Spatial
fogelito Sep 9, 2025
2ba2962
Spatial
fogelito Sep 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
340 changes: 237 additions & 103 deletions composer.lock
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions phpunit.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<phpunit
<phpunit
backupGlobals="false"
backupStaticAttributes="false"
bootstrap="vendor/autoload.php"
Expand All @@ -7,7 +7,7 @@
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false"
stopOnFailure="true"
>
<testsuites>
<testsuite name="unit">
Expand Down
55 changes: 22 additions & 33 deletions src/Database/Adapter.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -788,18 +788,33 @@ abstract public function deleteDocuments(string $collection, array $sequences, a
*
* Find data sets using chosen queries
*
* @param Document $collection
* @param QueryContext $context
* @param array<Query> $queries
* @param int|null $limit
* @param int|null $offset
* @param array<string> $orderAttributes
* @param array<string> $orderTypes
* @param array<string, mixed> $cursor
* @param string $cursorDirection
* @param string $forPermission
* @param array<Query> $selects
* @param array<Query> $filters
* @param array<Query> $joins
* @param array<Query> $orderQueries
*
* @return array<Document>
*/
abstract public function find(Document $collection, array $queries = [], ?int $limit = 25, ?int $offset = null, array $orderAttributes = [], array $orderTypes = [], array $cursor = [], string $cursorDirection = Database::CURSOR_AFTER, string $forPermission = Database::PERMISSION_READ): array;
abstract public function find(
QueryContext $context,
array $queries = [],
?int $limit = 25,
?int $offset = null,
array $cursor = [],
string $cursorDirection = Database::CURSOR_AFTER,
string $forPermission = Database::PERMISSION_READ,
array $selects = [],
array $filters = [],
array $joins = [],
array $orderQueries = []
): array;

/**
* Sum an attribute
Expand Down Expand Up @@ -1134,36 +1149,10 @@ abstract public function getAttributeWidth(Document $collection): int;
abstract public function getKeywords(): array;

/**
* Get an attribute projection given a list of selected attributes
*
* @param array<string> $selections
* @param string $prefix
* @return mixed
*/
abstract protected function getAttributeProjection(array $selections, string $prefix): mixed;

/**
* Get all selected attributes from queries
*
* @param Query[] $queries
* @return string[]
* @param array<Query> $selects
* @return string
*/
protected function getAttributeSelections(array $queries): array
{
$selections = [];

foreach ($queries as $query) {
switch ($query->getMethod()) {
case Query::TYPE_SELECT:
foreach ($query->getValues() as $value) {
$selections[] = $value;
}
break;
}
}

return $selections;
}
abstract protected function getAttributeProjection(array $selects): string;

/**
* Filter Keys
Expand Down
15 changes: 13 additions & 2 deletions src/Database/Adapter/MariaDB.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
use Utopia\Database\Exception\Truncate as TruncateException;
use Utopia\Database\Helpers\ID;
use Utopia\Database\Query;
use Utopia\Database\QueryContext;
use Utopia\Database\Validator\Authorization;

class MariaDB extends SQL
{
Expand Down Expand Up @@ -56,7 +58,7 @@ public function delete(string $name): bool
$sql = "DROP DATABASE `{$name}`;";

$sql = $this->trigger(Database::EVENT_DATABASE_DELETE, $sql);

var_dump($sql);
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Remove debug var_dump in production path.

Leaking SQL to stdout/stderr from delete() is a correctness and security issue; it also pollutes test output.

Apply:

-        var_dump($sql);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
var_dump($sql);
🤖 Prompt for AI Agents 
In src/Database/Adapter/MariaDB.php around line 61 there is a leftover
var_dump($sql) used for debugging; remove that var_dump call from the delete()
path and, if visibility is required for diagnostics, replace it with a
conditional debug log via the project's logger at debug level (or nothing) so no
SQL is printed to stdout/stderr in production; run relevant tests to ensure no
test output is polluted.

return $this->getPDO()
->prepare($sql)
->execute();
Expand Down Expand Up @@ -1454,11 +1456,14 @@ protected function handleSpatialQueries(Query $query, array &$binds, string $att
protected function getSQLCondition(Query $query, array &$binds, array $attributes = []): string
{
$query->setAttribute($this->getInternalKeyForAttribute($query->getAttribute()));
$query->setAttributeRight($this->getInternalKeyForAttribute($query->getAttributeRight()));

$attribute = $query->getAttribute();
$attribute = $this->filter($attribute);
$attribute = $this->quote($attribute);
$alias = $this->quote(Query::DEFAULT_ALIAS);
$alias = $query->getAlias();
$alias = $this->filter($alias);
$alias = $this->quote($alias);
$placeholder = ID::unique();

$attributeType = $this->getAttributeType($query->getAttribute(), $attributes);
Expand Down Expand Up @@ -1502,6 +1507,12 @@ protected function getSQLCondition(Query $query, array &$binds, array $attribute

return "{$alias}.{$attribute} NOT BETWEEN :{$placeholder}_0 AND :{$placeholder}_1";

case Query::TYPE_RELATION_EQUAL:
$attributeRight = $this->quote($this->filter($query->getAttributeRight()));
$aliasRight = $this->quote($query->getRightAlias());

return "{$alias}.{$attribute}={$aliasRight}.{$attributeRight}";

Comment on lines +1510 to +1515
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Sanitize right-hand alias in relation-equality SQL.

aliasRight is quoted but not filtered; filter it like the left alias to prevent malformed aliases or injection.

Apply:

-            case Query::TYPE_RELATION_EQUAL:
-                $attributeRight = $this->quote($this->filter($query->getAttributeRight()));
-                $aliasRight = $this->quote($query->getRightAlias());
-                return "{$alias}.{$attribute}={$aliasRight}.{$attributeRight}";
+            case Query::TYPE_RELATION_EQUAL:
+                $attributeRight = $this->quote($this->filter($query->getAttributeRight()));
+                $aliasRight = $this->quote($this->filter($query->getRightAlias()));
+                return "{$alias}.{$attribute}={$aliasRight}.{$attributeRight}";
🤖 Prompt for AI Agents 
In src/Database/Adapter/MariaDB.php around lines 1510 to 1515 the right-hand
relation alias ($aliasRight) is quoted but not passed through the filter method
like the left alias, leaving a risk of malformed aliases or injection; update
the code to first filter the right alias (e.g.,
$this->filter($query->getRightAlias())) and then quote it, mirroring the
left-alias handling so the returned SQL uses the filtered-and-quoted right
alias.

case Query::TYPE_IS_NULL:
case Query::TYPE_IS_NOT_NULL:

Expand Down
23 changes: 15 additions & 8 deletions src/Database/Adapter/Pool.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
use Utopia\Database\Database;
use Utopia\Database\Document;
use Utopia\Database\Exception as DatabaseException;
use Utopia\Database\QueryContext;
use Utopia\Pools\Pool as UtopiaPool;

class Pool extends Adapter
Expand Down Expand Up @@ -260,7 +261,19 @@ public function deleteDocuments(string $collection, array $sequences, array $per
return $this->delegate(__FUNCTION__, \func_get_args());
}

public function find(Document $collection, array $queries = [], ?int $limit = 25, ?int $offset = null, array $orderAttributes = [], array $orderTypes = [], array $cursor = [], string $cursorDirection = Database::CURSOR_AFTER, string $forPermission = Database::PERMISSION_READ): array
public function find(
QueryContext $context,
array $queries = [],
?int $limit = 25,
?int $offset = null,
array $cursor = [],
string $cursorDirection = Database::CURSOR_AFTER,
string $forPermission = Database::PERMISSION_READ,
array $selects = [],
array $filters = [],
array $joins = [],
array $orderQueries = []
): array
{
return $this->delegate(__FUNCTION__, \func_get_args());
}
Expand Down Expand Up @@ -470,13 +483,7 @@ public function getKeywords(): array
return $this->delegate(__FUNCTION__, \func_get_args());
}

/**
* @param array<string,mixed> $selections
* @param string $prefix
* @param array<string,mixed> $spatialAttributes
* @return mixed
*/
protected function getAttributeProjection(array $selections, string $prefix, array $spatialAttributes = []): mixed
protected function getAttributeProjection(array $selects): string
{
return $this->delegate(__FUNCTION__, \func_get_args());
}
Expand Down
14 changes: 13 additions & 1 deletion src/Database/Adapter/Postgres.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@
use Utopia\Database\Exception\Truncate as TruncateException;
use Utopia\Database\Helpers\ID;
use Utopia\Database\Query;
use Utopia\Database\QueryContext;
use Utopia\Database\Validator\Authorization;

class Postgres extends SQL
{
Expand Down Expand Up @@ -1556,10 +1558,13 @@ protected function handleSpatialQueries(Query $query, array &$binds, string $att
protected function getSQLCondition(Query $query, array &$binds, array $attributes = []): string
{
$query->setAttribute($this->getInternalKeyForAttribute($query->getAttribute()));
$query->setAttributeRight($this->getInternalKeyForAttribute($query->getAttributeRight()));

$attribute = $this->filter($query->getAttribute());
$attribute = $this->quote($attribute);
$alias = $this->quote(Query::DEFAULT_ALIAS);
$alias = $query->getAlias();
$alias = $this->filter($alias);
$alias = $this->quote($alias);
$placeholder = ID::unique();

$attributeType = $this->getAttributeType($query->getAttribute(), $attributes);
Expand Down Expand Up @@ -1599,6 +1604,12 @@ protected function getSQLCondition(Query $query, array &$binds, array $attribute
$binds[":{$placeholder}_1"] = $query->getValues()[1];
return "{$alias}.{$attribute} NOT BETWEEN :{$placeholder}_0 AND :{$placeholder}_1";

case Query::TYPE_RELATION_EQUAL:
$attributeRight = $this->quote($this->filter($query->getAttributeRight()));
$aliasRight = $this->quote($query->getRightAlias());

return "{$alias}.{$attribute}={$aliasRight}.{$attributeRight}";

Comment on lines +1607 to +1612
Copy link
Contributor

@coderabbitai coderabbitai bot Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Sanitize right alias to prevent malformed identifiers.

getRightAlias() is quoted but not filtered; filter() should precede quote() as with the left alias.

Apply this fix:

             case Query::TYPE_RELATION_EQUAL:
                 $attributeRight = $this->quote($this->filter($query->getAttributeRight()));
-                $aliasRight = $this->quote($query->getRightAlias());
+                $aliasRight = $this->quote($this->filter($query->getRightAlias()));
 
                 return "{$alias}.{$attribute}={$aliasRight}.{$attributeRight}";
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
case Query::TYPE_RELATION_EQUAL:
$attributeRight = $this->quote($this->filter($query->getAttributeRight()));
$aliasRight = $this->quote($query->getRightAlias());
return "{$alias}.{$attribute}={$aliasRight}.{$attributeRight}";
case Query::TYPE_RELATION_EQUAL:
$attributeRight = $this->quote($this->filter($query->getAttributeRight()));
$aliasRight = $this->quote($this->filter($query->getRightAlias()));
return "{$alias}.{$attribute}={$aliasRight}.{$attributeRight}";
🤖 Prompt for AI Agents 
In src/Database/Adapter/Postgres.php around lines 1607-1612, the right alias is
quoted but not filtered which can allow malformed identifiers; change the
assignment to filter the right alias before quoting it (i.e. call
$this->filter($query->getRightAlias()) and then $this->quote(...) around that)
so it mirrors the left-alias handling and prevents unsafe identifiers.

case Query::TYPE_IS_NULL:
case Query::TYPE_IS_NOT_NULL:
return "{$alias}.{$attribute} {$this->getSQLOperator($query->getMethod())}";
Expand Down Expand Up @@ -1629,6 +1640,7 @@ protected function getSQLCondition(Query $query, array &$binds, array $attribute
Query::TYPE_NOT_ENDS_WITH => '%' . $this->escapeWildcards($value),
Query::TYPE_CONTAINS => ($query->onArray()) ? \json_encode($value) : '%' . $this->escapeWildcards($value) . '%',
Query::TYPE_NOT_CONTAINS => ($query->onArray()) ? \json_encode($value) : '%' . $this->escapeWildcards($value) . '%',
//Query::TYPE_SEARCH => $this->getFulltextValue($value),
default => $value
};

Expand Down
Loading