CSPACE-5943: Initial work at getting values for SQL queries from individual document...

diff --git a/services/authority/service/src/main/java/org/collectionspace/services/common/vocabulary/nuxeo/AuthorityItemDocumentModelHandler.java b/services/authority/service/src/main/java/org/collectionspace/services/common/vocabulary/nuxeo/AuthorityItemDocumentModelHandler.java
index 007dded89c3ada312a9a35142ca9780dbfeb2121..849466f5dce276efe8ee3fe3afdd1268c1f6f00b 100644 (file)
--- a/services/authority/service/src/main/java/org/collectionspace/services/common/vocabulary/nuxeo/AuthorityItemDocumentModelHandler.java
+++ b/services/authority/service/src/main/java/org/collectionspace/services/common/vocabulary/nuxeo/AuthorityItemDocumentModelHandler.java
@@ -91,6 +91,7 @@ public abstract class AuthorityItemDocumentModelHandler<AICommon>
     protected String authorityRefNameBase = null;
     // Used to determine when the displayName changes as part of the update.
     protected String oldDisplayNameOnUpdate = null;
+    private String TERM_GROUP_TABLE_NAME_SUFFIX = "termgroup";
 
     public AuthorityItemDocumentModelHandler(String authorityItemCommonSchemaName) {
         this.authorityItemCommonSchemaName = authorityItemCommonSchemaName;
@@ -669,7 +670,7 @@ public abstract class AuthorityItemDocumentModelHandler<AICommon>
        return authorityItemCommonSchemaName;
     }
     
-    @Override
+    // @Override
     public boolean isJDBCQuery() {
        boolean result = false;
        
@@ -685,4 +686,15 @@ public abstract class AuthorityItemDocumentModelHandler<AICommon>
        return result;
     }
     
+    protected String getTermGroupTableName() {
+        return TERM_GROUP_TABLE_NAME_SUFFIX;
+    }
+    
+    @Override
+    public Map<String,String> getJDBCQueryParams() {
+        Map<String,String> params = super.getJDBCQueryParams();
+        params.put(RepositoryJavaClientImpl.JDBC_TABLE_NAME_PARAM, getTermGroupTableName());
+        return params;
+    }
+    
 }

diff --git a/services/common/src/main/java/org/collectionspace/services/common/document/AbstractDocumentHandlerImpl.java b/services/common/src/main/java/org/collectionspace/services/common/document/AbstractDocumentHandlerImpl.java
index c77961655b2839f7e12b67f33551044d35a64608..f96702cbe31381f6f2e0b2eba94dcfe122266a78 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/document/AbstractDocumentHandlerImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/document/AbstractDocumentHandlerImpl.java
@@ -445,4 +445,9 @@ public abstract class AbstractDocumentHandlerImpl<T, TL, WT, WTL>
        return false;
     }
     
+    @Override
+    public Map<String,String> getJDBCQueryParams() {
+        return new HashMap<>();
+    }
+    
 }

diff --git a/services/common/src/main/java/org/collectionspace/services/common/document/DocumentHandler.java b/services/common/src/main/java/org/collectionspace/services/common/document/DocumentHandler.java
index d6da4bea98bad986df7bc5fc37dc1d84104b379f..85bacec1e1250f0fd02e8c90093816d898ee3bcc 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/document/DocumentHandler.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/document/DocumentHandler.java
@@ -346,4 +346,12 @@ public interface DocumentHandler<T, TL, WT, WTL> {
      * Returns TRUE if a JDBC/SQL query should be used (instead of an NXQL query)
      */
     public boolean isJDBCQuery();
+    
+    /**
+     * Returns parameter values, relevant to this document handler, that can be used in JDBC/SQL queries
+     * 
+     * @return a set of zero or more parameter values relevant to this handler
+     */
+    public Map<String,String> getJDBCQueryParams();
+
 }

diff --git a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java
index 5bba1a706117319fa6281370fc71672b82031fa2..eda28777f4ac757a026f2e93570769dc4cde1057 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java
@@ -101,7 +101,7 @@ public class RepositoryJavaClientImpl implements RepositoryClient<PoxPayloadIn,
 //    private String foo = Profiler.createLogger();
     public static final String NUXEO_CORE_TYPE_DOMAIN = "Domain";
     public static final String NUXEO_CORE_TYPE_WORKSPACEROOT = "WorkspaceRoot";
-    private static final String ID_COLUMN_NAME = "id";
+    public static final String JDBC_TABLE_NAME_PARAM = "TABLE_NAME";
     
     /**
      * Instantiates a new repository java client impl.
@@ -916,31 +916,22 @@ public class RepositoryJavaClientImpl implements RepositoryClient<PoxPayloadIn,
 
         String dataSourceName = JDBCTools.NUXEO_DATASOURCE_NAME;
         String repositoryName = ctx.getRepositoryName();
-
+        
         MultivaluedMap<String, String> queryParams = ctx.getQueryParams();
         final String partialTerm = queryParams.getFirst(IQueryManager.SEARCH_TYPE_PARTIALTERM);
 
-        // FIXME: Replace this placeholder with an appropriate per-authority value
-        // obtained from the relevant document handler
-        final String termGroupTableName = "loctermgroup";
-        
-        // AuthorityItemDocModelHandler authHandler = (AuthorityItemDocModelHandler) handler;
-
-        // FIXME: Replace this placeholder query with an actual query from CSPACE-5945
-        
-        // IMPORTANT FIXME: Guard against SQL injection attacks, since partialTerm
-        // is obtained from user-supplied query parameters
-        // See, for example: http://stackoverflow.com/a/7127189
+        // FIXME: Replace this placeholder query with an actual query resulting
+        // from CSPACE-5945 work
         String sql =
                 "SELECT DISTINCT hierarchy.id as id "
                 + " FROM hierarchy "
                 + " LEFT JOIN hierarchy h1 "
                + "   ON h1.parentid = hierarchy.id "
-                + " LEFT JOIN " + termGroupTableName + " tg "
+                + " LEFT JOIN " + handler.getJDBCQueryParams().get(JDBC_TABLE_NAME_PARAM) + " tg "
                + "   ON tg.id = h1.id "
                 + " WHERE tg.termdisplayname ILIKE ?";
         
-        PreparedStatementBuilder partialTermMatchStatementBuilder = new PreparedStatementBuilder(sql){
+        PreparedStatementBuilder jdbcFilterBuilder = new PreparedStatementBuilder(sql){
             @Override
             protected void preparePrepared(PreparedStatement preparedStatement)
                 throws SQLException
@@ -948,8 +939,8 @@ public class RepositoryJavaClientImpl implements RepositoryClient<PoxPayloadIn,
                 preparedStatement.setString(1, partialTerm + JDBCTools.SQL_WILDCARD);
             }};
 
-        List<String> docIds = new ArrayList<String>();
-        try (CachedRowSet crs = JDBCTools.executePreparedQuery(partialTermMatchStatementBuilder,
+        List<String> docIds = new ArrayList<>();
+        try (CachedRowSet crs = JDBCTools.executePreparedQuery(jdbcFilterBuilder,
                 dataSourceName, repositoryName, sql)) {
 
             // If the response to the query is null or contains zero rows,

diff --git a/services/location/service/src/main/java/org/collectionspace/services/location/nuxeo/LocationDocumentModelHandler.java b/services/location/service/src/main/java/org/collectionspace/services/location/nuxeo/LocationDocumentModelHandler.java
index d9f9eb3568d4079ab5deb1ae27f1747182695607..a5bac79fb8ef5cc6ae7a0878befe35a63290703c 100644 (file)
--- a/services/location/service/src/main/java/org/collectionspace/services/location/nuxeo/LocationDocumentModelHandler.java
+++ b/services/location/service/src/main/java/org/collectionspace/services/location/nuxeo/LocationDocumentModelHandler.java
@@ -117,5 +117,10 @@ public class LocationDocumentModelHandler
     public String getQProperty(String prop) {
         return LocationConstants.NUXEO_SCHEMA_NAME + ":" + prop;
     }
+    
+    @Override
+    protected String getTermGroupTableName() {
+        return "loc" + super.getTermGroupTableName();
+    }
 }
 

diff --git a/services/person/service/src/main/java/org/collectionspace/services/person/nuxeo/PersonDocumentModelHandler.java b/services/person/service/src/main/java/org/collectionspace/services/person/nuxeo/PersonDocumentModelHandler.java
index 8b703b12540886d7b4ddebf9ad700eb39f39ddd6..5219690c705377a861a97ce8ada22eddf8d128a3 100644 (file)
--- a/services/person/service/src/main/java/org/collectionspace/services/person/nuxeo/PersonDocumentModelHandler.java
+++ b/services/person/service/src/main/java/org/collectionspace/services/person/nuxeo/PersonDocumentModelHandler.java
@@ -175,5 +175,10 @@ public class PersonDocumentModelHandler
     public String getQProperty(String prop) {
         return PersonConstants.NUXEO_SCHEMA_NAME + ":" + prop;
     }
+    
+    @Override
+    protected String getTermGroupTableName() {
+        return "person" + super.getTermGroupTableName();
+    }
 }