Module: Hightop::Utils
- Defined in:
- lib/hightop/utils.rb
Class Method Summary collapse
-
.resolve_column(relation, column) ⇒ Object
resolves eagerly.
-
.validate_column(column) ⇒ Object
basic version of Active Record disallow_raw_sql! symbol = column (safe), Arel node = SQL (safe), other = untrusted matches table.column and column.
Class Method Details
.resolve_column(relation, column) ⇒ Object
resolves eagerly
18 19 20 21 22 |
# File 'lib/hightop/utils.rb', line 18 def resolve_column(relation, column) node = relation.send(:relation).send(:arel_columns, [column]).first node = Arel::Nodes::SqlLiteral.new(node) if node.is_a?(String) relation.connection_pool.with_connection { |c| c.visitor.accept(node, Arel::Collectors::SQLString.new).value } end |
.validate_column(column) ⇒ Object
basic version of Active Record disallow_raw_sql! symbol = column (safe), Arel node = SQL (safe), other = untrusted matches table.column and column
7 8 9 10 11 12 13 14 15 |
# File 'lib/hightop/utils.rb', line 7 def validate_column(column) unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral) column = column.to_s unless /\A\w+(\.\w+)?\z/i.match?(column) raise ActiveRecord::UnknownAttributeReference, "Query method called with non-attribute argument(s): #{column.inspect}. Use Arel.sql() for known-safe values." end end column end |