in security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java [535:713]
private StringBuilder buildWhereClause(SearchFilter searchCriteria, List<SearchField> searchFields, boolean excludeWhereKeyword) {
StringBuilder whereClause = new StringBuilder(excludeWhereKeyword ? "" : "WHERE 1 = 1 ");
List<String> joinTableList = new ArrayList<>();
for (SearchField searchField : searchFields) {
int startWhereLen = whereClause.length();
if (searchField.getFieldName() == null && searchField.getCustomCondition() == null) {
continue;
}
Object[] multiValue = searchCriteria.getMultiValueParam(searchField.getClientFieldName());
boolean isMultiValue = multiValue != null && multiValue.length > 0;
if (searchField.getDataType() == SearchField.DATA_TYPE.INT_LIST || (isMultiValue && searchField.getDataType() == SearchField.DATA_TYPE.INTEGER)) {
List<Number> intValueList = new ArrayList<>();
if (isMultiValue) {
for (Object value : multiValue) {
if (value instanceof Integer || value instanceof Long) {
intValueList.add((Number) value);
} else if (value != null) {
intValueList.add(restErrorUtil.parseInt(value.toString(), "Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName()));
}
}
} else {
String paramVal = searchCriteria.getParam(searchField.getClientFieldName());
if (paramVal != null) {
intValueList.add(restErrorUtil.parseInt(paramVal, "Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName()));
}
}
if (!intValueList.isEmpty()) {
if (searchField.getCustomCondition() == null) {
if (intValueList.size() <= dbMinInListLength) {
whereClause.append(" and ");
if (intValueList.size() > 1) {
whereClause.append(" ( ");
}
for (int count = 0; count < intValueList.size(); count++) {
if (count > 0) {
whereClause.append(" or ");
}
whereClause.append(searchField.getFieldName()).append("= :")
.append(searchField.getClientFieldName()).append("_").append(count);
}
if (intValueList.size() > 1) {
whereClause.append(" ) ");
}
} else {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(" in ")
.append(" (:").append(searchField.getClientFieldName()).append(")");
}
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.STR_LIST || (isMultiValue && searchField.getDataType() == SearchField.DATA_TYPE.STRING)) {
List<String> strValueList = new ArrayList<>();
if (multiValue != null) {
for (Object value : multiValue) {
strValueList.add(String.valueOf(value));
}
}
if (!strValueList.isEmpty()) {
if (searchField.getCustomCondition() == null) {
if (strValueList.size() <= dbMinInListLength) {
whereClause.append(" and ");
if (strValueList.size() > 1) {
whereClause.append(" ( ");
}
for (int count = 0; count < strValueList.size(); count++) {
if (count > 0) {
whereClause.append(" or ");
}
whereClause.append("LOWER(").append(searchField.getFieldName()).append(")")
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName()).append("_").append(count);
}
if (strValueList.size() > 1) {
whereClause.append(" ) ");
}
} else {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(" in ")
.append(" (:").append(searchField.getClientFieldName()).append(")");
}
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
Integer paramVal = restErrorUtil.parseInt(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
Number intFieldValue = paramVal != null ? (Number) paramVal : null;
if (intFieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) {
String strFieldValue = searchCriteria.getParam(searchField.getClientFieldName());
if (strFieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ").append("LOWER(").append(searchField.getFieldName()).append(")")
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) {
Boolean boolFieldValue = restErrorUtil.parseBoolean(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
if (boolFieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) {
Date fieldValue = restErrorUtil.parseDate(searchCriteria.getParam(searchField.getClientFieldName()),
"Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName(), null);
if (fieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ").append(searchField.getFieldName())
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
}
if (whereClause.length() > startWhereLen && searchField.getJoinTables() != null) {
for (String table : searchField.getJoinTables()) {
if (!joinTableList.contains(table)) {
joinTableList.add(table);
}
}
whereClause.append(" and (").append(searchField.getJoinCriteria()).append(")");
}
}
for (String joinTable : joinTableList) {
whereClause.insert(0, ", " + joinTable + " ");
}
return whereClause;
}