in security-admin/src/main/java/org/apache/ranger/common/SearchUtil.java [429:587]
protected StringBuilder buildWhereClause(SearchCriteria searchCriteria, List<SearchField> searchFields, boolean isNativeQuery, boolean excludeWhereKeyword) {
Map<String, Object> paramList = searchCriteria.getParamList();
StringBuilder whereClause = new StringBuilder(excludeWhereKeyword ? "" : "WHERE 1 = 1 ");
List<String> joinTableList = new ArrayList<>();
String addedByFieldName = isNativeQuery ? "added_by_id" : "addedByUserId";
Number ownerId = searchCriteria.getOwnerId();
if (ownerId != null) {
whereClause.append(" and obj.").append(addedByFieldName).append(" = :ownerId");
}
// Let's handle search groups first
int groupCount = -1;
for (SearchGroup searchGroup : searchCriteria.getSearchGroups()) {
groupCount++;
whereClause.append(" and ").append(
searchGroup.getWhereClause("" + groupCount));
// searchGroup.getJoinTableList(joinTableList, searchGroup);
}
for (SearchField searchField : searchFields) {
int startWhereLen = whereClause.length();
if (searchField.getFieldName() == null && searchField.getCustomCondition() == null) { // this field
// is used
// only for
// binding!
continue;
}
Object paramValue = paramList.get(searchField.getClientFieldName());
boolean isListValue = paramValue instanceof Collection;
if (searchCriteria.getNullParamList().contains(searchField.getClientFieldName())) {
whereClause.append(" and ").append(searchField.getFieldName()).append(" is null");
} else if (searchCriteria.getNotNullParamList().contains(searchField.getClientFieldName())) {
whereClause.append(" and ").append(searchField.getFieldName()).append(" is not null");
} else if (searchField.getDataType() == SearchField.DATA_TYPE.INT_LIST || isListValue && searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
final Collection<Number> intValueList;
if (paramValue == null) {
intValueList = Collections.emptyList();
} else if (paramValue instanceof Integer || paramValue instanceof Long) {
intValueList = new ArrayList<>();
intValueList.add((Number) paramValue);
} else {
intValueList = (Collection<Number>) paramValue;
}
if (CollectionUtils.isNotEmpty(intValueList)) {
if (searchField.getCustomCondition() == null) {
if (intValueList.size() <= minInListLength) {
whereClause.append(" and ");
if (intValueList.size() > 1) {
whereClause.append(" ( ");
}
for (int count = 0; count < intValueList.size(); count++) {
if (count > 0) {
whereClause.append(" or ");
}
whereClause.append(searchField.getFieldName())
.append("= :").append(searchField.getClientFieldName()).append("_").append(count);
}
if (intValueList.size() > 1) {
whereClause.append(" ) ");
}
} else {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(" in ")
.append(" (:").append(searchField.getClientFieldName()).append(")");
}
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.STR_LIST) {
if (paramValue != null && !((Collection) paramValue).isEmpty()) {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(" in :")
.append(searchField.getClientFieldName());
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
Number intFieldValue = (Number) paramList.get(searchField.getClientFieldName());
if (intFieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) {
String strFieldValue = (String) paramList.get(searchField.getClientFieldName());
if (strFieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ").append("LOWER(").append(searchField.getFieldName()).append(")")
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) {
Boolean boolFieldValue = (Boolean) paramList.get(searchField.getClientFieldName());
if (boolFieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ")
.append(searchField.getFieldName())
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
} else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) {
Date fieldValue = (Date) paramList.get(searchField.getClientFieldName());
if (fieldValue != null) {
if (searchField.getCustomCondition() == null) {
whereClause.append(" and ").append(searchField.getFieldName())
.append(getSqlOperator(searchField.getSearchType()))
.append(":").append(searchField.getClientFieldName());
} else {
whereClause.append(" and ").append(searchField.getCustomCondition());
}
}
}
if (whereClause.length() > startWhereLen && searchField.getJoinTables() != null) {
for (String table : searchField.getJoinTables()) {
if (!joinTableList.contains(table)) {
joinTableList.add(table);
}
}
whereClause.append(" and (").append(searchField.getJoinCriteria()).append(")");
}
} // for
for (String joinTable : joinTableList) {
whereClause.insert(0, ", " + joinTable + " ");
}
return whereClause;
}