author | Sylvain Thénault <sylvain.thenault@logilab.fr> |
Wed, 06 Apr 2011 10:10:21 +0200 | |
changeset 7184 | 59d953d8694e |
parent 7139 | 20807d3d7cf6 |
child 7237 | 9f619715665b |
permissions | -rw-r--r-- |
7118
e094b3d4eb95
[server] move EditedEntity class to its own module, to avoid cyclic dependency when needed from e.g. session.py
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7083
diff
changeset
|
1 |
# copyright 2003-2011 LOGILAB S.A. (Paris, FRANCE), all rights reserved. |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
2 |
# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
3 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
4 |
# This file is part of CubicWeb. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
5 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
6 |
# CubicWeb is free software: you can redistribute it and/or modify it under the |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
7 |
# terms of the GNU Lesser General Public License as published by the Free |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
8 |
# Software Foundation, either version 2.1 of the License, or (at your option) |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
9 |
# any later version. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
10 |
# |
5424
8ecbcbff9777
replace logilab-common by CubicWeb in disclaimer
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5421
diff
changeset
|
11 |
# CubicWeb is distributed in the hope that it will be useful, but WITHOUT |
5421
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
13 |
# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
14 |
# details. |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
15 |
# |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
16 |
# You should have received a copy of the GNU Lesser General Public License along |
8167de96c523
proper licensing information (LGPL-2.1). Hope I get it right this time.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5419
diff
changeset
|
17 |
# with CubicWeb. If not, see <http://www.gnu.org/licenses/>. |
0 | 18 |
"""Helper classes to execute RQL queries on a set of sources, performing |
19 |
security checking and data aggregation. |
|
5726
c3b99606644d
[json] fix json serialization for recent simplejson implementation, and test encoding of entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5657
diff
changeset
|
20 |
""" |
0 | 21 |
|
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
22 |
from __future__ import with_statement |
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
23 |
|
0 | 24 |
__docformat__ = "restructuredtext en" |
25 |
||
26 |
from itertools import repeat |
|
27 |
||
28 |
from logilab.common.cache import Cache |
|
29 |
from logilab.common.compat import any |
|
4719
aaed3f813ef8
kill dead/useless code as suggested by pylint
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4654
diff
changeset
|
30 |
from rql import RQLSyntaxError |
0 | 31 |
from rql.stmts import Union, Select |
5890 | 32 |
from rql.nodes import (Relation, VariableRef, Constant, SubQuery, Function, |
33 |
Exists, Not) |
|
0 | 34 |
|
6361
843684a50e48
[transaction] to avoid potential db corruption, we should rollback systematically in case of ValidationError
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
35 |
from cubicweb import ValidationError, Unauthorized, QueryError, UnknownEid |
843684a50e48
[transaction] to avoid potential db corruption, we should rollback systematically in case of ValidationError
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
36 |
from cubicweb import server, typed_eid |
0 | 37 |
from cubicweb.rset import ResultSet |
38 |
||
39 |
from cubicweb.server.utils import cleanup_solutions |
|
40 |
from cubicweb.server.rqlannotation import SQLGenAnnotator, set_qdata |
|
7118
e094b3d4eb95
[server] move EditedEntity class to its own module, to avoid cyclic dependency when needed from e.g. session.py
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7083
diff
changeset
|
41 |
from cubicweb.server.ssplanner import READ_ONLY_RTYPES, add_types_restriction |
e094b3d4eb95
[server] move EditedEntity class to its own module, to avoid cyclic dependency when needed from e.g. session.py
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7083
diff
changeset
|
42 |
from cubicweb.server.edition import EditedEntity |
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
43 |
from cubicweb.server.session import security_enabled |
2601
5196d213f4e3
[R querier] new READ_ONLY_RTYPES constant
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2593
diff
changeset
|
44 |
|
4722
9c13d5db03d9
pylint suggested refactorings
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4719
diff
changeset
|
45 |
def empty_rset(rql, args, rqlst=None): |
0 | 46 |
"""build an empty result set object""" |
47 |
return ResultSet([], rql, args, rqlst=rqlst) |
|
48 |
||
49 |
def update_varmap(varmap, selected, table): |
|
50 |
"""return a sql schema to store RQL query result""" |
|
51 |
for i, term in enumerate(selected): |
|
52 |
key = term.as_string() |
|
53 |
value = '%s.C%s' % (table, i) |
|
54 |
if varmap.get(key, value) != value: |
|
5768
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
55 |
raise Exception('variable name conflict on %s: got %s / %s' |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
56 |
% (key, value, varmap)) |
0 | 57 |
varmap[key] = value |
58 |
||
59 |
# permission utilities ######################################################## |
|
60 |
||
61 |
def check_no_password_selected(rqlst): |
|
62 |
"""check that Password entities are not selected""" |
|
63 |
for solution in rqlst.solutions: |
|
64 |
if 'Password' in solution.itervalues(): |
|
65 |
raise Unauthorized('Password selection is not allowed') |
|
66 |
||
5419
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
67 |
def term_etype(session, term, solution, args): |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
68 |
"""return the entity type for the given term (a VariableRef or a Constant |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
69 |
node) |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
70 |
""" |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
71 |
try: |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
72 |
return solution[term.name] |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
73 |
except AttributeError: |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
74 |
return session.describe(term.eval(args))[0] |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
75 |
|
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
76 |
def check_read_access(session, rqlst, solution, args): |
0 | 77 |
"""check that the given user has credentials to access data read the |
78 |
query |
|
79 |
||
80 |
return a dict defining necessary local checks (due to use of rql expression |
|
81 |
in the schema), keys are variable names and values associated rql expression |
|
82 |
for the associated variable with the given solution |
|
83 |
""" |
|
5419
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
84 |
# use `term_etype` since we've to deal with rewritten constants here, |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
85 |
# when used as an external source by another repository. |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
86 |
# XXX what about local read security w/ those rewritten constants... |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
87 |
schema = session.repo.schema |
0 | 88 |
if rqlst.where is not None: |
89 |
for rel in rqlst.where.iget_nodes(Relation): |
|
90 |
# XXX has_text may have specific perm ? |
|
2601
5196d213f4e3
[R querier] new READ_ONLY_RTYPES constant
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2593
diff
changeset
|
91 |
if rel.r_type in READ_ONLY_RTYPES: |
0 | 92 |
continue |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3689
diff
changeset
|
93 |
rschema = schema.rschema(rel.r_type) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3689
diff
changeset
|
94 |
if rschema.final: |
5419
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
95 |
eschema = schema.eschema(term_etype(session, rel.children[0], |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
96 |
solution, args)) |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3689
diff
changeset
|
97 |
rdef = eschema.rdef(rschema) |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3689
diff
changeset
|
98 |
else: |
5419
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
99 |
rdef = rschema.rdef(term_etype(session, rel.children[0], |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
100 |
solution, args), |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
101 |
term_etype(session, rel.children[1].children[0], |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
102 |
solution, args)) |
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
103 |
if not session.user.matching_groups(rdef.get_groups('read')): |
4955 | 104 |
# XXX rqlexpr not allowed |
0 | 105 |
raise Unauthorized('read', rel.r_type) |
106 |
localchecks = {} |
|
107 |
# iterate on defined_vars and not on solutions to ignore column aliases |
|
108 |
for varname in rqlst.defined_vars: |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
109 |
eschema = schema.eschema(solution[varname]) |
3877
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3689
diff
changeset
|
110 |
if eschema.final: |
7ca53fc72a0a
reldefsecurity branch :
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3689
diff
changeset
|
111 |
continue |
5419
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
112 |
if not session.user.matching_groups(eschema.get_groups('read')): |
0 | 113 |
erqlexprs = eschema.get_rqlexprs('read') |
114 |
if not erqlexprs: |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
115 |
ex = Unauthorized('read', solution[varname]) |
0 | 116 |
ex.var = varname |
117 |
raise ex |
|
5888
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
118 |
# don't insert security on variable only referenced by 'NOT X relation Y' or |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
119 |
# 'NOT EXISTS(X relation Y)' |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
120 |
varinfo = rqlst.defined_vars[varname].stinfo |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
121 |
if varinfo['selected'] or ( |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
122 |
len([r for r in varinfo['relations'] |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
123 |
if (not schema.rschema(r.r_type).final |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
124 |
and ((isinstance(r.parent, Exists) and r.parent.neged(strict=True)) |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
125 |
or isinstance(r.parent, Not)))]) |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
126 |
!= len(varinfo['relations'])): |
3ee80d487f11
[security] fix read rql expression insertion: we should not insert rql expr on variables only referenced in neged relation
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
127 |
localchecks[varname] = erqlexprs |
0 | 128 |
return localchecks |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
129 |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
130 |
def add_noinvariant(noinvariant, restricted, select, nbtrees): |
0 | 131 |
# a variable can actually be invariant if it has not been restricted for |
132 |
# security reason or if security assertion hasn't modified the possible |
|
133 |
# solutions for the query |
|
134 |
if nbtrees != 1: |
|
135 |
for vname in restricted: |
|
136 |
try: |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
137 |
noinvariant.add(select.defined_vars[vname]) |
0 | 138 |
except KeyError: |
139 |
# this is an alias |
|
140 |
continue |
|
141 |
else: |
|
142 |
for vname in restricted: |
|
143 |
try: |
|
144 |
var = select.defined_vars[vname] |
|
145 |
except KeyError: |
|
146 |
# this is an alias |
|
147 |
continue |
|
148 |
if len(var.stinfo['possibletypes']) != 1: |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
149 |
noinvariant.add(var) |
0 | 150 |
|
151 |
def _expand_selection(terms, selected, aliases, select, newselect): |
|
152 |
for term in terms: |
|
153 |
for vref in term.iget_nodes(VariableRef): |
|
154 |
if not vref.name in selected: |
|
155 |
select.append_selected(vref) |
|
156 |
colalias = newselect.get_variable(vref.name, len(aliases)) |
|
157 |
aliases.append(VariableRef(colalias)) |
|
158 |
selected.add(vref.name) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
159 |
|
0 | 160 |
# Plans ####################################################################### |
161 |
||
162 |
class ExecutionPlan(object): |
|
163 |
"""the execution model of a rql query, composed of querier steps""" |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
164 |
|
0 | 165 |
def __init__(self, querier, rqlst, args, session): |
166 |
# original rql syntax tree |
|
167 |
self.rqlst = rqlst |
|
168 |
self.args = args or {} |
|
169 |
# session executing the query |
|
170 |
self.session = session |
|
171 |
# quick reference to the system source |
|
172 |
self.syssource = session.pool.source('system') |
|
173 |
# execution steps |
|
174 |
self.steps = [] |
|
175 |
# index of temporary tables created during execution |
|
176 |
self.temp_tables = {} |
|
177 |
# various resource accesors |
|
178 |
self.querier = querier |
|
179 |
self.schema = querier.schema |
|
180 |
self.sqlannotate = querier.sqlgen_annotate |
|
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3171
diff
changeset
|
181 |
self.rqlhelper = session.vreg.rqlhelper |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
182 |
|
0 | 183 |
def annotate_rqlst(self): |
184 |
if not self.rqlst.annotated: |
|
185 |
self.rqlhelper.annotate(self.rqlst) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
186 |
|
0 | 187 |
def add_step(self, step): |
188 |
"""add a step to the plan""" |
|
189 |
self.steps.append(step) |
|
190 |
||
191 |
def clean(self): |
|
192 |
"""remove temporary tables""" |
|
193 |
self.syssource.clean_temp_data(self.session, self.temp_tables) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
194 |
|
0 | 195 |
def sqlexec(self, sql, args=None): |
196 |
return self.syssource.sqlexec(self.session, sql, args) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
197 |
|
0 | 198 |
def execute(self): |
199 |
"""execute a plan and return resulting rows""" |
|
200 |
try: |
|
201 |
for step in self.steps: |
|
202 |
result = step.execute() |
|
203 |
# the latest executed step contains the full query result |
|
204 |
return result |
|
205 |
finally: |
|
206 |
self.clean() |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
207 |
|
5168
1ab032df5ca3
SQL Server port: temporary table handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5072
diff
changeset
|
208 |
def make_temp_table_name(self, table): |
1ab032df5ca3
SQL Server port: temporary table handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5072
diff
changeset
|
209 |
""" |
1ab032df5ca3
SQL Server port: temporary table handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5072
diff
changeset
|
210 |
return a temp table name according to db backend |
1ab032df5ca3
SQL Server port: temporary table handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5072
diff
changeset
|
211 |
""" |
1ab032df5ca3
SQL Server port: temporary table handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5072
diff
changeset
|
212 |
return self.syssource.make_temp_table_name(table) |
1ab032df5ca3
SQL Server port: temporary table handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5072
diff
changeset
|
213 |
|
1ab032df5ca3
SQL Server port: temporary table handling
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
5072
diff
changeset
|
214 |
|
0 | 215 |
def init_temp_table(self, table, selected, sol): |
216 |
"""initialize sql schema and variable map for a temporary table which |
|
217 |
will be used to store result for the given rqlst |
|
218 |
""" |
|
219 |
try: |
|
220 |
outputmap, sqlschema, _ = self.temp_tables[table] |
|
221 |
update_varmap(outputmap, selected, table) |
|
222 |
except KeyError: |
|
223 |
sqlschema, outputmap = self.syssource.temp_table_def(selected, sol, |
|
224 |
table) |
|
225 |
self.temp_tables[table] = [outputmap, sqlschema, False] |
|
226 |
return outputmap |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
227 |
|
0 | 228 |
def create_temp_table(self, table): |
229 |
"""create a temporary table to store result for the given rqlst""" |
|
230 |
if not self.temp_tables[table][-1]: |
|
231 |
sqlschema = self.temp_tables[table][1] |
|
232 |
self.syssource.create_temp_table(self.session, table, sqlschema) |
|
233 |
self.temp_tables[table][-1] = True |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
234 |
|
0 | 235 |
def preprocess(self, union, security=True): |
236 |
"""insert security when necessary then annotate rql st for sql generation |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
237 |
|
0 | 238 |
return rqlst to actually execute |
239 |
""" |
|
4954
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
240 |
cached = None |
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
241 |
if security and self.session.read_security: |
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
242 |
# ensure security is turned of when security is inserted, |
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
243 |
# else we may loop for ever... |
4954
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
244 |
if self.session.transaction_data.get('security-rqlst-cache'): |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
245 |
key = self.cache_key |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
246 |
else: |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
247 |
key = None |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
248 |
if key is not None and key in self.session.transaction_data: |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
249 |
cachedunion, args = self.session.transaction_data[key] |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
250 |
union.children[:] = [] |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
251 |
for select in cachedunion.children: |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
252 |
union.append(select) |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
253 |
union.has_text_query = cachedunion.has_text_query |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
254 |
args.update(self.args) |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
255 |
self.args = args |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
256 |
cached = True |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
257 |
else: |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
258 |
noinvariant = set() |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
259 |
with security_enabled(self.session, read=False): |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
260 |
self._insert_security(union, noinvariant) |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
261 |
if key is not None: |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
262 |
self.session.transaction_data[key] = (union, self.args) |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
263 |
else: |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
264 |
noinvariant = () |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
265 |
if cached is None: |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
266 |
self.rqlhelper.simplify(union) |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
267 |
self.sqlannotate(union) |
96f67c5be0e6
[security] experimental rqlst cache for read security: to activate using a 'security-rqlst-cache' flag in transaction data when you'll issue a lot of identic queries with only kwargs varying
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4953
diff
changeset
|
268 |
set_qdata(self.schema.rschema, union, noinvariant) |
0 | 269 |
if union.has_text_query: |
270 |
self.cache_key = None |
|
271 |
||
272 |
def _insert_security(self, union, noinvariant): |
|
273 |
for select in union.children[:]: |
|
274 |
for subquery in select.with_: |
|
275 |
self._insert_security(subquery.query, noinvariant) |
|
276 |
localchecks, restricted = self._check_permissions(select) |
|
277 |
if any(localchecks): |
|
278 |
rewrite = self.session.rql_rewriter.rewrite |
|
279 |
nbtrees = len(localchecks) |
|
280 |
myunion = union |
|
281 |
# transform in subquery when len(localchecks)>1 and groups |
|
282 |
if nbtrees > 1 and (select.orderby or select.groupby or |
|
283 |
select.having or select.has_aggregat or |
|
5596
d66a5d98db5b
[security] fix security insertion on DISTINCT queries
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
284 |
select.distinct or |
0 | 285 |
select.limit or select.offset): |
286 |
newselect = Select() |
|
287 |
# only select variables in subqueries |
|
288 |
origselection = select.selection |
|
289 |
select.select_only_variables() |
|
290 |
select.has_aggregat = False |
|
291 |
# create subquery first so correct node are used on copy |
|
292 |
# (eg ColumnAlias instead of Variable) |
|
293 |
aliases = [VariableRef(newselect.get_variable(vref.name, i)) |
|
294 |
for i, vref in enumerate(select.selection)] |
|
295 |
selected = set(vref.name for vref in aliases) |
|
296 |
# now copy original selection and groups |
|
297 |
for term in origselection: |
|
298 |
newselect.append_selected(term.copy(newselect)) |
|
299 |
if select.orderby: |
|
5768
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
300 |
sortterms = [] |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
301 |
for sortterm in select.orderby: |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
302 |
sortterms.append(sortterm.copy(newselect)) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
303 |
for fnode in sortterm.get_nodes(Function): |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
304 |
if fnode.name == 'FTIRANK': |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
305 |
# we've to fetch the has_text relation as well |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
306 |
var = fnode.children[0].variable |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
307 |
rel = iter(var.stinfo['ftirels']).next() |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
308 |
assert not rel.ored(), 'unsupported' |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
309 |
newselect.add_restriction(rel.copy(newselect)) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
310 |
# remove relation from the orig select and |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
311 |
# cleanup variable stinfo |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
312 |
rel.parent.remove(rel) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
313 |
var.stinfo['ftirels'].remove(rel) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
314 |
var.stinfo['relations'].remove(rel) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
315 |
# XXX not properly re-annotated after security insertion? |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
316 |
newvar = newselect.get_variable(var.name) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
317 |
newvar.stinfo.setdefault('ftirels', set()).add(rel) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
318 |
newvar.stinfo.setdefault('relations', set()).add(rel) |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
319 |
newselect.set_orderby(sortterms) |
0 | 320 |
_expand_selection(select.orderby, selected, aliases, select, newselect) |
321 |
select.orderby = () # XXX dereference? |
|
322 |
if select.groupby: |
|
323 |
newselect.set_groupby([g.copy(newselect) for g in select.groupby]) |
|
324 |
_expand_selection(select.groupby, selected, aliases, select, newselect) |
|
325 |
select.groupby = () # XXX dereference? |
|
326 |
if select.having: |
|
327 |
newselect.set_having([g.copy(newselect) for g in select.having]) |
|
328 |
_expand_selection(select.having, selected, aliases, select, newselect) |
|
329 |
select.having = () # XXX dereference? |
|
330 |
if select.limit: |
|
331 |
newselect.limit = select.limit |
|
332 |
select.limit = None |
|
333 |
if select.offset: |
|
334 |
newselect.offset = select.offset |
|
335 |
select.offset = 0 |
|
336 |
myunion = Union() |
|
337 |
newselect.set_with([SubQuery(aliases, myunion)], check=False) |
|
5596
d66a5d98db5b
[security] fix security insertion on DISTINCT queries
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5426
diff
changeset
|
338 |
newselect.distinct = select.distinct |
0 | 339 |
solutions = [sol.copy() for sol in select.solutions] |
340 |
cleanup_solutions(newselect, solutions) |
|
341 |
newselect.set_possible_types(solutions) |
|
342 |
# if some solutions doesn't need rewriting, insert original |
|
343 |
# select as first union subquery |
|
344 |
if () in localchecks: |
|
345 |
myunion.append(select) |
|
346 |
# we're done, replace original select by the new select with |
|
347 |
# subqueries (more added in the loop below) |
|
348 |
union.replace(select, newselect) |
|
349 |
elif not () in localchecks: |
|
350 |
union.remove(select) |
|
351 |
for lcheckdef, lchecksolutions in localchecks.iteritems(): |
|
352 |
if not lcheckdef: |
|
353 |
continue |
|
354 |
myrqlst = select.copy(solutions=lchecksolutions) |
|
355 |
myunion.append(myrqlst) |
|
356 |
# in-place rewrite + annotation / simplification |
|
7139
20807d3d7cf6
[rql rewriter] to properly handle 'relation' rql expressions, rql rewriter must support multiple variables (eg S and O) at once to be given as varmap
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
7118
diff
changeset
|
357 |
lcheckdef = [({var: 'X'}, rqlexprs) for var, rqlexprs in lcheckdef] |
0 | 358 |
rewrite(myrqlst, lcheckdef, lchecksolutions, self.args) |
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
359 |
add_noinvariant(noinvariant, restricted, myrqlst, nbtrees) |
0 | 360 |
if () in localchecks: |
361 |
select.set_possible_types(localchecks[()]) |
|
362 |
add_types_restriction(self.schema, select) |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
363 |
add_noinvariant(noinvariant, restricted, select, nbtrees) |
5989
099d46422f5a
[querier] actually fix bug attempted to be fixed in 5942:f1abba8ccc01. The pb was not in multi-sources but because of missing annotation on rql generated by security insertion
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5890
diff
changeset
|
364 |
self.rqlhelper.annotate(union) |
0 | 365 |
|
366 |
def _check_permissions(self, rqlst): |
|
367 |
"""return a dict defining "local checks", e.g. RQLExpression defined in |
|
368 |
the schema that should be inserted in the original query |
|
369 |
||
370 |
solutions where a variable has a type which the user can't definitly read |
|
371 |
are removed, else if the user may read it (eg if an rql expression is |
|
372 |
defined for the "read" permission of the related type), the local checks |
|
373 |
dict for the solution is updated |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
374 |
|
0 | 375 |
return a dict with entries for each different local check necessary, |
376 |
with associated solutions as value. A local check is defined by a list |
|
377 |
of 2-uple, with variable name as first item and the necessary rql |
|
378 |
expression as second item for each variable which has to be checked. |
|
379 |
So solutions which don't require local checks will be associated to |
|
380 |
the empty tuple key. |
|
381 |
||
382 |
note: rqlst should not have been simplified at this point |
|
383 |
""" |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
384 |
session = self.session |
0 | 385 |
msgs = [] |
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
386 |
neweids = session.transaction_data.get('neweids', ()) |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
387 |
varkwargs = {} |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
388 |
if not session.transaction_data.get('security-rqlst-cache'): |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
389 |
for var in rqlst.defined_vars.itervalues(): |
5004
4cc020ee70e2
le patch rql26 a été importé
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4957
diff
changeset
|
390 |
if var.stinfo['constnode'] is not None: |
4cc020ee70e2
le patch rql26 a été importé
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4957
diff
changeset
|
391 |
eid = var.stinfo['constnode'].eval(self.args) |
4cc020ee70e2
le patch rql26 a été importé
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4957
diff
changeset
|
392 |
varkwargs[var.name] = typed_eid(eid) |
0 | 393 |
# dictionnary of variables restricted for security reason |
394 |
localchecks = {} |
|
395 |
restricted_vars = set() |
|
396 |
newsolutions = [] |
|
397 |
for solution in rqlst.solutions: |
|
398 |
try: |
|
5419
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
399 |
localcheck = check_read_access(session, rqlst, solution, self.args) |
0 | 400 |
except Unauthorized, ex: |
401 |
msg = 'remove %s from solutions since %s has no %s access to %s' |
|
5419
0b7805928a27
[repo security]Â deal with rewriten constant nodes in check_read_access, necessary when repo is used as an external source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5168
diff
changeset
|
402 |
msg %= (solution, session.user.login, ex.args[0], ex.args[1]) |
0 | 403 |
msgs.append(msg) |
404 |
LOGGER.info(msg) |
|
405 |
else: |
|
406 |
newsolutions.append(solution) |
|
4953
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
407 |
# try to benefit of rqlexpr.check cache for entities which |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
408 |
# are specified by eid in query'args |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
409 |
for varname, eid in varkwargs.iteritems(): |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
410 |
try: |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
411 |
rqlexprs = localcheck.pop(varname) |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
412 |
except KeyError: |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
413 |
continue |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
414 |
if eid in neweids: |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
415 |
continue |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
416 |
for rqlexpr in rqlexprs: |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
417 |
if rqlexpr.check(session, eid): |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
418 |
break |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
419 |
else: |
c8c0e10dbd97
[read security] minor optimizations
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4843
diff
changeset
|
420 |
raise Unauthorized() |
0 | 421 |
restricted_vars.update(localcheck) |
422 |
localchecks.setdefault(tuple(localcheck.iteritems()), []).append(solution) |
|
423 |
# raise Unautorized exception if the user can't access to any solution |
|
424 |
if not newsolutions: |
|
425 |
raise Unauthorized('\n'.join(msgs)) |
|
6128 | 426 |
if msgs: |
427 |
# (else solutions have not been modified) |
|
428 |
rqlst.set_possible_types(newsolutions) |
|
0 | 429 |
return localchecks, restricted_vars |
430 |
||
431 |
def finalize(self, select, solutions, insertedvars): |
|
432 |
rqlst = Union() |
|
433 |
rqlst.append(select) |
|
434 |
for mainvarname, rschema, newvarname in insertedvars: |
|
435 |
nvartype = str(rschema.objects(solutions[0][mainvarname])[0]) |
|
436 |
for sol in solutions: |
|
437 |
sol[newvarname] = nvartype |
|
438 |
select.clean_solutions(solutions) |
|
6129
fea746b60093
[ms] fix two planner bugs: one occuring query such as X created_by U where X in a external source and U may come from an ldap source. The other being that when we've to merge input maps, we were modifying the same tree/solutions while a copy were needed. Also, ensure we add type restrictions, necessary for pyro source
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6128
diff
changeset
|
439 |
add_types_restriction(self.schema, select) |
0 | 440 |
self.rqlhelper.annotate(rqlst) |
441 |
self.preprocess(rqlst, security=False) |
|
442 |
return rqlst |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
443 |
|
4759 | 444 |
|
0 | 445 |
class InsertPlan(ExecutionPlan): |
446 |
"""an execution model specific to the INSERT rql query |
|
447 |
""" |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
448 |
|
0 | 449 |
def __init__(self, querier, rqlst, args, session): |
450 |
ExecutionPlan.__init__(self, querier, rqlst, args, session) |
|
451 |
# save originaly selected variable, we may modify this |
|
452 |
# dictionary for substitution (query parameters) |
|
453 |
self.selected = rqlst.selection |
|
6142
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
454 |
# list of rows of entities definition (ssplanner.EditedEntity) |
0 | 455 |
self.e_defs = [[]] |
456 |
# list of new relation definition (3-uple (from_eid, r_type, to_eid) |
|
5657
8f56691f01de
[querier] test and fix potential bug in insertion query with multiple relations inside, caused by a name conflict. Also fix another bug non reproduced by using a set instead of a list (list may leads to compare entity instances which isn't allowed).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5596
diff
changeset
|
457 |
self.r_defs = set() |
0 | 458 |
# indexes to track entity definitions bound to relation definitions |
459 |
self._r_subj_index = {} |
|
460 |
self._r_obj_index = {} |
|
461 |
self._expanded_r_defs = {} |
|
462 |
||
463 |
def add_entity_def(self, edef): |
|
464 |
"""add an entity definition to build""" |
|
465 |
self.e_defs[-1].append(edef) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
466 |
|
0 | 467 |
def add_relation_def(self, rdef): |
468 |
"""add an relation definition to build""" |
|
5657
8f56691f01de
[querier] test and fix potential bug in insertion query with multiple relations inside, caused by a name conflict. Also fix another bug non reproduced by using a set instead of a list (list may leads to compare entity instances which isn't allowed).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5596
diff
changeset
|
469 |
self.r_defs.add(rdef) |
0 | 470 |
if not isinstance(rdef[0], int): |
471 |
self._r_subj_index.setdefault(rdef[0], []).append(rdef) |
|
472 |
if not isinstance(rdef[2], int): |
|
473 |
self._r_obj_index.setdefault(rdef[2], []).append(rdef) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
474 |
|
0 | 475 |
def substitute_entity_def(self, edef, edefs): |
476 |
"""substitute an incomplete entity definition by a list of complete |
|
477 |
equivalents |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
478 |
|
0 | 479 |
e.g. on queries such as :: |
480 |
INSERT Personne X, Societe Y: X nom N, Y nom 'toto', X travaille Y |
|
481 |
WHERE U login 'admin', U login N |
|
482 |
||
483 |
X will be inserted as many times as U exists, and so the X travaille Y |
|
484 |
relations as to be added as many time as X is inserted |
|
485 |
""" |
|
486 |
if not edefs or not self.e_defs: |
|
487 |
# no result, no entity will be created |
|
488 |
self.e_defs = () |
|
489 |
return |
|
490 |
# first remove the incomplete entity definition |
|
491 |
colidx = self.e_defs[0].index(edef) |
|
492 |
for i, row in enumerate(self.e_defs[:]): |
|
493 |
self.e_defs[i][colidx] = edefs[0] |
|
494 |
samplerow = self.e_defs[i] |
|
5657
8f56691f01de
[querier] test and fix potential bug in insertion query with multiple relations inside, caused by a name conflict. Also fix another bug non reproduced by using a set instead of a list (list may leads to compare entity instances which isn't allowed).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5596
diff
changeset
|
495 |
for edef_ in edefs[1:]: |
6142
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
496 |
row = [ed.clone() for i, ed in enumerate(samplerow) |
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
497 |
if i != colidx] |
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
498 |
row.insert(colidx, edef_) |
0 | 499 |
self.e_defs.append(row) |
500 |
# now, see if this entity def is referenced as subject in some relation |
|
501 |
# definition |
|
502 |
if self._r_subj_index.has_key(edef): |
|
503 |
for rdef in self._r_subj_index[edef]: |
|
504 |
expanded = self._expanded(rdef) |
|
505 |
result = [] |
|
506 |
for exp_rdef in expanded: |
|
5657
8f56691f01de
[querier] test and fix potential bug in insertion query with multiple relations inside, caused by a name conflict. Also fix another bug non reproduced by using a set instead of a list (list may leads to compare entity instances which isn't allowed).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5596
diff
changeset
|
507 |
for edef_ in edefs: |
8f56691f01de
[querier] test and fix potential bug in insertion query with multiple relations inside, caused by a name conflict. Also fix another bug non reproduced by using a set instead of a list (list may leads to compare entity instances which isn't allowed).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5596
diff
changeset
|
508 |
result.append( (edef_, exp_rdef[1], exp_rdef[2]) ) |
0 | 509 |
self._expanded_r_defs[rdef] = result |
510 |
# and finally, see if this entity def is referenced as object in some |
|
511 |
# relation definition |
|
512 |
if self._r_obj_index.has_key(edef): |
|
513 |
for rdef in self._r_obj_index[edef]: |
|
514 |
expanded = self._expanded(rdef) |
|
515 |
result = [] |
|
516 |
for exp_rdef in expanded: |
|
5657
8f56691f01de
[querier] test and fix potential bug in insertion query with multiple relations inside, caused by a name conflict. Also fix another bug non reproduced by using a set instead of a list (list may leads to compare entity instances which isn't allowed).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5596
diff
changeset
|
517 |
for edef_ in edefs: |
8f56691f01de
[querier] test and fix potential bug in insertion query with multiple relations inside, caused by a name conflict. Also fix another bug non reproduced by using a set instead of a list (list may leads to compare entity instances which isn't allowed).
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5596
diff
changeset
|
518 |
result.append( (exp_rdef[0], exp_rdef[1], edef_) ) |
0 | 519 |
self._expanded_r_defs[rdef] = result |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
520 |
|
0 | 521 |
def _expanded(self, rdef): |
522 |
"""return expanded value for the given relation definition""" |
|
523 |
try: |
|
524 |
return self._expanded_r_defs[rdef] |
|
525 |
except KeyError: |
|
526 |
self.r_defs.remove(rdef) |
|
527 |
return [rdef] |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
528 |
|
0 | 529 |
def relation_defs(self): |
530 |
"""return the list for relation definitions to insert""" |
|
531 |
for rdefs in self._expanded_r_defs.values(): |
|
532 |
for rdef in rdefs: |
|
533 |
yield rdef |
|
534 |
for rdef in self.r_defs: |
|
535 |
yield rdef |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
536 |
|
0 | 537 |
def insert_entity_defs(self): |
538 |
"""return eids of inserted entities in a suitable form for the resulting |
|
539 |
result set, e.g.: |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
540 |
|
0 | 541 |
e.g. on queries such as :: |
542 |
INSERT Personne X, Societe Y: X nom N, Y nom 'toto', X travaille Y |
|
543 |
WHERE U login 'admin', U login N |
|
544 |
||
545 |
if there is two entities matching U, the result set will look like |
|
546 |
[(eidX1, eidY1), (eidX2, eidY2)] |
|
547 |
""" |
|
548 |
session = self.session |
|
549 |
repo = session.repo |
|
550 |
results = [] |
|
551 |
for row in self.e_defs: |
|
552 |
results.append([repo.glob_add_entity(session, edef) |
|
553 |
for edef in row]) |
|
554 |
return results |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
555 |
|
0 | 556 |
def insert_relation_defs(self): |
557 |
session = self.session |
|
558 |
repo = session.repo |
|
559 |
for subj, rtype, obj in self.relation_defs(): |
|
560 |
# if a string is given into args instead of an int, we get it here |
|
561 |
if isinstance(subj, basestring): |
|
562 |
subj = typed_eid(subj) |
|
563 |
elif not isinstance(subj, (int, long)): |
|
6142
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
564 |
subj = subj.entity.eid |
0 | 565 |
if isinstance(obj, basestring): |
566 |
obj = typed_eid(obj) |
|
567 |
elif not isinstance(obj, (int, long)): |
|
6142
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
568 |
obj = obj.entity.eid |
0 | 569 |
if repo.schema.rschema(rtype).inlined: |
2680
66472d85d548
[R] use req.entity_from_eid
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2646
diff
changeset
|
570 |
entity = session.entity_from_eid(subj) |
6142
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
571 |
edited = EditedEntity(entity) |
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
572 |
edited.edited_attribute(rtype, obj) |
8bc6eac1fac1
[session] cleanup hook / operation / entity edition api
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
573 |
repo.glob_update_entity(session, edited) |
0 | 574 |
else: |
575 |
repo.glob_add_relation(session, subj, rtype, obj) |
|
576 |
||
577 |
||
578 |
class QuerierHelper(object): |
|
579 |
"""helper class to execute rql queries, putting all things together""" |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
580 |
|
0 | 581 |
def __init__(self, repo, schema): |
582 |
# system info helper |
|
583 |
self._repo = repo |
|
2476
1294a6bdf3bf
application -> instance where it makes sense
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2101
diff
changeset
|
584 |
# instance schema |
0 | 585 |
self.set_schema(schema) |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
586 |
|
0 | 587 |
def set_schema(self, schema): |
588 |
self.schema = schema |
|
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3171
diff
changeset
|
589 |
repo = self._repo |
7027
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
590 |
# rql st and solution cache. |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
591 |
self._rql_cache = Cache(repo.config['rql-cache-size']) |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
592 |
# rql cache key cache. Don't bother using a Cache instance: we should |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
593 |
# have a limited number of queries in there, since there are no entries |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
594 |
# in this cache for user queries (which have no args) |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
595 |
self._rql_ck_cache = {} |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
596 |
# some cache usage stats |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
597 |
self.cache_hit, self.cache_miss = 0, 0 |
0 | 598 |
# rql parsing / analysing helper |
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3171
diff
changeset
|
599 |
self.solutions = repo.vreg.solutions |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
600 |
rqlhelper = repo.vreg.rqlhelper |
5768
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
601 |
# set backend on the rql helper, will be used for function checking |
1e73a466aa69
[fti] support for fti ranking: has_text query results sorted by relevance, and provides a way to control weight per entity / entity's attribute
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5726
diff
changeset
|
602 |
rqlhelper.backend = repo.config.sources()['system']['db-driver'] |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
603 |
self._parse = rqlhelper.parse |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
604 |
self._annotate = rqlhelper.annotate |
0 | 605 |
# rql planner |
6427
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
606 |
if len(repo.sources) < 2: |
0 | 607 |
from cubicweb.server.ssplanner import SSPlanner |
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3171
diff
changeset
|
608 |
self._planner = SSPlanner(schema, rqlhelper) |
0 | 609 |
else: |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
610 |
from cubicweb.server.msplanner import MSPlanner |
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3171
diff
changeset
|
611 |
self._planner = MSPlanner(schema, rqlhelper) |
0 | 612 |
# sql generation annotator |
613 |
self.sqlgen_annotate = SQLGenAnnotator(schema).annotate |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
614 |
|
6427
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
615 |
def set_planner(self): |
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
616 |
if len(self._repo.sources) < 2: |
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
617 |
from cubicweb.server.ssplanner import SSPlanner |
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
618 |
self._planner = SSPlanner(self.schema, self._repo.vreg.rqlhelper) |
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
619 |
else: |
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
620 |
from cubicweb.server.msplanner import MSPlanner |
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
621 |
self._planner = MSPlanner(self.schema, self._repo.vreg.rqlhelper) |
c8a5ac2d1eaa
[schema / sources] store data sources as cubicweb entities
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6401
diff
changeset
|
622 |
|
0 | 623 |
def parse(self, rql, annotate=False): |
624 |
"""return a rql syntax tree for the given rql""" |
|
625 |
try: |
|
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3171
diff
changeset
|
626 |
return self._parse(unicode(rql), annotate=annotate) |
0 | 627 |
except UnicodeError: |
628 |
raise RQLSyntaxError(rql) |
|
629 |
||
630 |
def plan_factory(self, rqlst, args, session): |
|
631 |
"""create an execution plan for an INSERT RQL query""" |
|
632 |
if rqlst.TYPE == 'insert': |
|
633 |
return InsertPlan(self, rqlst, args, session) |
|
634 |
return ExecutionPlan(self, rqlst, args, session) |
|
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
635 |
|
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
636 |
def execute(self, session, rql, args=None, build_descr=True): |
0 | 637 |
"""execute a rql query, return resulting rows and their description in |
638 |
a `ResultSet` object |
|
639 |
||
4654
717310b3d576
docstring improvement
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
4533
diff
changeset
|
640 |
* `rql` should be an Unicode string or a plain ASCII string |
0 | 641 |
* `args` the optional parameters dictionary associated to the query |
642 |
* `build_descr` is a boolean flag indicating if the description should |
|
643 |
be built on select queries (if false, the description will be en empty |
|
644 |
list) |
|
645 |
||
4654
717310b3d576
docstring improvement
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
4533
diff
changeset
|
646 |
on INSERT queries, there will be one row with the eid of each inserted |
0 | 647 |
entity |
1802
d628defebc17
delete-trailing-whitespace + some copyright update
Adrien Di Mascio <Adrien.DiMascio@logilab.fr>
parents:
1133
diff
changeset
|
648 |
|
0 | 649 |
result for DELETE and SET queries is undefined yet |
650 |
||
651 |
to maximize the rql parsing/analyzing cache performance, you should |
|
4654
717310b3d576
docstring improvement
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
4533
diff
changeset
|
652 |
always use substitute arguments in queries (i.e. avoid query such as |
0 | 653 |
'Any X WHERE X eid 123'!) |
654 |
""" |
|
2621
1b9d08840a0e
R [querier] debugging tweaks
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2601
diff
changeset
|
655 |
if server.DEBUG & (server.DBG_RQL | server.DBG_SQL): |
2629
0d445c2171e4
R [querier] debugging tweaks
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2621
diff
changeset
|
656 |
if server.DEBUG & (server.DBG_MORE | server.DBG_SQL): |
2621
1b9d08840a0e
R [querier] debugging tweaks
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2601
diff
changeset
|
657 |
print '*'*80 |
2646
d2874ddd4347
#F [querier] debugging tweak
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
2629
diff
changeset
|
658 |
print 'querier input', rql, args |
0 | 659 |
# parse the query and binds variables |
7027
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
660 |
cachekey = rql |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
661 |
try: |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
662 |
if args: |
7027
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
663 |
# search for named args in query which are eids (hence |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
664 |
# influencing query's solutions) |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
665 |
eidkeys = self._rql_ck_cache[rql] |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
666 |
if eidkeys: |
7027
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
667 |
# if there are some, we need a better cache key, eg (rql + |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
668 |
# entity type of each eid) |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
669 |
try: |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
670 |
cachekey = self._repo.querier_cache_key(session, rql, |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
671 |
args, eidkeys) |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
672 |
except UnknownEid: |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
673 |
# we want queries such as "Any X WHERE X eid 9999" |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
674 |
# return an empty result instead of raising UnknownEid |
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
675 |
return empty_rset(rql, args) |
0 | 676 |
rqlst = self._rql_cache[cachekey] |
677 |
self.cache_hit += 1 |
|
678 |
except KeyError: |
|
679 |
self.cache_miss += 1 |
|
680 |
rqlst = self.parse(rql) |
|
681 |
try: |
|
7027
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
682 |
# compute solutions for rqlst and return named args in query |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
683 |
# which are eids. Notice that if you may not need `eidkeys`, we |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
684 |
# have to compute solutions anyway (kept as annotation on the |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
685 |
# tree) |
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
686 |
eidkeys = self.solutions(session, rqlst, args) |
0 | 687 |
except UnknownEid: |
4843
5f7363416765
fix hooks control method name + other litle cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
688 |
# we want queries such as "Any X WHERE X eid 9999" return an |
5f7363416765
fix hooks control method name + other litle cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
689 |
# empty result instead of raising UnknownEid |
4722
9c13d5db03d9
pylint suggested refactorings
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4719
diff
changeset
|
690 |
return empty_rset(rql, args, rqlst) |
7027
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
691 |
if args and not rql in self._rql_ck_cache: |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
692 |
self._rql_ck_cache[rql] = eidkeys |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
693 |
if eidkeys: |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
694 |
cachekey = self._repo.querier_cache_key(session, rql, args, |
d3d7ff6ab54c
[repo querier] fix rqlst cache no limit issue, comment the code
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6427
diff
changeset
|
695 |
eidkeys) |
0 | 696 |
self._rql_cache[cachekey] = rqlst |
697 |
orig_rqlst = rqlst |
|
5072
072ae171aeb0
[cleanup] style fixes, add nodes, 0.2 cents refactorings
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4957
diff
changeset
|
698 |
if rqlst.TYPE != 'select': |
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
699 |
if session.read_security: |
0 | 700 |
check_no_password_selected(rqlst) |
4843
5f7363416765
fix hooks control method name + other litle cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
701 |
# write query, ensure session's mode is 'write' so connections won't |
5f7363416765
fix hooks control method name + other litle cleanups
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4835
diff
changeset
|
702 |
# be released until commit/rollback |
0 | 703 |
session.mode = 'write' |
704 |
cachekey = None |
|
705 |
else: |
|
4835
13b0b96d7982
[repo] enhanced security handling: deprecates unsafe_execute, in favor of explicit read/write security control using the `enabled_security` context manager. Also code executed on the repository side is now unsafe by default.
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4764
diff
changeset
|
706 |
if session.read_security: |
0 | 707 |
for select in rqlst.children: |
708 |
check_no_password_selected(select) |
|
709 |
# on select query, always copy the cached rqlst so we don't have to |
|
710 |
# bother modifying it. This is not necessary on write queries since |
|
711 |
# a new syntax tree is built from them. |
|
712 |
rqlst = rqlst.copy() |
|
3240
8604a15995d1
refactor so that rql rewriter may be used outside the server. Enhance it to be usable for RRQLExpression as well
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
3171
diff
changeset
|
713 |
self._annotate(rqlst) |
0 | 714 |
# make an execution plan |
715 |
plan = self.plan_factory(rqlst, args, session) |
|
716 |
plan.cache_key = cachekey |
|
717 |
self._planner.build_plan(plan) |
|
718 |
# execute the plan |
|
719 |
try: |
|
720 |
results = plan.execute() |
|
6361
843684a50e48
[transaction] to avoid potential db corruption, we should rollback systematically in case of ValidationError
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
721 |
except (Unauthorized, ValidationError): |
843684a50e48
[transaction] to avoid potential db corruption, we should rollback systematically in case of ValidationError
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
722 |
# getting an Unauthorized/ValidationError exception means the |
843684a50e48
[transaction] to avoid potential db corruption, we should rollback systematically in case of ValidationError
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6129
diff
changeset
|
723 |
# transaction must been rollbacked |
4532
85116e75f561
fix auto-rollback on unauthorized error:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
724 |
# |
85116e75f561
fix auto-rollback on unauthorized error:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
725 |
# notes: |
85116e75f561
fix auto-rollback on unauthorized error:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
726 |
# * we should not reset the pool here, since we don't want the |
85116e75f561
fix auto-rollback on unauthorized error:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
727 |
# session to loose its pool during processing |
85116e75f561
fix auto-rollback on unauthorized error:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
728 |
# * don't rollback if we're in the commit process, will be handled |
85116e75f561
fix auto-rollback on unauthorized error:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
729 |
# by the session |
85116e75f561
fix auto-rollback on unauthorized error:
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
4252
diff
changeset
|
730 |
if session.commit_state is None: |
6385
9f91d09ee5fa
[repo transaction] fix rollback behaviour as discussed on the mailing-list: instead of rollbacking automatically on Unauthorized/ValidationError, mark the transaction as uncommitable and disallow commiting
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
6361
diff
changeset
|
731 |
session.commit_state = 'uncommitable' |
0 | 732 |
raise |
733 |
# build a description for the results if necessary |
|
734 |
descr = () |
|
735 |
if build_descr: |
|
736 |
if rqlst.TYPE == 'select': |
|
737 |
# sample selection |
|
738 |
descr = session.build_description(orig_rqlst, args, results) |
|
739 |
elif rqlst.TYPE == 'insert': |
|
740 |
# on insert plan, some entities may have been auto-casted, |
|
741 |
# so compute description manually even if there is only |
|
742 |
# one solution |
|
743 |
basedescr = [None] * len(plan.selected) |
|
744 |
todetermine = zip(xrange(len(plan.selected)), repeat(False)) |
|
745 |
descr = session._build_descr(results, basedescr, todetermine) |
|
746 |
# FIXME: get number of affected entities / relations on non |
|
747 |
# selection queries ? |
|
748 |
# return a result set object |
|
5174
78438ad513ca
#759035: Automate addition of eid cachekey in RQL analysis
Sylvain Thénault <sylvain.thenault@logilab.fr>
parents:
5082
diff
changeset
|
749 |
return ResultSet(results, rql, args, descr, orig_rqlst) |
0 | 750 |
|
7083
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
7027
diff
changeset
|
751 |
# these are overridden by set_log_methods below |
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
7027
diff
changeset
|
752 |
# only defining here to prevent pylint from complaining |
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
7027
diff
changeset
|
753 |
info = warning = error = critical = exception = debug = lambda msg,*a,**kw: None |
b8e35cde46e9
help pylint by explicitely defining some attributes
Alexandre Fayolle <alexandre.fayolle@logilab.fr>
parents:
7027
diff
changeset
|
754 |
|
0 | 755 |
from logging import getLogger |
756 |
from cubicweb import set_log_methods |
|
757 |
LOGGER = getLogger('cubicweb.querier') |
|
758 |
set_log_methods(QuerierHelper, LOGGER) |