def parse_select(context, value): if value == '*': context['sqlobj'] = select_star(context['sqlobj']) return tables = get_tables(context['sqlobj']) col_names = [t.strip().replace(' ', '_') for t in value.split(',')] for name in col_names: if '.' in name: table, _, col = name.partition('.') if table not in tables: raise RequestParseError('Entity {} in $select but not ' 'present in url'.format(table)) if col == '*': context['sqlobj'] = select_star(context['sqlobj'], tables[table].columns) else: if col not in tables[table].columns: raise RequestParseError('Entity {0} has not attribute {1}' .format(table, col)) context['sqlobj'] = context['sqlobj'].column( tables[table].columns[col]) else: cols = [tbl.columns[name] for tbl in tables.values() if name in tbl.columns] if not cols: raise RequestParseError('could not select {}'.format(name)) if len(cols) > 1: raise RequestParseError('imprecise select {}'.format(name)) context['sqlobj'] = context['sqlobj'].column(cols[0])
def validate_and_cleanup(sqlobj, request_payload): if isinstance(sqlobj, expression.Select): if not sqlobj.columns: return select_star(sqlobj) if ((isinstance(sqlobj, expression.Update) or isinstance(sqlobj, expression.Delete)) and sqlobj._whereclause is None): raise RequestParseError('Global collection modifications not allowed') if ((isinstance(sqlobj, expression.Update) or isinstance(sqlobj, expression.Insert)) and not sqlobj.parameters): if hasattr(request_payload, 'iteritems'): return sqlobj.values(request_payload) else: raise RequestParseError('Invalid Payload') return sqlobj