def post(self, request):
result = self.execute(request)
session = sessions.load_session_from_context(
result.pop("context")) if "context" in result else None
return stream(result,
allow_cors=allow_cors and request.user.is_anonymous,
session=session)
def get(self, request, schema, table, row_id=None):
schema, table = actions.get_table_name(schema, table, restrict_schemas=False)
columns = request.GET.getlist("column")
where = request.GET.getlist("where")
if row_id and where:
raise actions.APIError(
"Where clauses and row id are not allowed in the same query"
)
orderby = request.GET.getlist("orderby")
if row_id and orderby:
raise actions.APIError(
"Order by clauses and row id are not allowed in the same query"
)
limit = request.GET.get("limit")
if row_id and limit:
raise actions.APIError(
"Limit by clauses and row id are not allowed in the same query"
)
offset = request.GET.get("offset")
if row_id and offset:
raise actions.APIError(
"Order by clauses and row id are not allowed in the same query"
)
format = request.GET.get("form")
if offset is not None and not offset.isdigit():
raise actions.APIError("Offset must be integer")
if limit is not None and not limit.isdigit():
raise actions.APIError("Limit must be integer")
if not all(parser.is_pg_qual(c) for c in columns):
raise actions.APIError("Columns are no postgres qualifiers")
if not all(parser.is_pg_qual(c) for c in orderby):
raise actions.APIError(
"Columns in groupby-clause are no postgres qualifiers"
)
# OPERATORS could be EQUALS, GREATER, LOWER, NOTEQUAL, NOTGREATER, NOTLOWER
# CONNECTORS could be AND, OR
# If you connect two values with an +, it will convert the + to a space. Whatever.
where_clauses = self.__read_where_clause(where)
if row_id:
clause = {
"operands": [{"type": "column", "column": "id"}, row_id],
"operator": "EQUALS",
"type": "operator",
}
if where_clauses:
where_clauses = conjunction(clause, where_clauses)
else:
where_clauses = clause
# TODO: Validate where_clauses. Should not be vulnerable
data = {
"schema": schema,
"table": table,
"columns": columns,
"where": where_clauses,
"orderby": orderby,
"limit": limit,
"offset": offset,
}
return_obj = self.__get_rows(request, data)
session = sessions.load_session_from_context(return_obj.pop("context")) if "context" in return_obj else None
# Extract column names from description
if "description" in return_obj:
cols = [col[0] for col in return_obj["description"]]
else:
cols = []
return_obj["data"] = []
return_obj["rowcount"] = 0
if format == "csv":
pseudo_buffer = Echo()
writer = csv.writer(pseudo_buffer, quoting=csv.QUOTE_ALL)
response = OEPStream(
(
writer.writerow(x)
for x in itertools.chain([cols], return_obj["data"])
),
content_type="text/csv",
session=session,
)
response[
"Content-Disposition"
] = 'attachment; filename="{schema}__{table}.csv"'.format(
schema=schema, table=table
)
return response
else:
if row_id:
dict_list = [dict(zip(cols, row)) for row in return_obj["data"]]
if dict_list:
dict_list = dict_list[0]
else:
raise Http404
# TODO: Figure out what JsonResponse does different.
return JsonResponse(dict_list, safe=False)
return stream((dict(zip(cols, row)) for row in return_obj["data"]), session=session)