Hello list...
I would like to allow the users to perform certain queries without me
(or well... my server) knowing in advance what those queries are going
to be (without hard-coding the query).
For instance: I have a “Product” class. One of it's fields is
"manufacturer" and another is "model"
class Product(declarativeBase):
def __init__(self):
self.model = ""
self.manufacturer = ""
I would like the user be able to input an string with a query, such as
“Product.model != 'foo' or Product.model != 'bar'”
or:
"Product.model == 'foo' && Product.manufacturer == 'bar'"
I have created a little Python module (queryTree) that tokenizes the
string and generates a tree for that kind of queries. For the last one
mentioned above, it would be something like:
sqlalchemy.and_
/ \
== ==
/ \ / \
Product.model "foo" Product.manufacturer "bar"
1) The “&&” string can be converted to (stored as) the sqlalchemy.and_ method
2) The fields of Product are sqlalchemy.orm.synonym(s). If I pass my
tree module the class I'm going to perform the query for, it can call
getattr(cls, "model") and get the synonym (I mean: get the
Product.model synonym itself instead of the “model” string)
3) Equally, the comparators are get with getattr(Product, "__eq__") or
getattr(Product, "__ne__") so I can store in the tree node the
comparator function instead of the string “==” or “!=”
But when I try to run the query:
from mylibs.product import Product
queryString = "Product.model == 'foo' && Product.manufacturer == 'bar'"
session.query(Product.Product).filter(queryTree.getQuery(queryString,
Product.Product))
I get an exception:
File "/home/hbr/Documents/my-cms/backlib/product/ProductManager.py",
line 62, in getByCustomFilter
retval =
Database.session.query(Product.Product).filter(queryTokenizer.getQuery()).all()
File "<string>", line 1, in <lambda>
File
"/home/hbr/.buildout/eggs/SQLAlchemy-0.6.5-py2.6.egg/sqlalchemy/orm/query.py",
line 52, in generate
fn(self, *args[1:], **kw)
File
"/home/hbr/.buildout/eggs/SQLAlchemy-0.6.5-py2.6.egg/sqlalchemy/orm/query.py",
line 942, in filter
"filter() argument must be of type "
ArgumentError: filter() argument must be of type
sqlalchemy.sql.ClauseElement or string
I could easily modify my query generator module to get the query string...:
“and_(Product.model == 'foo', Product.manufacturer == 'bar')” so a
call to eval(“and_(Product.model == 'foo', Product.manufacturer ==
'bar')”) would probably work, but I'd like to avoid the use of eval
because of the security issues it usually implies.
With some other tests, I've got some other exceptions that made me
realize that I could possibly modify somehow the nodes of my tree
until getting "something" that is accepted by MySQL as a valid query,
but that's kind of cheating... I'd like to use pure SqlAlchemy if
possible (I trust SqlAlchemy more than my programming skills) :-D
Thank you in advance. Every hint will be deeply appreciated.
--
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To post to this group, send email to sqlalchemy@googlegroups.com.
To unsubscribe from this group, send email to
sqlalchemy+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/sqlalchemy?hl=en.
