Merge pull request #2093 from meetearnest/fix-paranoidClause

Fix paranoid clause treating all arrays as if they contained only strings

lib/dialects/abstract/query-generator.js

@@ -1175,15 +1175,7 @@ module.exports = (function() {
       } else if (Buffer.isBuffer(smth)) {
       } else if (Buffer.isBuffer(smth)) {
         result = this.escape(smth);
         result = this.escape(smth);
       } else if (Array.isArray(smth)) {
       } else if (Array.isArray(smth)) {
-        var treatAsAnd = smth.reduce(function(treatAsAnd, arg) {
-          if (treatAsAnd) {
-            return treatAsAnd;
-          } else {
-            return !(arg instanceof Date) && ((arg instanceof Utils.and) || (arg instanceof Utils.or) || Utils._.isPlainObject(arg));
-          }
-        }, false);
-
-        if (treatAsAnd) {
+        if (Utils.canTreatArrayAsAnd(smth)) {
           var _smth = self.sequelize.and.apply(null, smth);
           var _smth = self.sequelize.and.apply(null, smth);
           result = self.getWhereConditions(_smth, tableName, factory, options, prepend);
           result = self.getWhereConditions(_smth, tableName, factory, options, prepend);
         } else {
         } else {

lib/model.js

@@ -1580,12 +1580,25 @@ module.exports = (function() {
       options.where += ' AND ' + quoteIdentifiedDeletedAtCol + ' IS NULL ';
       options.where += ' AND ' + quoteIdentifiedDeletedAtCol + ' IS NULL ';
     }
     }
     else if (Array.isArray(options.where)) {
     else if (Array.isArray(options.where)) {
-
+      // Need to check how the array is being used, as it could be an array
+      // of string-likes/Dates or an array with objects, hashes, or other
+      // complex data types
+      if (Utils.canTreatArrayAsAnd(options.where)) {
+        // Don't overwrite our explicit deletedAt search value if we provide one
+        var whereClause = this.QueryGenerator.getWhereConditions(options.where, this.getTableName(), this, options);
+        if (whereClause.indexOf(deletedAtCol) !== -1) {
+          return options;
+        }
+        var whereObj = {};
+        whereObj[quoteIdentifiedDeletedAtCol] = null;
+        options.where.push(whereObj);
+      } else {
         // Don't overwrite our explicit deletedAt search value if we provide one
         // Don't overwrite our explicit deletedAt search value if we provide one
         if (options.where[0].indexOf(deletedAtCol) !== -1) {
         if (options.where[0].indexOf(deletedAtCol) !== -1) {
           return options;
           return options;
         }
         }
         options.where[0] += ' AND ' + quoteIdentifiedDeletedAtCol + ' IS NULL ';
         options.where[0] += ' AND ' + quoteIdentifiedDeletedAtCol + ' IS NULL ';
+      }
     } else {
     } else {
       options.where[deletedAtCol] = null;
       options.where[deletedAtCol] = null;
     }
     }

lib/utils.js

@@ -354,6 +354,16 @@ var Utils = module.exports = {
     }
     }
     return result;
     return result;
   },
   },
+  canTreatArrayAsAnd: function(arr) {
+    return arr.reduce(function(treatAsAnd, arg) {
+      if (treatAsAnd) {
+        return treatAsAnd;
+      } else {
+        return !(arg instanceof Date) && ((arg instanceof Utils.and) || (arg instanceof Utils.or) || Utils._.isPlainObject(arg));
+      }
+    }, false);
+  },
+
   combineTableNames: function(tableName1, tableName2) {
   combineTableNames: function(tableName1, tableName2) {
     return (tableName1.toLowerCase() < tableName2.toLowerCase()) ? (tableName1 + tableName2) : (tableName2 + tableName1);
     return (tableName1.toLowerCase() < tableName2.toLowerCase()) ? (tableName1 + tableName2) : (tableName2 + tableName1);
   },
   },

test/dao-factory.test.js

@@ -2100,6 +2100,20 @@ describe(Support.getTestDialectTeaser("DAOFactory"), function () {
       })
       })
     })
     })
 
 
+    it('should not fail when array contains Sequelize.or / and', function (done) {
+      this.User.findAll({
+        where: [
+          this.sequelize.or({ username: 'vader' }, { username: 'luke' }),
+          this.sequelize.and({ id: [1, 2, 3] })
+        ]
+      })
+        .then(function(res) {
+          expect(res).to.have.length(2)
+          done()
+        })
+        .catch(function(e) { done(e) })
+    })
+
     it('should not fail with an include', function(done) {
     it('should not fail with an include', function(done) {
       this.User.findAll({
       this.User.findAll({
         where: [
         where: [
@@ -2145,6 +2159,23 @@ describe(Support.getTestDialectTeaser("DAOFactory"), function () {
       }).error(done)
       }).error(done)
     })
     })
 
 
+    it('should not overwrite a specified deletedAt (complex query)', function (done) {
+      this.User.findAll({
+        where: [
+          this.sequelize.or({ username: 'leia' }, { username: 'luke' }),
+          this.sequelize.and(
+            { id: [1, 2, 3] },
+            this.sequelize.or({ deletedAt: null }, { deletedAt: { gt: new Date(0) } })
+          )
+        ]
+      })
+        .then(function(res) {
+          expect(res).to.have.length(2)
+          done()
+        })
+        .catch(function(e) { done(e) })
+    })
+
   })
   })
 
 
   if (dialect !== 'sqlite') {
   if (dialect !== 'sqlite') {