Skip to content

public / sequelize

Go to a project

不要怂,就是干,撸起袖子干!

Commit a7a40e0e by Ricardo Lopes Committed by Jan Aagaard Meier
Options

only check model keys for delete with limit (#5801)

1 parent 4223c683
Inline Side-by-side
Showing with 61 additions and 18 deletions
changelog.md
# Future
- [FIXED] Method QueryInterface.bulkDelete no longer working when the model parameter is missing. (PostgreSQL) [#5615](https://github.com/sequelize/sequelize/issues/5615)
# 3.22.0 # 3.22.0
- [FIXED] Fix defaultValues getting overwritten on build - [FIXED] Fix defaultValues getting overwritten on build
- [FIXED] Queue queries against tedious connections - [FIXED] Queue queries against tedious connections
......
lib/dialects/postgres/query-generator.js
...@@ -357,24 +357,29 @@ var QueryGenerator = { ...@@ -357,24 +357,29 @@ var QueryGenerator = {
options.limit = 1; options.limit = 1;
} }
var replacements = {
table: tableName,
where: this.getWhereConditions(where, null, model, options),
limit: !!options.limit ? ' LIMIT ' + this.escape(options.limit) : ''
};
if (options.limit) { if (options.limit) {
if (!model) {
throw new Error('Cannot LIMIT delete without a model.');
}
var pks = _.map(_.values(model.primaryKeys), function (pk) {
return this.quoteIdentifier((pk.field));
}.bind(this)).join(',');
replacements.primaryKeys = model.primaryKeyAttributes.length > 1 ? '(' + pks + ')' : pks;
replacements.primaryKeysSelection = pks;
query = 'DELETE FROM <%= table %> WHERE <%= primaryKeys %> IN (SELECT <%= primaryKeysSelection %> FROM <%= table %><%= where %><%= limit %>)'; query = 'DELETE FROM <%= table %> WHERE <%= primaryKeys %> IN (SELECT <%= primaryKeysSelection %> FROM <%= table %><%= where %><%= limit %>)';
} else { } else {
query = 'DELETE FROM <%= table %><%= where %>'; query = 'DELETE FROM <%= table %><%= where %>';
} }
var pks = _.map(_.values(model.primaryKeys), function (pk) {
return this.quoteIdentifier((pk.field));
}.bind(this)).join(',');
var replacements = {
table: tableName,
where: this.getWhereConditions(where, null, model, options),
limit: !!options.limit ? ' LIMIT ' + this.escape(options.limit) : '',
primaryKeys: model.primaryKeyAttributes.length > 1 ? '(' + pks + ')' : pks,
primaryKeysSelection: pks
};
if (replacements.where) { if (replacements.where) {
replacements.where = ' WHERE ' + replacements.where; replacements.where = ' WHERE ' + replacements.where;
} }
......
test/support.js
...@@ -221,7 +221,11 @@ var Support = { ...@@ -221,7 +221,11 @@ var Support = {
.replace(/\]/g, Support.sequelize.dialect.TICK_CHAR_RIGHT); .replace(/\]/g, Support.sequelize.dialect.TICK_CHAR_RIGHT);
} }
expect(query).to.equal(expectation); if (_.isError(query)) {
expect(query.message).to.equal(expectation.message);
} else {
expect(query).to.equal(expectation);
}
} }
}; };
......
test/unit/sql/delete.test.js
...@@ -34,10 +34,10 @@ suite(Support.getTestDialectTeaser('SQL'), function() { ...@@ -34,10 +34,10 @@ suite(Support.getTestDialectTeaser('SQL'), function() {
options, options,
User User
), { ), {
postgres: 'TRUNCATE "public"."test_users" CASCADE', postgres: 'TRUNCATE "public"."test_users" CASCADE',
mssql: "TRUNCATE TABLE [public].[test_users]", mssql: "TRUNCATE TABLE [public].[test_users]",
mysql: 'TRUNCATE `public.test_users`', mysql: 'TRUNCATE `public.test_users`',
sqlite: 'DELETE FROM `public.test_users`' sqlite: 'DELETE FROM `public.test_users`'
} }
); );
}); });
...@@ -58,7 +58,7 @@ suite(Support.getTestDialectTeaser('SQL'), function() { ...@@ -58,7 +58,7 @@ suite(Support.getTestDialectTeaser('SQL'), function() {
options, options,
User User
), { ), {
default: "DELETE FROM [public.test_users] WHERE `name` = 'foo'", default: "DELETE FROM [public.test_users] WHERE `name` = 'foo'",
postgres: 'DELETE FROM "public"."test_users" WHERE "name" = \'foo\'', postgres: 'DELETE FROM "public"."test_users" WHERE "name" = \'foo\'',
mssql: "DELETE FROM [public].[test_users] WHERE [name] = N'foo'; SELECT @@ROWCOUNT AS AFFECTEDROWS;" mssql: "DELETE FROM [public].[test_users] WHERE [name] = N'foo'; SELECT @@ROWCOUNT AS AFFECTEDROWS;"
} }
...@@ -90,6 +90,37 @@ suite(Support.getTestDialectTeaser('SQL'), function() { ...@@ -90,6 +90,37 @@ suite(Support.getTestDialectTeaser('SQL'), function() {
}); });
}); });
suite('delete with limit and without model', function () {
var options = {
table: User.getTableName(),
where: {name: "foo';DROP TABLE mySchema.myTable;"},
limit: 10
};
test(util.inspect(options, {depth: 2}), function () {
var query;
try {
query = sql.deleteQuery(
options.table,
options.where,
options,
null
);
} catch(err) {
query = err;
}
return expectsql(
query, {
postgres: new Error("Cannot LIMIT delete without a model."),
sqlite: "DELETE FROM `public.test_users` WHERE `name` = 'foo'';DROP TABLE mySchema.myTable;'",
mssql: "DELETE TOP(10) FROM [public].[test_users] WHERE [name] = N'foo'';DROP TABLE mySchema.myTable;'; SELECT @@ROWCOUNT AS AFFECTEDROWS;",
default: "DELETE FROM [public.test_users] WHERE `name` = 'foo\\';DROP TABLE mySchema.myTable;' LIMIT 10"
}
);
});
});
suite('delete when the primary key has a different field name', function () { suite('delete when the primary key has a different field name', function () {
var User = current.define('test_user', { var User = current.define('test_user', {
id: { id: {
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!