MCPcopy
hub / github.com/pocketbase/pocketbase / CreateViewFields

Method CreateViewFields

core/view.go:82–124  ·  view source on GitHub ↗

CreateViewFields creates a new FieldsList from the provided select query. There are some caveats: - The select query must have an "id" column. - Wildcard ("*") columns are not supported to avoid accidentally leaking sensitive data. NB! Be aware that this method is vulnerable to SQL injection and t

(dangerousSelectQuery string)

Source from the content-addressed store, hash-verified

80// NB! Be aware that this method is vulnerable to SQL injection and the
81// "dangerousSelectQuery" argument must come only from trusted input!
82func (app *BaseApp) CreateViewFields(dangerousSelectQuery string) (FieldsList, error) {
83 result := NewFieldsList()
84
85 suggestedFields, err := parseQueryToFields(app, dangerousSelectQuery)
86 if err != nil {
87 return result, err
88 }
89
90 // note wrap in a transaction in case the dangerousSelectQuery contains
91 // multiple statements allowing us to rollback on any error
92 txErr := app.RunInTransaction(func(txApp App) error {
93 info, err := getQueryTableInfo(txApp, dangerousSelectQuery)
94 if err != nil {
95 return err
96 }
97
98 var hasId bool
99
100 for _, row := range info {
101 if row.Name == FieldNameId {
102 hasId = true
103 }
104
105 var field Field
106
107 if f, ok := suggestedFields[row.Name]; ok {
108 field = f.field
109 } else {
110 field = defaultViewField(row.Name)
111 }
112
113 result.Add(field)
114 }
115
116 if !hasId {
117 return errors.New("missing required id column (you can use `(ROW_NUMBER() OVER()) as id` if you don't have one)")
118 }
119
120 return nil
121 })
122
123 return result, txErr
124}
125
126type DryRunViewResult struct {
127 Fields FieldsList `json:"fields"`

Callers 1

DryRunViewMethod · 0.95

Calls 6

RunInTransactionMethod · 0.95
AddMethod · 0.95
NewFieldsListFunction · 0.85
parseQueryToFieldsFunction · 0.85
getQueryTableInfoFunction · 0.85
defaultViewFieldFunction · 0.85

Tested by

no test coverage detected