SaveView creates (or updates already existing) persistent SQL view. NB! Be aware that this method is vulnerable to SQL injection and its arguments must come only from trusted input!
(dangerousViewName string, dangerousSelectQuery string)
| 35 | // NB! Be aware that this method is vulnerable to SQL injection and |
| 36 | // its arguments must come only from trusted input! |
| 37 | func (app *BaseApp) SaveView(dangerousViewName string, dangerousSelectQuery string) error { |
| 38 | return app.RunInTransaction(func(txApp App) error { |
| 39 | // delete old view (if exists) |
| 40 | err := txApp.DeleteView(dangerousViewName) |
| 41 | if err != nil { |
| 42 | return err |
| 43 | } |
| 44 | |
| 45 | dangerousSelectQuery, err = normalizeViewSelectQuery(dangerousSelectQuery) |
| 46 | if err != nil { |
| 47 | return err |
| 48 | } |
| 49 | |
| 50 | // (re)create the view |
| 51 | // |
| 52 | // note: the query is wrapped in a secondary SELECT as a rudimentary |
| 53 | // measure to discourage multiple inline sql statements execution |
| 54 | viewQuery := fmt.Sprintf("CREATE VIEW {{%s}} AS SELECT * FROM (%s)", dangerousViewName, dangerousSelectQuery) |
| 55 | _, err = txApp.DB().NewQuery(viewQuery).Execute() |
| 56 | if err != nil { |
| 57 | return err |
| 58 | } |
| 59 | |
| 60 | // fetch the view table info to ensure that the view was created |
| 61 | // because missing tables or columns won't return an error |
| 62 | if _, err := txApp.TableInfo(dangerousViewName); err != nil { |
| 63 | // manually cleanup previously created view in case the func |
| 64 | // is called in a nested transaction and the error is discarded |
| 65 | txApp.DeleteView(dangerousViewName) |
| 66 | |
| 67 | return err |
| 68 | } |
| 69 | |
| 70 | return nil |
| 71 | }) |
| 72 | } |
| 73 | |
| 74 | // CreateViewFields creates a new FieldsList from the provided select query. |
| 75 | // |
nothing calls this directly
no test coverage detected