6c5cc98477af424865533ac39e22adf968a2f98d galt Tue Oct 4 12:55:30 2022 -0700 cdw fixes for sqlSafef v2, and a minor bug fix of Jims refactoring of facet code. diff --git src/hg/cirm/cdw/cdwWebBrowse/cdwWebBrowse.c src/hg/cirm/cdw/cdwWebBrowse/cdwWebBrowse.c index 50e8cea..6c4359e 100644 --- src/hg/cirm/cdw/cdwWebBrowse/cdwWebBrowse.c +++ src/hg/cirm/cdw/cdwWebBrowse/cdwWebBrowse.c @@ -770,30 +770,31 @@ separator = ","; } } hashFree(&hash); slFreeList(&nameList); return dyStringCannibalize(&dy); } void searchFilesWithAccess(struct sqlConnection *conn, char *searchString, char *allFields, char* initialWhere, struct cdwFile **retList, struct dyString **retWhere, char **retFields, boolean securityColumnsInTable) { /* Get list of files that we are authorized to see and that match searchString in the trix file * Returns: retList of matching files, retWhere with sql where expression for these files, retFields * If nothing to see, retList is NULL + * DO NOT Convert to safef V2 since the where clause is checked by gbSanity in tablesTables.c * */ char *fields = filterFieldsToJustThoseInTable(conn, allFields, getCdwTableSetting("cdwFileTags")); struct cdwFile *efList = NULL; if (!securityColumnsInTable) efList = cdwAccessibleFileList(conn, user); struct cdwFile *ef; if (!securityColumnsInTable && !efList) { *retList = NULL; return; } @@ -819,78 +820,78 @@ else { intValTreeAdd(searchPassTree, sqlUnsigned(tsr->itemId), tsr); } } if (securityColumnsInTable) slReverse(&efList); } /* Loop through all files constructing a SQL where clause that restricts us * to just the ones that we're authorized to hit, and that also pass initial where clause * if any. */ struct dyString *where = dyStringNew(0); if (!isEmpty(initialWhere)) - sqlDyStringPrintf(where, "(%-s)", initialWhere); // trust + dyStringPrintf(where, "(%-s)", initialWhere); // trust if (securityColumnsInTable) { if (user) { // get all groupIds belonging to this user char query[256]; if (!user->isAdmin) { sqlSafef(query, sizeof(query), "select groupId from cdwGroupUser " " where cdwGroupUser.userId = %d", user->id); struct sqlResult *sr = sqlGetResult(conn, query); char **row; if (!isEmpty(where->string)) - sqlDyStringPrintf(where, " and "); - sqlDyStringPrintf(where, "(allAccess > 0"); + dyStringPrintf(where, " and "); + dyStringPrintf(where, "(allAccess > 0"); while ((row = sqlNextRow(sr)) != NULL) { int groupId = sqlUnsigned(row[0]); - sqlDyStringPrintf(where, " or FIND_IN_SET('%u', groupIds)", groupId); + dyStringPrintf(where, " or FIND_IN_SET('%u', groupIds)", groupId); } sqlFreeResult(&sr); - sqlDyStringPrintf(where, ")"); + dyStringPrintf(where, ")"); } } else { if (!isEmpty(where->string)) - sqlDyStringPrintf(where, " and "); - sqlDyStringPrintf(where, "allAccess > 0"); + dyStringPrintf(where, " and "); + dyStringPrintf(where, "allAccess > 0"); } } if (efList || (securityColumnsInTable && (!isEmpty(searchString)))) // have search terms but nothing was found { if (!isEmpty(where->string)) - sqlDyStringPrintf(where, " and "); - sqlDyStringPrintf(where, "file_id in (0"); // initial 0 never found, just makes code smaller + dyStringPrintf(where, " and "); + dyStringPrintf(where, "file_id in (0"); // initial 0 never found, just makes code smaller for (ef = efList; ef != NULL; ef = ef->next) { if (searchPassTree == NULL || securityColumnsInTable || intValTreeFind(searchPassTree, ef->id) != NULL) { - sqlDyStringPrintf(where, ",%u", ef->id); + dyStringPrintf(where, ",%u", ef->id); } } - sqlDyStringPrintf(where, ")"); + dyStringPrintf(where, ")"); } rbTreeFree(&searchPassTree); // return three variables *retWhere = where; *retList = efList; *retFields = fields; } struct cdwFile* findDownloadableFiles(struct sqlConnection *conn, struct cart *cart, char* initialWhere, char *searchString) /* return list of files that we are allowed to see and that match current filters */ { // get query of files that match and where we have access