nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Mark non-attribute usage in SQL queries as safe.

Browse source 
Non-attribute arguments will be disallowed in Rails 6.0.
This commit is contained in:
Dennis Schubert 2020-02-11 20:21:34 +01:00 committed by Benjamin Neff
parent 4685df634c
commit 2e2b42ef1a
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
5 changed files with 15 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/controllers/admins_controller.rb
View file

@ -51,7 +51,11 @@ class AdminsController < Admin::AdminController
end end
def stats def stats
@popular_tags = ActsAsTaggableOn::Tagging.joins(:tag).limit(50).order('count(taggings.id) DESC').group(:tag).count @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag)
.limit(50)
.order(Arel.sql("count(taggings.id) DESC"))
.group(:tag)
.count
case params[:range] case params[:range]
when "week" when "week"
@ -72,7 +76,10 @@ class AdminsController < Admin::AdminController
create_hash(model, :range => range) create_hash(model, :range => range)
end end
@posts_per_day = Post.where("created_at >= ?", Date.today - 21.days).group("DATE(created_at)").order("DATE(created_at) ASC").count @posts_per_day = Post.where("created_at >= ?", Time.zone.today - 21.days)
.group(Arel.sql("DATE(created_at)"))
.order(Arel.sql("DATE(created_at) ASC"))
.count
@most_posts_within = @posts_per_day.values.max.to_f @most_posts_within = @posts_per_day.values.max.to_f
@user_count = User.count @user_count = User.count

2
app/controllers/contacts_controller.rb
View file

@ -66,7 +66,7 @@ class ContactsController < ApplicationController
when "receiving" when "receiving"
current_user.contacts.receiving current_user.contacts.receiving
when "by_aspect" when "by_aspect"
order.unshift "contact_id IS NOT NULL DESC" order.unshift Arel.sql("contact_id IS NOT NULL DESC")
contacts_by_aspect(@aspect.id) contacts_by_aspect(@aspect.id)
else else
raise ArgumentError, "unknown type #{type}" raise ArgumentError, "unknown type #{type}"

6
app/models/person.rb
View file

@ -162,7 +162,7 @@ class Person < ApplicationRecord
contacts.id IS NOT NULL AS is_contact contacts.id IS NOT NULL AS is_contact
SQL SQL
) )
.order(<<-SQL .order(Arel.sql(<<-SQL
is_author DESC, is_author DESC,
is_commenter DESC, is_commenter DESC,
is_liker DESC, is_liker DESC,
@ -170,7 +170,7 @@ class Person < ApplicationRecord
profiles.full_name, profiles.full_name,
people.diaspora_handle people.diaspora_handle
SQL SQL
) ))
} }
def self.community_spotlight def self.community_spotlight
@ -241,7 +241,7 @@ class Person < ApplicationRecord
query = query.where(contacts: {sharing: true, receiving: true}) if mutual query = query.where(contacts: {sharing: true, receiving: true}) if mutual
query.where(closed_account: false) query.where(closed_account: false)
.order(["contacts.user_id IS NULL", "profiles.last_name ASC", "profiles.first_name ASC"]) .order([Arel.sql("contacts.user_id IS NULL"), "profiles.last_name ASC", "profiles.first_name ASC"])
end end
def name(opts = {}) def name(opts = {})

2
app/services/like_service.rb
View file

@ -22,7 +22,7 @@ class LikeService
def find_for_post(post_id) def find_for_post(post_id)
likes = post_service.find!(post_id).likes likes = post_service.find!(post_id).likes
user ? likes.order("author_id = #{user.person.id} DESC") : likes user ? likes.order(Arel.sql("author_id = #{user.person.id} DESC")) : likes
end end
private private

2
app/services/reshare_service.rb
View file

@ -13,7 +13,7 @@ class ReshareService
def find_for_post(post_id) def find_for_post(post_id)
reshares = post_service.find!(post_id).reshares reshares = post_service.find!(post_id).reshares
user ? reshares.order("author_id = #{user.person.id} DESC") : reshares user ? reshares.order(Arel.sql("author_id = #{user.person.id} DESC")) : reshares
end end
private private