Whitelist: first implementation (still some issues to fix)

Author: homersimpsons

src/AbstractTDBMObject.php

@@ -99,7 +99,7 @@ public function __construct(?string $tableName = null, array $primaryKeys = [],
             $this->_setStatus(TDBMObjectStateEnum::STATE_DETACHED);
         } else {
             $this->_attach($tdbmService);
-            if (!empty($primaryKeys)) {
+            if (!empty($primaryKeys)) { // @TODO (gua) might not be fully loaded
                 $this->_setStatus(TDBMObjectStateEnum::STATE_NOT_LOADED);
             } else {
                 $this->_setStatus(TDBMObjectStateEnum::STATE_NEW);
@@ -110,7 +110,7 @@ public function __construct(?string $tableName = null, array $primaryKeys = [],
     /**
      * Alternative constructor called when data is fetched from database via a SELECT.
      *
-     * @param array[]     $beanData    array<table, array<column, value>>
+     * @param array<string, array<string, mixed>> $beanData    array<table, array<column, value>>
      * @param TDBMService $tdbmService
      */
     public function _constructFromData(array $beanData, TDBMService $tdbmService): void
@@ -121,7 +121,7 @@ public function _constructFromData(array $beanData, TDBMService $tdbmService): v
             $this->dbRows[$table] = new DbRow($this, $table, static::getForeignKeys($table), $tdbmService->_getPrimaryKeysFromObjectData($table, $columns), $tdbmService, $columns);
         }
 
-        $this->status = TDBMObjectStateEnum::STATE_LOADED;
+        $this->status = TDBMObjectStateEnum::STATE_LOADED; // @TODO might be not fully loaded
     }
 
     /**
@@ -251,27 +251,14 @@ protected function set(string $var, $value, ?string $tableName = null): void
         }
     }
 
-    /**
-     * @param string             $foreignKeyName
-     * @param AbstractTDBMObject $bean
-     */
-    protected function setRef(string $foreignKeyName, AbstractTDBMObject $bean = null, string $tableName = null): void
+    protected function setRef(string $foreignKeyName, ?AbstractTDBMObject $bean, string $tableName, string $className, string $resultIteratorClass): void
     {
-        if ($tableName === null) {
-            if (count($this->dbRows) > 1) {
-                throw new TDBMException('This object is based on several tables. You must specify which table you are retrieving data from.');
-            } elseif (count($this->dbRows) === 1) {
-                $tableName = (string) array_keys($this->dbRows)[0];
-            } else {
-                throw new TDBMException('Please specify a table for this object.');
-            }
-        }
-
+        assert($bean === null || is_a($bean, $className), new TDBMInvalidArgumentException('$bean should be `null` or `' . $className . '`. `' . ($bean === null ? 'null' : get_class($bean)) . '` provided.'));
         if (!isset($this->dbRows[$tableName])) {
             $this->registerTable($tableName);
         }
 
-        $oldLinkedBean = $this->dbRows[$tableName]->getRef($foreignKeyName);
+        $oldLinkedBean = $this->dbRows[$tableName]->getRef($foreignKeyName, $className, $resultIteratorClass);
         if ($oldLinkedBean !== null) {
             $oldLinkedBean->removeManyToOneRelationship($tableName, $foreignKeyName, $this);
         }
@@ -291,19 +278,19 @@ protected function setRef(string $foreignKeyName, AbstractTDBMObject $bean = nul
      *
      * @return AbstractTDBMObject|null
      */
-    protected function getRef(string $foreignKeyName, ?string $tableName = null) : ?AbstractTDBMObject
+    protected function getRef(string $foreignKeyName, string $tableName, string $className, string $resultIteratorClass) : ?AbstractTDBMObject
     {
         $tableName = $this->checkTableName($tableName);
 
         if (!isset($this->dbRows[$tableName])) {
             return null;
         }
 
-        return $this->dbRows[$tableName]->getRef($foreignKeyName);
+        return $this->dbRows[$tableName]->getRef($foreignKeyName, $className, $resultIteratorClass);
     }
 
     /**
-     * Adds a many to many relationship to this bean.
+     * Adds a many to many$table relationship to this bean.
      *
      * @param string             $pivotTableName
      * @param AbstractTDBMObject $remoteBean
@@ -525,15 +512,16 @@ private function removeManyToOneRelationship(string $tableName, string $foreignK
      *
      * @return AlterableResultIterator
      */
-    protected function retrieveManyToOneRelationshipsStorage(string $tableName, string $foreignKeyName, array $searchFilter, string $orderString = null) : AlterableResultIterator
+    protected function retrieveManyToOneRelationshipsStorage(string $tableName, string $foreignKeyName, array $searchFilter, ?string $orderString, string $resultIteratorClass) : AlterableResultIterator
     {
+        assert(is_a($resultIteratorClass, ResultIterator::class, true), new TDBMInvalidArgumentException('$resultIteratorClass should be a `'. ResultIterator::class. '`. `' . $resultIteratorClass . '` provided.'));
         $key = $tableName.'___'.$foreignKeyName;
         $alterableResultIterator = $this->getManyToOneAlterableResultIterator($tableName, $foreignKeyName);
         if ($this->status === TDBMObjectStateEnum::STATE_DETACHED || $this->status === TDBMObjectStateEnum::STATE_NEW || (isset($this->manyToOneRelationships[$key]) && $this->manyToOneRelationships[$key]->getUnderlyingResultIterator() !== null)) {
             return $alterableResultIterator;
         }
 
-        $unalteredResultIterator = $this->tdbmService->findObjects($tableName, $searchFilter, [], $orderString);
+        $unalteredResultIterator = $this->tdbmService->findObjects($tableName, $searchFilter, [], $orderString, [], null, null, $resultIteratorClass);
 
         $alterableResultIterator->setResultIterator($unalteredResultIterator->getIterator());
 

src/AlterableResultIterator.php

@@ -75,11 +75,8 @@ public function add($object): void
     {
         $this->alterations->attach($object, 'add');
 
-        if ($this->resultArray !== null) {
-            $foundKey = array_search($object, $this->resultArray, true);
-            if ($foundKey === false) {
-                $this->resultArray[] = $object;
-            }
+        if ($this->resultArray !== null && !in_array($object, $this->resultArray, true)) {
+            $this->resultArray[] = $object;
         }
     }
 

src/DbRow.php

@@ -134,6 +134,7 @@ public function __construct(AbstractTDBMObject $object, string $tableName, Forei
                 $this->_setPrimaryKeys($primaryKeys);
                 if (!empty($dbRow)) {
                     $this->dbRow = $dbRow;
+                    // @TODO (gua): might not be fully loaded
                     $this->status = TDBMObjectStateEnum::STATE_LOADED;
                 } else {
                     $this->status = TDBMObjectStateEnum::STATE_NOT_LOADED;
@@ -219,6 +220,9 @@ public function _dbLoadIfNotLoaded(): void
      */
     public function get(string $var)
     {
+        if ($this->_getStatus() === TDBMObjectStateEnum::STATE_PARTIALLY_LOADED && !array_key_exists($var, $this->dbRow)) {
+            throw new TDBMInvalidArgumentException('Cannot load `'.$var.'` in partially loaded object with data ' . print_r($this->dbRow, true));
+        }
         if (!isset($this->primaryKeys[$var])) {
             $this->_dbLoadIfNotLoaded();
         }
@@ -235,16 +239,6 @@ public function set(string $var, $value): void
     {
         $this->_dbLoadIfNotLoaded();
 
-        /*
-        // Ok, let's start by checking the column type
-        $type = $this->db_connection->getColumnType($this->dbTableName, $var);
-
-        // Throws an exception if the type is not ok.
-        if (!$this->db_connection->checkType($value, $type)) {
-            throw new TDBMException("Error! Invalid value passed for attribute '$var' of table '$this->dbTableName'. Passed '$value', but expecting '$type'");
-        }
-        */
-
         /*if ($var == $this->getPrimaryKey() && isset($this->dbRow[$var]))
             throw new TDBMException("Error! Changing primary key value is forbidden.");*/
         $this->dbRow[$var] = $value;
@@ -275,7 +269,7 @@ public function setRef(string $foreignKeyName, AbstractTDBMObject $bean = null):
      *
      * @return AbstractTDBMObject|null
      */
-    public function getRef(string $foreignKeyName) : ?AbstractTDBMObject
+    public function getRef(string $foreignKeyName, string $className, string $resultIteratorClass) : ?AbstractTDBMObject
     {
         if (array_key_exists($foreignKeyName, $this->references)) {
             return $this->references[$foreignKeyName];
@@ -303,9 +297,9 @@ public function getRef(string $foreignKeyName) : ?AbstractTDBMObject
 
             // If the foreign key points to the primary key, let's use findObjectByPk
             if ($this->tdbmService->getPrimaryKeyColumns($foreignTableName) === $foreignColumns) {
-                return $this->tdbmService->findObjectByPk($foreignTableName, $filter, [], true);
+                return $this->tdbmService->findObjectByPk($foreignTableName, $filter, [], true, $className, $resultIteratorClass);
             } else {
-                return $this->tdbmService->findObject($foreignTableName, $filter);
+                return $this->tdbmService->findObject($foreignTableName, $filter, [], [], $className, $resultIteratorClass);
             }
         }
     }

src/InnerResultIterator.php

@@ -42,6 +42,7 @@ class InnerResultIterator implements \Iterator, InnerResultIteratorInterface
     private $objectStorage;
     private $className;
 
+    /** @var TDBMService */
     private $tdbmService;
     private $magicSql;
     private $parameters;
@@ -78,7 +79,7 @@ private function __construct()
      */
     public static function createInnerResultIterator(string $magicSql, array $parameters, ?int $limit, ?int $offset, array $columnDescriptors, ObjectStorageInterface $objectStorage, ?string $className, TDBMService $tdbmService, MagicQuery $magicQuery, LoggerInterface $logger): self
     {
-        $iterator =  new static();
+        $iterator =  new static(); // @TODO (gua) Should I know here if it's a partial load ? (to allow to give that state to DBRow and TDBMObject)
         $iterator->magicSql = $magicSql;
         $iterator->objectStorage = $objectStorage;
         $iterator->className = $className;
@@ -170,10 +171,12 @@ public function key()
      */
     public function next()
     {
+        /** @var array<string, string> $row */
         $row = $this->statement->fetch(\PDO::FETCH_ASSOC);
         if ($row) {
 
             // array<tablegroup, array<table, array<column, value>>>
+            /** @var array<string, array<string, array<string, mixed>>> $beansData */
             $beansData = [];
             foreach ($row as $key => $value) {
                 if (!isset($this->columnDescriptors[$key])) {
@@ -201,13 +204,15 @@ public function next()
 
                 list($actualClassName, $mainBeanTableName, $tablesUsed) = $this->tdbmService->_getClassNameFromBeanData($beanData);
 
-                if ($this->className !== null) {
+                // @TODO (gua) this is a weird hack to be able to force a TDBMObject...
+                // ClassName could be used to override $actualClassName
+                if ($this->className !== null && is_a($this->className, TDBMObject::class, true)) {
                     $actualClassName = $this->className;
                 }
 
                 // Let's filter out the beanData that is not used (because it belongs to a part of the hierarchy that is not fetched:
                 foreach ($beanData as $tableName => $descriptors) {
-                    if (!in_array($tableName, $tablesUsed)) {
+                    if (!in_array($tableName, $tablesUsed, true)) {
                         unset($beanData[$tableName]);
                     }
                 }

src/OrderByAnalyzer.php

@@ -5,6 +5,7 @@
 
 use Doctrine\Common\Cache\Cache;
 use PHPSQLParser\PHPSQLParser;
+use PHPSQLParser\utils\ExpressionType;
 
 /**
  * Class in charge of analyzing order by clauses.
@@ -85,7 +86,7 @@ private function analyzeOrderByNoCache(string $orderBy) : array
 
         for ($i = 0, $count = count($parsed['ORDER']); $i < $count; ++$i) {
             $orderItem = $parsed['ORDER'][$i];
-            if ($orderItem['expr_type'] === 'colref') {
+            if ($orderItem['expr_type'] === ExpressionType::COLREF) {
                 $parts = $orderItem['no_quotes']['parts'];
                 $columnName = array_pop($parts);
                 if (!empty($parts)) {
@@ -95,7 +96,7 @@ private function analyzeOrderByNoCache(string $orderBy) : array
                 }
 
                 $results[] = [
-                    'type' => 'colref',
+                    'type' => ExpressionType::COLREF,
                     'table' => $tableName,
                     'column' => $columnName,
                     'direction' => $orderItem['direction'],

src/PageIterator.php

@@ -76,8 +76,20 @@ private function __construct()
      * @param mixed[] $parameters
      * @param array[] $columnDescriptors
      */
-    public static function createResultIterator(ResultIterator $parentResult, string $magicSql, array $parameters, int $limit, int $offset, array $columnDescriptors, ObjectStorageInterface $objectStorage, ?string $className, TDBMService $tdbmService, MagicQuery $magicQuery, int $mode, LoggerInterface $logger): self
-    {
+    public static function createResultIterator(
+        ResultIterator $parentResult,
+        string $magicSql,
+        array $parameters,
+        int $limit,
+        int $offset,
+        array $columnDescriptors,
+        ObjectStorageInterface $objectStorage,
+        ?string $className,
+        TDBMService $tdbmService,
+        MagicQuery $magicQuery,
+        int $mode,
+        LoggerInterface $logger
+    ): self {
         $iterator =  new self();
         $iterator->parentResult = $parentResult;
         $iterator->magicSql = $magicSql;

src/QueryFactory/AbstractQueryFactory.php

@@ -3,6 +3,8 @@
 
 namespace TheCodingMachine\TDBM\QueryFactory;
 
+use PHPSQLParser\utils\ExpressionType;
+use TheCodingMachine\TDBM\ResultIterator;
 use function array_unique;
 use Doctrine\DBAL\Platforms\MySqlPlatform;
 use Doctrine\DBAL\Schema\Schema;
@@ -52,6 +54,8 @@ abstract class AbstractQueryFactory implements QueryFactory
      * @var string
      */
     protected $mainTable;
+    /** @var null|ResultIterator */
+    protected $resultIterator;
 
     /**
      * @param TDBMService $tdbmService
@@ -68,6 +72,11 @@ public function __construct(TDBMService $tdbmService, Schema $schema, OrderByAna
         $this->mainTable = $mainTable;
     }
 
+    public function setResultIterator(ResultIterator $resultIterator): void
+    {
+        $this->resultIterator = $resultIterator;
+    }
+
     /**
      * Returns the column list that must be fetched for the SQL request.
      *
@@ -120,7 +129,7 @@ protected function getColumnsList(string $mainTable, array $additionalTablesFetc
             // If we sort by a column, there is a high chance we will fetch the bean containing this column.
             // Hence, we should add the table to the $additionalTablesFetch
             foreach ($orderByColumns as $orderByColumn) {
-                if ($orderByColumn['type'] === 'colref') {
+                if ($orderByColumn['type'] === ExpressionType::COLREF) {
                     if ($orderByColumn['table'] !== null) {
                         if ($canAddAdditionalTablesFetch) {
                             $additionalTablesFetch[] = $orderByColumn['table'];
@@ -140,16 +149,16 @@ protected function getColumnsList(string $mainTable, array $additionalTablesFetc
                         $reconstructedOrderBys[] = ($orderByColumn['table'] !== null ? $mysqlPlatform->quoteIdentifier($orderByColumn['table']).'.' : '').$mysqlPlatform->quoteIdentifier($orderByColumn['column']).' '.$orderByColumn['direction'];
                     }
                 } elseif ($orderByColumn['type'] === 'expr') {
+                    if ($securedOrderBy) {
+                        throw new TDBMInvalidArgumentException('Invalid ORDER BY column: "'.$orderByColumn['expr'].'". If you want to use expression in your ORDER BY clause, you must wrap them in a UncheckedOrderBy object. For instance: new UncheckedOrderBy("col1 + col2 DESC")');
+                    }
+
                     $sortColumnName = 'sort_column_'.$sortColumn;
                     $columnsList[] = $orderByColumn['expr'].' as '.$sortColumnName;
                     $columnDescList[$sortColumnName] = [
                         'tableGroup' => null,
                     ];
                     ++$sortColumn;
-
-                    if ($securedOrderBy) {
-                        throw new TDBMInvalidArgumentException('Invalid ORDER BY column: "'.$orderByColumn['expr'].'". If you want to use expression in your ORDER BY clause, you must wrap them in a UncheckedOrderBy object. For instance: new UncheckedOrderBy("col1 + col2 DESC")');
-                    }
                 }
             }
 
@@ -181,15 +190,20 @@ protected function getColumnsList(string $mainTable, array $additionalTablesFetc
         foreach ($allFetchedTables as $table) {
             foreach ($this->schema->getTable($table)->getColumns() as $column) {
                 $columnName = $column->getName();
-                $columnDescList[$table.'____'.$columnName] = [
-                    'as' => $table.'____'.$columnName,
-                    'table' => $table,
-                    'column' => $columnName,
-                    'type' => $column->getType(),
-                    'tableGroup' => $tableGroups[$table],
-                ];
-                $columnsList[] = $mysqlPlatform->quoteIdentifier($table).'.'.$mysqlPlatform->quoteIdentifier($columnName).' as '.
-                    $connection->quoteIdentifier($table.'____'.$columnName);
+                if ($this->resultIterator === null // @TODO (gua) don't take care of whitelist in case of LIMIT below 2
+                    || $table !== $mainTable
+                    || $this->resultIterator->isInWhitelist($columnName, $table)
+                ) {
+                    $columnDescList[$table . '____' . $columnName] = [
+                        'as' => $table . '____' . $columnName,
+                        'table' => $table,
+                        'column' => $columnName,
+                        'type' => $column->getType(),
+                        'tableGroup' => $tableGroups[$table],
+                    ];
+                    $columnsList[] = $mysqlPlatform->quoteIdentifier($table) . '.' . $mysqlPlatform->quoteIdentifier($columnName) . ' as ' .
+                        $connection->quoteIdentifier($table . '____' . $columnName);
+                }
             }
         }