Add per column regex filtering #108
Conversation
|
Could you add a test please? |
Codecov Report
@@ Coverage Diff @@
## master #108 +/- ##
==========================================
+ Coverage 93.68% 93.75% +0.06%
==========================================
Files 1 1
Lines 190 192 +2
==========================================
+ Hits 178 180 +2
Misses 12 12
Continue to review full report at Codecov.
|
|
@Pegase745 I have added a test for this. The global search regex is failing. The culprit is : sqlalchemy-datatables/datatables/__init__.py Line 350 in d1e686a I could be wrong but from my tests, it is unnecessarily escaping the regex characters. Why is there a need to clean the regex? Shouldn't it be up to the user to escape any special characters in the search value? |
| @@ -398,7 +401,7 @@ def _get_regex_operator(self): | |||
| if isinstance( | |||
| self.query.session.bind.dialect, | |||
| postgresql.dialect): | |||
| return '~' | |||
| return '~*' | |||
There was a problem hiding this comment.
Please document and motivate the change from case sensitive to case insensitive searching. And perhaps even better to leave as it is, as I understand the MySQL REGEXP operator is case sensitive as well. Perhaps regexpi functions should also be added?
| @@ -335,7 +336,10 @@ def _set_column_filter_expressions(self): | |||
| 'columns[{:d}][search][value]'.format(i), '') | |||
| if value: | |||
| search_func = search_methods[self.columns[i].search_method] | |||
| filter_expr = search_func(self.columns[i].sqla_expr, value) | |||
| if self.columns[i].search_method == 'regex': | |||
There was a problem hiding this comment.
I don't like this extra if/else statement here, but see that it is done because in this case the query method is is actually a function of the dialect. Perhaps the code needs to be reorganized a bit to allow for this, but the current implementation is a bit hacky
|
I believe the regexes are cleaned for security reasons, as exposing full regex functionality might be a security risk. Not sure how much of a real vulnerability this is with an up to date postgres or mysql backend though. https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS |
This PR adds regex filtering for each column. The current version of sqlalchemy-datatables only support regex filtering for the global search.
The regex is used by setting the search_method to regex in the column definition i.e. when creating the ColumnDT instance.