Storm

It should be possible to use a string when defining order_by for a ReferenceSet

Bug #580037 reported by Jamu Kakar on 2010-05-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Storm	Fix Released	Medium	Jamu Kakar	Storm 0.17

Bug Description

I want to define the order_by property of a ReferenceSet as a string
to work around circular dependencies. For example, this doesn't
work:

class Account(Storm):

id = Int(primary=True)
users = ReferenceSet(id, "User.account_id", order_by="User.name")

It doesn't work because the value passed to order_by is not handled
by the property resolver. It's stored and passed directly to
ResultSet.order_by which, in the case of a string, injects the value
directly into the generated SQL (which might even make it possible
to create a SQL injection attack). A hack workaround for the issue
is to use a Column expression:

class Account(Storm):

    id = Int(primary=True)
    users = ReferenceSet(id, "User.account_id",
                         order_by=Column("name", "user"))

Related branches

lp://staging/~jkakar/storm/reference-set-order-by

Merged into lp://staging/storm at revision 358

Sidnei da Silva (community): Approve on 2010-06-04

Gustavo Niemeyer: Approve on 2010-06-01

Jamu Kakar (jkakar) on 2010-05-13

Changed in storm:
assignee:	nobody → Jamu Kakar (jkakar)
importance:	Undecided → Medium
milestone:	none → 0.17

Jamu Kakar (jkakar) on 2010-05-13

Changed in storm:
status:	New → In Progress

Jamu Kakar (jkakar) on 2010-06-04

Changed in storm:
status:	In Progress → Fix Committed

Jamu Kakar (jkakar) on 2010-08-13

Changed in storm:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.