1. Disable fleshing for PCRUD. Otherwise fleshing would provide a
[working/Evergreen.git] / Open-ILS / src / c-apps / oils_sql.c
1 /**
2         @file oils_sql.c
3         @brief Utility routines for translating JSON into SQL.
4 */
5
6 #include <stdlib.h>
7 #include <string.h>
8 #include <time.h>
9 #include <ctype.h>
10 #include <dbi/dbi.h>
11 #include "opensrf/utils.h"
12 #include "opensrf/log.h"
13 #include "opensrf/osrf_application.h"
14 #include "openils/oils_utils.h"
15 #include "openils/oils_sql.h"
16
17 // The next four macros are OR'd together as needed to form a set
18 // of bitflags.  SUBCOMBO enables an extra pair of parentheses when
19 // nesting one UNION, INTERSECT or EXCEPT inside another.
20 // SUBSELECT tells us we're in a subquery, so don't add the
21 // terminal semicolon yet.
22 #define SUBCOMBO    8
23 #define SUBSELECT   4
24 #define DISABLE_I18N    2
25 #define SELECT_DISTINCT 1
26
27 #define AND_OP_JOIN     0
28 #define OR_OP_JOIN      1
29
30 struct ClassInfoStruct;
31 typedef struct ClassInfoStruct ClassInfo;
32
33 #define ALIAS_STORE_SIZE 16
34 #define CLASS_NAME_STORE_SIZE 16
35
36 struct ClassInfoStruct {
37         char* alias;
38         char* class_name;
39         char* source_def;
40         osrfHash* class_def;      // Points into IDL
41         osrfHash* fields;         // Points into IDL
42         osrfHash* links;          // Points into IDL
43
44         // The remaining members are private and internal.  Client code should not
45         // access them directly.
46
47         ClassInfo* next;          // Supports linked list of joined classes
48         int in_use;               // boolean
49
50         // We usually store the alias and class name in the following arrays, and
51         // point the corresponding pointers at them.  When the string is too big
52         // for the array (which will probably never happen in practice), we strdup it.
53
54         char alias_store[ ALIAS_STORE_SIZE + 1 ];
55         char class_name_store[ CLASS_NAME_STORE_SIZE + 1 ];
56 };
57
58 struct QueryFrameStruct;
59 typedef struct QueryFrameStruct QueryFrame;
60
61 struct QueryFrameStruct {
62         ClassInfo core;
63         ClassInfo* join_list;  // linked list of classes joined to the core class
64         QueryFrame* next;      // implements stack as linked list
65         int in_use;            // boolean
66 };
67
68 static int timeout_needs_resetting;
69 static time_t time_next_reset;
70
71 static int verifyObjectClass ( osrfMethodContext*, const jsonObject* );
72
73 static void setXactId( osrfMethodContext* ctx );
74 static inline const char* getXactId( osrfMethodContext* ctx );
75 static inline void clearXactId( osrfMethodContext* ctx );
76
77 static jsonObject* doFieldmapperSearch ( osrfMethodContext* ctx, osrfHash* class_meta,
78                 jsonObject* where_hash, jsonObject* query_hash, int* err );
79 static jsonObject* oilsMakeFieldmapperFromResult( dbi_result, osrfHash* );
80 static jsonObject* oilsMakeJSONFromResult( dbi_result );
81
82 static char* searchSimplePredicate ( const char* op, const char* class_alias,
83                                 osrfHash* field, const jsonObject* node );
84 static char* searchFunctionPredicate ( const char*, osrfHash*, const jsonObject*, const char* );
85 static char* searchFieldTransform ( const char*, osrfHash*, const jsonObject* );
86 static char* searchFieldTransformPredicate ( const ClassInfo*, osrfHash*, const jsonObject*,
87                 const char* );
88 static char* searchBETWEENPredicate ( const char*, osrfHash*, const jsonObject* );
89 static char* searchINPredicate ( const char*, osrfHash*,
90                                                                  jsonObject*, const char*, osrfMethodContext* );
91 static char* searchPredicate ( const ClassInfo*, osrfHash*, jsonObject*, osrfMethodContext* );
92 static char* searchJOIN ( const jsonObject*, const ClassInfo* left_info );
93 static char* searchWHERE ( const jsonObject*, const ClassInfo*, int, osrfMethodContext* );
94 static char* buildSELECT ( jsonObject*, jsonObject*, osrfHash*, osrfMethodContext* );
95 char* buildQuery( osrfMethodContext* ctx, jsonObject* query, int flags );
96
97 char* SELECT ( osrfMethodContext*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, int );
98
99 void userDataFree( void* );
100 static void sessionDataFree( char*, void* );
101 static int obj_is_true( const jsonObject* obj );
102 static const char* json_type( int code );
103 static const char* get_primitive( osrfHash* field );
104 static const char* get_datatype( osrfHash* field );
105 static int is_identifier( const char* s );
106 static int is_good_operator( const char* op );
107 static void pop_query_frame( void );
108 static void push_query_frame( void );
109 static int add_query_core( const char* alias, const char* class_name );
110 static inline ClassInfo* search_alias( const char* target );
111 static ClassInfo* search_all_alias( const char* target );
112 static ClassInfo* add_joined_class( const char* alias, const char* classname );
113 static void clear_query_stack( void );
114
115 static const jsonObject* verifyUserPCRUD( osrfMethodContext* );
116 static int verifyObjectPCRUD( osrfMethodContext*, const jsonObject* );
117 static const char* org_tree_root( osrfMethodContext* ctx );
118 static jsonObject* single_hash( const char* key, const char* value );
119
120 static int child_initialized = 0;   /* boolean */
121
122 static dbi_conn writehandle; /* our MASTER db connection */
123 static dbi_conn dbhandle; /* our CURRENT db connection */
124 //static osrfHash * readHandles;
125
126 // The following points to the top of a stack of QueryFrames.  It's a little
127 // confusing because the top level of the query is at the bottom of the stack.
128 static QueryFrame* curr_query = NULL;
129
130 static dbi_conn writehandle; /* our MASTER db connection */
131 static dbi_conn dbhandle; /* our CURRENT db connection */
132 //static osrfHash * readHandles;
133
134 static int max_flesh_depth = 100;
135
136 static int enforce_pcrud = 0;     // Boolean
137 static char* modulename = NULL;
138
139 /**
140         @brief Connect to the database.
141         @return A database connection if successful, or NULL if not.
142 */
143 dbi_conn oilsConnectDB( const char* mod_name ) {
144
145         osrfLogDebug( OSRF_LOG_MARK, "Attempting to initialize libdbi..." );
146         if( dbi_initialize( NULL ) == -1 ) {
147                 osrfLogError( OSRF_LOG_MARK, "Unable to initialize libdbi" );
148                 return NULL;
149         } else
150                 osrfLogDebug( OSRF_LOG_MARK, "... libdbi initialized." );
151
152         char* driver = osrf_settings_host_value( "/apps/%s/app_settings/driver", mod_name );
153         char* user   = osrf_settings_host_value( "/apps/%s/app_settings/database/user", mod_name );
154         char* host   = osrf_settings_host_value( "/apps/%s/app_settings/database/host", mod_name );
155         char* port   = osrf_settings_host_value( "/apps/%s/app_settings/database/port", mod_name );
156         char* db     = osrf_settings_host_value( "/apps/%s/app_settings/database/db", mod_name );
157         char* pw     = osrf_settings_host_value( "/apps/%s/app_settings/database/pw", mod_name );
158
159         osrfLogDebug( OSRF_LOG_MARK, "Attempting to load the database driver [%s]...", driver );
160         dbi_conn handle = dbi_conn_new( driver );
161
162         if( !handle ) {
163                 osrfLogError( OSRF_LOG_MARK, "Error loading database driver [%s]", driver );
164                 return NULL;
165         }
166         osrfLogDebug( OSRF_LOG_MARK, "Database driver [%s] seems OK", driver );
167
168         osrfLogInfo(OSRF_LOG_MARK, "%s connecting to database.  host=%s, "
169                 "port=%s, user=%s, db=%s", mod_name, host, port, user, db );
170
171         if( host ) dbi_conn_set_option( handle, "host", host );
172         if( port ) dbi_conn_set_option_numeric( handle, "port", atoi( port ));
173         if( user ) dbi_conn_set_option( handle, "username", user );
174         if( pw )   dbi_conn_set_option( handle, "password", pw );
175         if( db )   dbi_conn_set_option( handle, "dbname", db );
176
177         free( user );
178         free( host );
179         free( port );
180         free( db );
181         free( pw );
182
183         if( dbi_conn_connect( handle ) < 0 ) {
184                 sleep( 1 );
185                 if( dbi_conn_connect( handle ) < 0 ) {
186                         const char* errmsg;
187                         dbi_conn_error( handle, &errmsg );
188                         osrfLogError( OSRF_LOG_MARK, "Error connecting to database: %s", errmsg );
189                         return NULL;
190                 }
191         }
192
193         osrfLogInfo( OSRF_LOG_MARK, "%s successfully connected to the database", mod_name );
194
195         return handle;
196 }
197
198 /**
199         @brief Select some options.
200         @param module_name: Name of the server.
201         @param do_pcrud: Boolean.  True if we are to enforce PCRUD permissions.
202
203         This source file is used (at this writing) to implement three different servers:
204         - open-ils.reporter-store
205         - open-ils.pcrud
206         - open-ils.cstore
207
208         These servers behave mostly the same, but they implement different combinations of
209         methods, and open-ils.pcrud enforces a permissions scheme that the other two don't.
210
211         Here we use the server name in messages to identify which kind of server issued them.
212         We use do_crud as a boolean to control whether or not to enforce the permissions scheme.
213 */
214 void oilsSetSQLOptions( const char* module_name, int do_pcrud, int flesh_depth ) {
215         if( !module_name )
216                 module_name = "open-ils.cstore";   // bulletproofing with a default
217
218         if( modulename )
219                 free( modulename );
220
221         modulename = strdup( module_name );
222         enforce_pcrud = do_pcrud;
223         max_flesh_depth = flesh_depth;
224 }
225
226 /**
227         @brief Install a database connection.
228         @param conn Pointer to a database connection.
229
230         In some contexts, @a conn may merely provide a driver so that we can process strings
231         properly, without providing an open database connection.
232 */
233 void oilsSetDBConnection( dbi_conn conn ) {
234         dbhandle = writehandle = conn;
235 }
236
237 /**
238         @brief Get a table name, view name, or subquery for use in a FROM clause.
239         @param class Pointer to the IDL class entry.
240         @return A table name, a view name, or a subquery in parentheses.
241
242         In some cases the IDL defines a class, not with a table name or a view name, but with
243         a SELECT statement, which may be used as a subquery.
244 */
245 char* oilsGetRelation( osrfHash* classdef ) {
246
247         char* source_def = NULL;
248         const char* tabledef = osrfHashGet( classdef, "tablename" );
249
250         if( tabledef ) {
251                 source_def = strdup( tabledef );   // Return the name of a table or view
252         } else {
253                 tabledef = osrfHashGet( classdef, "source_definition" );
254                 if( tabledef ) {
255                         // Return a subquery, enclosed in parentheses
256                         source_def = safe_malloc( strlen( tabledef ) + 3 );
257                         source_def[ 0 ] = '(';
258                         strcpy( source_def + 1, tabledef );
259                         strcat( source_def, ")" );
260                 } else {
261                         // Not found: return an error
262                         const char* classname = osrfHashGet( classdef, "classname" );
263                         if( !classname )
264                                 classname = "???";
265                         osrfLogError(
266                                 OSRF_LOG_MARK,
267                                 "%s ERROR No tablename or source_definition for class \"%s\"",
268                                 modulename,
269                                 classname
270                         );
271                 }
272         }
273
274         return source_def;
275 }
276
277 /**
278         @brief Add datatypes from the database to the fields in the IDL.
279         @param handle Handle for a database connection
280         @return Zero if successful, or 1 upon error.
281
282         For each relevant class in the IDL: ask the database for the datatype of every field.
283         In particular, determine which fields are text fields and which fields are numeric
284         fields, so that we know whether to enclose their values in quotes.
285 */
286 int oilsExtendIDL( dbi_conn handle ) {
287         osrfHashIterator* class_itr = osrfNewHashIterator( oilsIDL() );
288         osrfHash* class = NULL;
289         growing_buffer* query_buf = buffer_init( 64 );
290         int results_found = 0;   // boolean
291
292         // For each class in the IDL...
293         while( (class = osrfHashIteratorNext( class_itr ) ) ) {
294                 const char* classname = osrfHashIteratorKey( class_itr );
295                 osrfHash* fields = osrfHashGet( class, "fields" );
296
297                 // If the class is virtual, ignore it
298                 if( str_is_true( osrfHashGet(class, "virtual") ) ) {
299                         osrfLogDebug(OSRF_LOG_MARK, "Class %s is virtual, skipping", classname );
300                         continue;
301                 }
302
303                 char* tabledef = oilsGetRelation( class );
304                 if( !tabledef )
305                         continue;   // No such relation -- a query of it would be doomed to failure
306
307                 buffer_reset( query_buf );
308                 buffer_fadd( query_buf, "SELECT * FROM %s AS x WHERE 1=0;", tabledef );
309
310                 free(tabledef );
311
312                 osrfLogDebug( OSRF_LOG_MARK, "%s Investigatory SQL = %s",
313                                 modulename, OSRF_BUFFER_C_STR( query_buf ) );
314
315                 dbi_result result = dbi_conn_query( handle, OSRF_BUFFER_C_STR( query_buf ) );
316                 if( result ) {
317
318                         results_found = 1;
319                         int columnIndex = 1;
320                         const char* columnName;
321                         while( (columnName = dbi_result_get_field_name(result, columnIndex)) ) {
322
323                                 osrfLogInternal( OSRF_LOG_MARK, "Looking for column named [%s]...",
324                                                 columnName );
325
326                                 /* fetch the fieldmapper index */
327                                 osrfHash* _f = osrfHashGet(fields, columnName);
328                                 if( _f ) {
329
330                                         osrfLogDebug(OSRF_LOG_MARK, "Found [%s] in IDL hash...", columnName);
331
332                                         /* determine the field type and storage attributes */
333
334                                         switch( dbi_result_get_field_type_idx( result, columnIndex )) {
335
336                                                 case DBI_TYPE_INTEGER : {
337
338                                                         if( !osrfHashGet(_f, "primitive") )
339                                                                 osrfHashSet(_f, "number", "primitive");
340
341                                                         int attr = dbi_result_get_field_attribs_idx( result, columnIndex );
342                                                         if( attr & DBI_INTEGER_SIZE8 )
343                                                                 osrfHashSet( _f, "INT8", "datatype" );
344                                                         else
345                                                                 osrfHashSet( _f, "INT", "datatype" );
346                                                         break;
347                                                 }
348                                                 case DBI_TYPE_DECIMAL :
349                                                         if( !osrfHashGet( _f, "primitive" ))
350                                                                 osrfHashSet( _f, "number", "primitive" );
351
352                                                         osrfHashSet( _f, "NUMERIC", "datatype" );
353                                                         break;
354
355                                                 case DBI_TYPE_STRING :
356                                                         if( !osrfHashGet( _f, "primitive" ))
357                                                                 osrfHashSet( _f, "string", "primitive" );
358
359                                                         osrfHashSet( _f,"TEXT", "datatype" );
360                                                         break;
361
362                                                 case DBI_TYPE_DATETIME :
363                                                         if( !osrfHashGet( _f, "primitive" ))
364                                                                 osrfHashSet( _f, "string", "primitive" );
365
366                                                         osrfHashSet( _f, "TIMESTAMP", "datatype" );
367                                                         break;
368
369                                                 case DBI_TYPE_BINARY :
370                                                         if( !osrfHashGet( _f, "primitive" ))
371                                                                 osrfHashSet( _f, "string", "primitive" );
372
373                                                         osrfHashSet( _f, "BYTEA", "datatype" );
374                                         }
375
376                                         osrfLogDebug(
377                                                 OSRF_LOG_MARK,
378                                                 "Setting [%s] to primitive [%s] and datatype [%s]...",
379                                                 columnName,
380                                                 osrfHashGet( _f, "primitive" ),
381                                                 osrfHashGet( _f, "datatype" )
382                                         );
383                                 }
384                                 ++columnIndex;
385                         } // end while loop for traversing columns of result
386                         dbi_result_free( result  );
387                 } else {
388                         osrfLogDebug( OSRF_LOG_MARK, "No data found for class [%s]...", classname );
389                 }
390         } // end for each class in IDL
391
392         buffer_free( query_buf );
393         osrfHashIteratorFree( class_itr );
394         child_initialized = 1;
395
396         if( !results_found ) {
397                 osrfLogError( OSRF_LOG_MARK,
398                         "No results found for any class -- bad database connection?" );
399                 return 1;
400         }
401         else
402                 return 0;
403 }
404
405 /**
406         @brief Free an osrfHash that stores a transaction ID.
407         @param blob A pointer to the osrfHash to be freed, cast to a void pointer.
408
409         This function is a callback, to be called by the application session when it ends.
410         The application session stores the osrfHash via an opaque pointer.
411
412         If the osrfHash contains an entry for the key "xact_id", it means that an
413         uncommitted transaction is pending.  Roll it back.
414 */
415 void userDataFree( void* blob ) {
416         osrfHash* hash = (osrfHash*) blob;
417         if( osrfHashGet( hash, "xact_id" ) && writehandle )
418                 dbi_conn_query( writehandle, "ROLLBACK;" );
419
420         osrfHashFree( hash );
421 }
422
423 /**
424         @name Managing session data
425         @brief Maintain data stored via the userData pointer of the application session.
426
427         Currently, session-level data is stored in an osrfHash.  Other arrangements are
428         possible, and some would be more efficient.  The application session calls a
429         callback function to free userData before terminating.
430
431         Currently, the only data we store at the session level is the transaction id.  By this
432         means we can ensure that any pending transactions are rolled back before the application
433         session terminates.
434 */
435 /*@{*/
436
437 /**
438         @brief Free an item in the application session's userData.
439         @param key The name of a key for an osrfHash.
440         @param item An opaque pointer to the item associated with the key.
441
442         We store an osrfHash as userData with the application session, and arrange (by
443         installing userDataFree() as a different callback) for the session to free that
444         osrfHash before terminating.
445
446         This function is a callback for freeing items in the osrfHash.  Currently we store
447         two things:
448         - Transaction id of a pending transaction; a character string.  Key: "xact_id".
449         - Authkey; a character string.  Key: "authkey".
450         - User object from the authentication server; a jsonObject.  Key: "user_login".
451
452         If we ever store anything else in userData, we will need to revisit this function so
453         that it will free whatever else needs freeing.
454 */
455 static void sessionDataFree( char* key, void* item ) {
456         if( !strcmp( key, "xact_id" )
457              || !strcmp( key, "authkey" ) ) {
458                 free( item );
459         } else if( !strcmp( key, "user_login" ) )
460                 jsonObjectFree( (jsonObject*) item );
461 }
462
463 /**
464         @brief Save a transaction id.
465         @param ctx Pointer to the method context.
466
467         Save the session_id of the current application session as a transaction id.
468 */
469 static void setXactId( osrfMethodContext* ctx ) {
470         if( ctx && ctx->session ) {
471                 osrfAppSession* session = ctx->session;
472
473                 osrfHash* cache = session->userData;
474
475                 // If the session doesn't already have a hash, create one.  Make sure
476                 // that the application session frees the hash when it terminates.
477                 if( NULL == cache ) {
478                         session->userData = cache = osrfNewHash();
479                         osrfHashSetCallback( cache, &sessionDataFree );
480                         ctx->session->userDataFree = &userDataFree;
481                 }
482
483                 // Save the transaction id in the hash, with the key "xact_id"
484                 osrfHashSet( cache, strdup( session->session_id ), "xact_id" );
485         }
486 }
487
488 /**
489         @brief Get the transaction ID for the current transaction, if any.
490         @param ctx Pointer to the method context.
491         @return Pointer to the transaction ID.
492
493         The return value points to an internal buffer, and will become invalid upon issuing
494         a commit or rollback.
495 */
496 static inline const char* getXactId( osrfMethodContext* ctx ) {
497         if( ctx && ctx->session && ctx->session->userData )
498                 return osrfHashGet( (osrfHash*) ctx->session->userData, "xact_id" );
499         else
500                 return NULL;
501 }
502
503 /**
504         @brief Clear the current transaction id.
505         @param ctx Pointer to the method context.
506 */
507 static inline void clearXactId( osrfMethodContext* ctx ) {
508         if( ctx && ctx->session && ctx->session->userData )
509                 osrfHashRemove( ctx->session->userData, "xact_id" );
510 }
511 /*@}*/
512
513 /**
514         @brief Save the user's login in the userData for the current application session.
515         @param ctx Pointer to the method context.
516         @param user_login Pointer to the user login object to be cached (we cache the original,
517         not a copy of it).
518
519         If @a user_login is NULL, remove the user login if one is already cached.
520 */
521 static void setUserLogin( osrfMethodContext* ctx, jsonObject* user_login ) {
522         if( ctx && ctx->session ) {
523                 osrfAppSession* session = ctx->session;
524
525                 osrfHash* cache = session->userData;
526
527                 // If the session doesn't already have a hash, create one.  Make sure
528                 // that the application session frees the hash when it terminates.
529                 if( NULL == cache ) {
530                         session->userData = cache = osrfNewHash();
531                         osrfHashSetCallback( cache, &sessionDataFree );
532                         ctx->session->userDataFree = &userDataFree;
533                 }
534
535                 if( user_login )
536                         osrfHashSet( cache, user_login, "user_login" );
537                 else
538                         osrfHashRemove( cache, "user_login" );
539         }
540 }
541
542 /**
543         @brief Get the user login object for the current application session, if any.
544         @param ctx Pointer to the method context.
545         @return Pointer to the user login object if found; otherwise NULL.
546
547         The user login object was returned from the authentication server, and then cached so
548         we don't have to call the authentication server again for the same user.
549 */
550 static const jsonObject* getUserLogin( osrfMethodContext* ctx ) {
551         if( ctx && ctx->session && ctx->session->userData )
552                 return osrfHashGet( (osrfHash*) ctx->session->userData, "user_login" );
553         else
554                 return NULL;
555 }
556
557 /**
558         @brief Save a copy of an authkey in the userData of the current application session.
559         @param ctx Pointer to the method context.
560         @param authkey The authkey to be saved.
561
562         If @a authkey is NULL, remove the authkey if one is already cached.
563 */
564 static void setAuthkey( osrfMethodContext* ctx, const char* authkey ) {
565         if( ctx && ctx->session && authkey ) {
566                 osrfAppSession* session = ctx->session;
567                 osrfHash* cache = session->userData;
568
569                 // If the session doesn't already have a hash, create one.  Make sure
570                 // that the application session frees the hash when it terminates.
571                 if( NULL == cache ) {
572                         session->userData = cache = osrfNewHash();
573                         osrfHashSetCallback( cache, &sessionDataFree );
574                         ctx->session->userDataFree = &userDataFree;
575                 }
576
577                 // Save the transaction id in the hash, with the key "xact_id"
578                 if( authkey && *authkey )
579                         osrfHashSet( cache, strdup( authkey ), "authkey" );
580                 else
581                         osrfHashRemove( cache, "authkey" );
582         }
583 }
584
585 /**
586         @brief Reset the login timeout.
587         @param authkey The authentication key for the current login session.
588         @param now The current time.
589         @return Zero if successful, or 1 if not.
590
591         Tell the authentication server to reset the timeout so that the login session won't
592         expire for a while longer.
593
594         We could dispense with the @a now parameter by calling time().  But we just called
595         time() in order to decide whether to reset the timeout, so we might as well reuse
596         the result instead of calling time() again.
597 */
598 static int reset_timeout( const char* authkey, time_t now ) {
599         jsonObject* auth_object = jsonNewObject( authkey );
600
601         // Ask the authentication server to reset the timeout.  It returns an event
602         // indicating success or failure.
603         jsonObject* result = oilsUtilsQuickReq( "open-ils.auth",
604                 "open-ils.auth.session.reset_timeout", auth_object );
605         jsonObjectFree( auth_object );
606
607         if( !result || result->type != JSON_HASH ) {
608                 osrfLogError( OSRF_LOG_MARK,
609                          "Unexpected object type receieved from open-ils.auth.session.reset_timeout" );
610                 jsonObjectFree( result );
611                 return 1;       // Not the right sort of object returned
612         }
613
614         const jsonObject* ilsevent = jsonObjectGetKey( result, "ilsevent" );
615         if( !ilsevent || ilsevent->type != JSON_NUMBER ) {
616                 osrfLogError( OSRF_LOG_MARK, "ilsevent is absent or malformed" );
617                 jsonObjectFree( result );
618                 return 1;    // Return code from method not available
619         }
620
621         if( jsonObjectGetNumber( ilsevent ) != 0.0 ) {
622                 const char* desc = jsonObjectGetString( jsonObjectGetKey( result, "desc" ) );
623                 if( !desc )
624                         desc = "(No reason available)";    // failsafe; shouldn't happen
625                 osrfLogInfo( OSRF_LOG_MARK, "Failure to reset timeout: %s", desc );
626                 jsonObjectFree( result );
627                 return 1;
628         }
629
630         // Revise our local proxy for the timeout deadline
631         // by a smallish fraction of the timeout interval
632         const char* timeout = jsonObjectGetString( jsonObjectGetKey( result, "payload" ) );
633         if( !timeout )
634                 timeout = "1";   // failsafe; shouldn't happen
635         time_next_reset = now + atoi( timeout ) / 15;
636
637         jsonObjectFree( result );
638         return 0;     // Successfully reset timeout
639 }
640
641 /**
642         @brief Get the authkey string for the current application session, if any.
643         @param ctx Pointer to the method context.
644         @return Pointer to the cached authkey if found; otherwise NULL.
645
646         If present, the authkey string was cached from a previous method call.
647 */
648 static const char* getAuthkey( osrfMethodContext* ctx ) {
649         if( ctx && ctx->session && ctx->session->userData ) {
650                 const char* authkey = osrfHashGet( (osrfHash*) ctx->session->userData, "authkey" );
651
652                 // Possibly reset the authentication timeout to keep the login alive.  We do so
653                 // no more than once per method call, and not at all if it has been only a short
654                 // time since the last reset.
655
656                 // Here we reset explicitly, if at all.  We also implicitly reset the timeout
657                 // whenever we call the "open-ils.auth.session.retrieve" method.
658                 if( timeout_needs_resetting ) {
659                         time_t now = time( NULL );
660                         if( now >= time_next_reset && reset_timeout( authkey, now ) )
661                                 authkey = NULL;    // timeout has apparently expired already
662                 }
663
664                 timeout_needs_resetting = 0;
665                 return authkey;
666         }
667         else
668                 return NULL;
669 }
670
671 /**
672         @brief Implement the transaction.begin method.
673         @param ctx Pointer to the method context.
674         @return Zero if successful, or -1 upon error.
675
676         Start a transaction.  Save a transaction ID for future reference.
677
678         Method parameters:
679         - authkey (PCRUD only)
680
681         Return to client: Transaction ID
682 */
683 int beginTransaction( osrfMethodContext* ctx ) {
684         if(osrfMethodVerifyContext( ctx )) {
685                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
686                 return -1;
687         }
688
689         if( enforce_pcrud ) {
690                 timeout_needs_resetting = 1;
691                 const jsonObject* user = verifyUserPCRUD( ctx );
692                 if( !user )
693                         return -1;
694         }
695
696         dbi_result result = dbi_conn_query( writehandle, "START TRANSACTION;" );
697         if( !result ) {
698                 osrfLogError( OSRF_LOG_MARK, "%s: Error starting transaction", modulename );
699                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
700                                 "osrfMethodException", ctx->request, "Error starting transaction" );
701                 return -1;
702         } else {
703                 setXactId( ctx );
704                 jsonObject* ret = jsonNewObject( getXactId( ctx ) );
705                 osrfAppRespondComplete( ctx, ret );
706                 jsonObjectFree( ret );
707         }
708         return 0;
709 }
710
711 /**
712         @brief Implement the savepoint.set method.
713         @param ctx Pointer to the method context.
714         @return Zero if successful, or -1 if not.
715
716         Issue a SAVEPOINT to the database server.
717
718         Method parameters:
719         - authkey (PCRUD only)
720         - savepoint name
721
722         Return to client: Savepoint name
723 */
724 int setSavepoint( osrfMethodContext* ctx ) {
725         if(osrfMethodVerifyContext( ctx )) {
726                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
727                 return -1;
728         }
729
730         int spNamePos = 0;
731         if( enforce_pcrud ) {
732                 spNamePos = 1;
733                 timeout_needs_resetting = 1;
734                 const jsonObject* user = verifyUserPCRUD( ctx );
735                 if( !user )
736                         return -1;
737         }
738
739         // Verify that a transaction is pending
740         const char* trans_id = getXactId( ctx );
741         if( NULL == trans_id ) {
742                 osrfAppSessionStatus(
743                         ctx->session,
744                         OSRF_STATUS_INTERNALSERVERERROR,
745                         "osrfMethodException",
746                         ctx->request,
747                         "No active transaction -- required for savepoints"
748                 );
749                 return -1;
750         }
751
752         // Get the savepoint name from the method params
753         const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
754
755         dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", spName );
756         if( !result ) {
757                 osrfLogError(
758                         OSRF_LOG_MARK,
759                         "%s: Error creating savepoint %s in transaction %s",
760                         modulename,
761                         spName,
762                         trans_id
763                 );
764                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
765                                 "osrfMethodException", ctx->request, "Error creating savepoint" );
766                 return -1;
767         } else {
768                 jsonObject* ret = jsonNewObject( spName );
769                 osrfAppRespondComplete( ctx, ret );
770                 jsonObjectFree( ret  );
771         }
772         return 0;
773 }
774
775 /**
776         @brief Implement the savepoint.release method.
777         @param ctx Pointer to the method context.
778         @return Zero if successful, or -1 if not.
779
780         Issue a RELEASE SAVEPOINT to the database server.
781
782         Method parameters:
783         - authkey (PCRUD only)
784         - savepoint name
785
786         Return to client: Savepoint name
787 */
788 int releaseSavepoint( osrfMethodContext* ctx ) {
789         if(osrfMethodVerifyContext( ctx )) {
790                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
791                 return -1;
792         }
793
794         int spNamePos = 0;
795         if( enforce_pcrud ) {
796                 spNamePos = 1;
797                 timeout_needs_resetting = 1;
798                 const jsonObject* user = verifyUserPCRUD( ctx );
799                 if(  !user )
800                         return -1;
801         }
802
803         // Verify that a transaction is pending
804         const char* trans_id = getXactId( ctx );
805         if( NULL == trans_id ) {
806                 osrfAppSessionStatus(
807                         ctx->session,
808                         OSRF_STATUS_INTERNALSERVERERROR,
809                         "osrfMethodException",
810                         ctx->request,
811                         "No active transaction -- required for savepoints"
812                 );
813                 return -1;
814         }
815
816         // Get the savepoint name from the method params
817         const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
818
819         dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", spName );
820         if( !result ) {
821                 osrfLogError(
822                         OSRF_LOG_MARK,
823                         "%s: Error releasing savepoint %s in transaction %s",
824                         modulename,
825                         spName,
826                         trans_id
827                 );
828                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
829                                 "osrfMethodException", ctx->request, "Error releasing savepoint" );
830                 return -1;
831         } else {
832                 jsonObject* ret = jsonNewObject( spName );
833                 osrfAppRespondComplete( ctx, ret );
834                 jsonObjectFree( ret );
835         }
836         return 0;
837 }
838
839 /**
840         @brief Implement the savepoint.rollback method.
841         @param ctx Pointer to the method context.
842         @return Zero if successful, or -1 if not.
843
844         Issue a ROLLBACK TO SAVEPOINT to the database server.
845
846         Method parameters:
847         - authkey (PCRUD only)
848         - savepoint name
849
850         Return to client: Savepoint name
851 */
852 int rollbackSavepoint( osrfMethodContext* ctx ) {
853         if(osrfMethodVerifyContext( ctx )) {
854                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
855                 return -1;
856         }
857
858         int spNamePos = 0;
859         if( enforce_pcrud ) {
860                 spNamePos = 1;
861                 timeout_needs_resetting = 1;
862                 const jsonObject* user = verifyUserPCRUD( ctx );
863                 if( !user )
864                         return -1;
865         }
866
867         // Verify that a transaction is pending
868         const char* trans_id = getXactId( ctx );
869         if( NULL == trans_id ) {
870                 osrfAppSessionStatus(
871                         ctx->session,
872                         OSRF_STATUS_INTERNALSERVERERROR,
873                         "osrfMethodException",
874                         ctx->request,
875                         "No active transaction -- required for savepoints"
876                 );
877                 return -1;
878         }
879
880         // Get the savepoint name from the method params
881         const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
882
883         dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName );
884         if( !result ) {
885                 osrfLogError(
886                         OSRF_LOG_MARK,
887                         "%s: Error rolling back savepoint %s in transaction %s",
888                         modulename,
889                         spName,
890                         trans_id
891                 );
892                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
893                                 "osrfMethodException", ctx->request, "Error rolling back savepoint" );
894                 return -1;
895         } else {
896                 jsonObject* ret = jsonNewObject( spName );
897                 osrfAppRespondComplete( ctx, ret );
898                 jsonObjectFree( ret );
899         }
900         return 0;
901 }
902
903 /**
904         @brief Implement the transaction.commit method.
905         @param ctx Pointer to the method context.
906         @return Zero if successful, or -1 if not.
907
908         Issue a COMMIT to the database server.
909
910         Method parameters:
911         - authkey (PCRUD only)
912
913         Return to client: Transaction ID.
914 */
915 int commitTransaction( osrfMethodContext* ctx ) {
916         if(osrfMethodVerifyContext( ctx )) {
917                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
918                 return -1;
919         }
920
921         if( enforce_pcrud ) {
922                 timeout_needs_resetting = 1;
923                 const jsonObject* user = verifyUserPCRUD( ctx );
924                 if( !user )
925                         return -1;
926         }
927
928         // Verify that a transaction is pending
929         const char* trans_id = getXactId( ctx );
930         if( NULL == trans_id ) {
931                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
932                                 "osrfMethodException", ctx->request, "No active transaction to commit" );
933                 return -1;
934         }
935
936         dbi_result result = dbi_conn_query( writehandle, "COMMIT;" );
937         if( !result ) {
938                 osrfLogError( OSRF_LOG_MARK, "%s: Error committing transaction", modulename );
939                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
940                                 "osrfMethodException", ctx->request, "Error committing transaction" );
941                 return -1;
942         } else {
943                 jsonObject* ret = jsonNewObject( trans_id );
944                 osrfAppRespondComplete( ctx, ret );
945                 jsonObjectFree( ret );
946                 clearXactId( ctx );
947         }
948         return 0;
949 }
950
951 /**
952         @brief Implement the transaction.rollback method.
953         @param ctx Pointer to the method context.
954         @return Zero if successful, or -1 if not.
955
956         Issue a ROLLBACK to the database server.
957
958         Method parameters:
959         - authkey (PCRUD only)
960
961         Return to client: Transaction ID
962 */
963 int rollbackTransaction( osrfMethodContext* ctx ) {
964         if( osrfMethodVerifyContext( ctx )) {
965                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
966                 return -1;
967         }
968
969         if( enforce_pcrud ) {
970                 timeout_needs_resetting = 1;
971                 const jsonObject* user = verifyUserPCRUD( ctx );
972                 if( !user )
973                         return -1;
974         }
975
976         // Verify that a transaction is pending
977         const char* trans_id = getXactId( ctx );
978         if( NULL == trans_id ) {
979                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
980                                 "osrfMethodException", ctx->request, "No active transaction to roll back" );
981                 return -1;
982         }
983
984         dbi_result result = dbi_conn_query( writehandle, "ROLLBACK;" );
985         if( !result ) {
986                 osrfLogError( OSRF_LOG_MARK, "%s: Error rolling back transaction", modulename );
987                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
988                                 "osrfMethodException", ctx->request, "Error rolling back transaction" );
989                 return -1;
990         } else {
991                 jsonObject* ret = jsonNewObject( trans_id );
992                 osrfAppRespondComplete( ctx, ret );
993                 jsonObjectFree( ret );
994                 clearXactId( ctx );
995         }
996         return 0;
997 }
998
999 /**
1000         @brief Implement the "search" method.
1001         @param ctx Pointer to the method context.
1002         @return Zero if successful, or -1 if not.
1003
1004         Method parameters:
1005         - authkey (PCRUD only)
1006         - WHERE clause, as jsonObject
1007         - Other SQL clause(s), as a JSON_HASH: joins, SELECT list, LIMIT, etc.
1008
1009         Return to client: rows of the specified class that satisfy a specified WHERE clause.
1010         Optionally flesh linked fields.
1011 */
1012 int doSearch( osrfMethodContext* ctx ) {
1013         if( osrfMethodVerifyContext( ctx )) {
1014                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
1015                 return -1;
1016         }
1017
1018         if( enforce_pcrud )
1019                 timeout_needs_resetting = 1;
1020
1021         jsonObject* where_clause;
1022         jsonObject* rest_of_query;
1023
1024         if( enforce_pcrud ) {
1025                 where_clause  = jsonObjectGetIndex( ctx->params, 1 );
1026                 rest_of_query = jsonObjectGetIndex( ctx->params, 2 );
1027         } else {
1028                 where_clause  = jsonObjectGetIndex( ctx->params, 0 );
1029                 rest_of_query = jsonObjectGetIndex( ctx->params, 1 );
1030         }
1031
1032         // Get the class metadata
1033         osrfHash* method_meta = (osrfHash*) ctx->method->userData;
1034         osrfHash* class_meta = osrfHashGet( method_meta, "class" );
1035
1036         // Do the query
1037         int err = 0;
1038         jsonObject* obj = doFieldmapperSearch( ctx, class_meta, where_clause, rest_of_query, &err );
1039         if( err ) {
1040                 osrfAppRespondComplete( ctx, NULL );
1041                 return -1;
1042         }
1043
1044         // Return each row to the client (except that some may be suppressed by PCRUD)
1045         jsonObject* cur = 0;
1046         unsigned long res_idx = 0;
1047         while((cur = jsonObjectGetIndex( obj, res_idx++ ) )) {
1048                 if( enforce_pcrud && !verifyObjectPCRUD( ctx, cur ))
1049                         continue;
1050                 osrfAppRespond( ctx, cur );
1051         }
1052         jsonObjectFree( obj );
1053
1054         osrfAppRespondComplete( ctx, NULL );
1055         return 0;
1056 }
1057
1058 /**
1059         @brief Implement the "id_list" method.
1060         @param ctx Pointer to the method context.
1061         @param err Pointer through which to return an error code.
1062         @return Zero if successful, or -1 if not.
1063
1064         Method parameters:
1065         - authkey (PCRUD only)
1066         - WHERE clause, as jsonObject
1067         - Other SQL clause(s), as a JSON_HASH: joins, LIMIT, etc.
1068
1069         Return to client: The primary key values for all rows of the relevant class that
1070         satisfy a specified WHERE clause.
1071
1072         This method relies on the assumption that every class has a primary key consisting of
1073         a single column.
1074 */
1075 int doIdList( osrfMethodContext* ctx ) {
1076         if( osrfMethodVerifyContext( ctx )) {
1077                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
1078                 return -1;
1079         }
1080
1081         if( enforce_pcrud )
1082                 timeout_needs_resetting = 1;
1083
1084         jsonObject* where_clause;
1085         jsonObject* rest_of_query;
1086
1087         // We use the where clause without change.  But we need to massage the rest of the
1088         // query, so we work with a copy of it instead of modifying the original.
1089
1090         if( enforce_pcrud ) {
1091                 where_clause  = jsonObjectGetIndex( ctx->params, 1 );
1092                 rest_of_query = jsonObjectClone( jsonObjectGetIndex( ctx->params, 2 ) );
1093         } else {
1094                 where_clause  = jsonObjectGetIndex( ctx->params, 0 );
1095                 rest_of_query = jsonObjectClone( jsonObjectGetIndex( ctx->params, 1 ) );
1096         }
1097
1098         // Eliminate certain SQL clauses, if present.
1099         if( rest_of_query ) {
1100                 jsonObjectRemoveKey( rest_of_query, "select" );
1101                 jsonObjectRemoveKey( rest_of_query, "no_i18n" );
1102                 jsonObjectRemoveKey( rest_of_query, "flesh" );
1103                 jsonObjectRemoveKey( rest_of_query, "flesh_fields" );
1104         } else {
1105                 rest_of_query = jsonNewObjectType( JSON_HASH );
1106         }
1107
1108         jsonObjectSetKey( rest_of_query, "no_i18n", jsonNewBoolObject( 1 ) );
1109
1110         // Get the class metadata
1111         osrfHash* method_meta = (osrfHash*) ctx->method->userData;
1112         osrfHash* class_meta = osrfHashGet( method_meta, "class" );
1113
1114         // Build a SELECT list containing just the primary key,
1115         // i.e. like { "classname":["keyname"] }
1116         jsonObject* col_list_obj = jsonNewObjectType( JSON_ARRAY );
1117
1118         // Load array with name of primary key
1119         jsonObjectPush( col_list_obj, jsonNewObject( osrfHashGet( class_meta, "primarykey" ) ) );
1120         jsonObject* select_clause = jsonNewObjectType( JSON_HASH );
1121         jsonObjectSetKey( select_clause, osrfHashGet( class_meta, "classname" ), col_list_obj );
1122
1123         jsonObjectSetKey( rest_of_query, "select", select_clause );
1124
1125         // Do the query
1126         int err = 0;
1127         jsonObject* obj =
1128                 doFieldmapperSearch( ctx, class_meta, where_clause, rest_of_query, &err );
1129
1130         jsonObjectFree( rest_of_query );
1131         if( err ) {
1132                 osrfAppRespondComplete( ctx, NULL );
1133                 return -1;
1134         }
1135
1136         // Return each primary key value to the client
1137         jsonObject* cur;
1138         unsigned long res_idx = 0;
1139         while((cur = jsonObjectGetIndex( obj, res_idx++ ) )) {
1140                 if( enforce_pcrud && !verifyObjectPCRUD( ctx, cur ))
1141                         continue;        // Suppress due to lack of permission
1142                 else
1143                         osrfAppRespond( ctx,
1144                                 oilsFMGetObject( cur, osrfHashGet( class_meta, "primarykey" ) ) );
1145         }
1146
1147         jsonObjectFree( obj );
1148         osrfAppRespondComplete( ctx, NULL );
1149         return 0;
1150 }
1151
1152 /**
1153         @brief Verify that we have a valid class reference.
1154         @param ctx Pointer to the method context.
1155         @param param Pointer to the method parameters.
1156         @return 1 if the class reference is valid, or zero if it isn't.
1157
1158         The class of the method params must match the class to which the method id devoted.
1159         For PCRUD there are additional restrictions.
1160 */
1161 static int verifyObjectClass ( osrfMethodContext* ctx, const jsonObject* param ) {
1162
1163         osrfHash* method_meta = (osrfHash*) ctx->method->userData;
1164         osrfHash* class = osrfHashGet( method_meta, "class" );
1165
1166         // Compare the method's class to the parameters' class
1167         if( !param->classname || (strcmp( osrfHashGet(class, "classname"), param->classname ))) {
1168
1169                 // Oops -- they don't match.  Complain.
1170                 growing_buffer* msg = buffer_init( 128 );
1171                 buffer_fadd(
1172                         msg,
1173                         "%s: %s method for type %s was passed a %s",
1174                         modulename,
1175                         osrfHashGet( method_meta, "methodtype" ),
1176                         osrfHashGet( class, "classname" ),
1177                         param->classname ? param->classname : "(null)"
1178                 );
1179
1180                 char* m = buffer_release( msg );
1181                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_BADREQUEST, "osrfMethodException",
1182                                 ctx->request, m );
1183                 free( m );
1184
1185                 return 0;
1186         }
1187
1188         if( enforce_pcrud )
1189                 return verifyObjectPCRUD( ctx, param );
1190         else
1191                 return 1;
1192 }
1193
1194 /**
1195         @brief (PCRUD only) Verify that the user is properly logged in.
1196         @param ctx Pointer to the method context.
1197         @return If the user is logged in, a pointer to the user object from the authentication
1198         server; otherwise NULL.
1199 */
1200 static const jsonObject* verifyUserPCRUD( osrfMethodContext* ctx ) {
1201
1202         // Get the authkey (the first method parameter)
1203         const char* auth = jsonObjectGetString( jsonObjectGetIndex( ctx->params, 0 ) );
1204
1205         // See if we have the same authkey, and a user object,
1206         // locally cached from a previous call
1207         const char* cached_authkey = getAuthkey( ctx );
1208         if( cached_authkey && !strcmp( cached_authkey, auth ) ) {
1209                 const jsonObject* cached_user = getUserLogin( ctx );
1210                 if( cached_user )
1211                         return cached_user;
1212         }
1213
1214         // We have no matching authentication data in the cache.  Authenticate from scratch.
1215         jsonObject* auth_object = jsonNewObject( auth );
1216
1217         // Fetch the user object from the authentication server
1218         jsonObject* user = oilsUtilsQuickReq( "open-ils.auth", "open-ils.auth.session.retrieve",
1219                         auth_object );
1220         jsonObjectFree( auth_object );
1221
1222         if( !user->classname || strcmp(user->classname, "au" )) {
1223
1224                 growing_buffer* msg = buffer_init( 128 );
1225                 buffer_fadd(
1226                         msg,
1227                         "%s: permacrud received a bad auth token: %s",
1228                         modulename,
1229                         auth
1230                 );
1231
1232                 char* m = buffer_release( msg );
1233                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_UNAUTHORIZED, "osrfMethodException",
1234                                 ctx->request, m );
1235
1236                 free( m );
1237                 jsonObjectFree( user );
1238                 user = NULL;
1239         }
1240
1241         setUserLogin( ctx, user );
1242         setAuthkey( ctx, auth );
1243
1244         // Allow ourselves up to a second before we have to reset the login timeout.
1245         // It would be nice to use some fraction of the timeout interval enforced by the
1246         // authentication server, but that value is not readily available at this point.
1247         // Instead, we use a conservative default interval.
1248         time_next_reset = time( NULL ) + 1;
1249
1250         return user;
1251 }
1252
1253 /**
1254         @brief For PCRUD: Determine whether the current user may access the current row.
1255         @param ctx Pointer to the method context.
1256         @param obj Pointer to the row being potentially accessed.
1257         @return 1 if access is permitted, or 0 if it isn't.
1258
1259         The @a obj parameter points to a JSON_HASH of column values, keyed on column name.
1260 */
1261 static int verifyObjectPCRUD (  osrfMethodContext* ctx, const jsonObject* obj ) {
1262
1263         dbhandle = writehandle;
1264
1265         // Figure out what class and method are involved
1266         osrfHash* method_metadata = (osrfHash*) ctx->method->userData;
1267         osrfHash* class = osrfHashGet( method_metadata, "class" );
1268         const char* method_type = osrfHashGet( method_metadata, "methodtype" );
1269
1270         // Set fetch to 1 in all cases except for inserts, meaning that for local or foreign
1271         // contexts we will do another lookup of the current row, even if we already have a
1272         // previously fetched row image, because the row image in hand may not include the
1273         // foreign key(s) that we need.
1274
1275         // This is a quick fix with a bludgeon.  There are ways to avoid the extra lookup,
1276         // but they aren't implemented yet.
1277
1278         int fetch = 0;
1279         if( *method_type == 's' || *method_type == 'i' ) {
1280                 method_type = "retrieve"; // search and id_list are equivalent to retrieve for this
1281                 fetch = 1;
1282         } else if( *method_type == 'u' || *method_type == 'd' ) {
1283                 fetch = 1; // MUST go to the db for the object for update and delete
1284         }
1285
1286         // Get the appropriate permacrud entry from the IDL, depending on method type
1287         osrfHash* pcrud = osrfHashGet( osrfHashGet( class, "permacrud" ), method_type );
1288         if( !pcrud ) {
1289                 // No permacrud for this method type on this class
1290
1291                 growing_buffer* msg = buffer_init( 128 );
1292                 buffer_fadd(
1293                         msg,
1294                         "%s: %s on class %s has no permacrud IDL entry",
1295                         modulename,
1296                         osrfHashGet( method_metadata, "methodtype" ),
1297                         osrfHashGet( class, "classname" )
1298                 );
1299
1300                 char* m = buffer_release( msg );
1301                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_FORBIDDEN,
1302                                 "osrfMethodException", ctx->request, m );
1303
1304                 free( m );
1305
1306                 return 0;
1307         }
1308
1309         // Get the user id, and make sure the user is logged in
1310         const jsonObject* user = verifyUserPCRUD( ctx );
1311         if( !user )
1312                 return 0;    // Not logged in?  No access.
1313
1314         int userid = atoi( oilsFMGetStringConst( user, "id" ) );
1315
1316         // Get a list of permissions from the permacrud entry.
1317         osrfStringArray* permission = osrfHashGet( pcrud, "permission" );
1318
1319         // Build a list of org units that own the row.  This is fairly convoluted because there
1320         // are several different ways that an org unit may own the row, as defined by the
1321         // permacrud entry.
1322
1323         // Local context means that the row includes a foreign key pointing to actor.org_unit,
1324         // identifying an owning org_unit..
1325         osrfStringArray* local_context = osrfHashGet( pcrud, "local_context" );
1326
1327         // Foreign context adds a layer of indirection.  The row points to some other row that
1328         // an org unit may own.  The "jump" attribute, if present, adds another layer of
1329         // indirection.
1330         osrfHash* foreign_context = osrfHashGet( pcrud, "foreign_context" );
1331
1332         // The following string array stores the list of org units.  (We don't have a thingie
1333         // for storing lists of integers, so we fake it with a list of strings.)
1334         osrfStringArray* context_org_array = osrfNewStringArray( 1 );
1335
1336         int err = 0;
1337         const char* pkey_value = NULL;
1338         if( str_is_true( osrfHashGet(pcrud, "global_required") ) ) {
1339                 // If the global_required attribute is present and true, then the only owning
1340                 // org unit is the root org unit, i.e. the one with no parent.
1341                 osrfLogDebug( OSRF_LOG_MARK,
1342                                 "global-level permissions required, fetching top of the org tree" );
1343
1344                 // check for perm at top of org tree
1345                 const char* org_tree_root_id = org_tree_root( ctx );
1346                 if( org_tree_root_id ) {
1347                         osrfStringArrayAdd( context_org_array, org_tree_root_id );
1348                         osrfLogDebug( OSRF_LOG_MARK, "top of the org tree is %s", org_tree_root_id );
1349                 } else  {
1350                         osrfStringArrayFree( context_org_array );
1351                         return 0;
1352                 }
1353
1354         } else {
1355                 // If the global_required attribute is absent or false, then we look for
1356                 // local and/or foreign context.  In order to find the relevant foreign
1357                 // keys, we must either read the relevant row from the database, or look at
1358                 // the image of the row that we already have in memory.
1359
1360                 // (Herein lies a bug.  Even if we have an image of the row in memory, that
1361                 // image may not include the foreign key column(s) that we need.)
1362
1363             osrfLogDebug( OSRF_LOG_MARK, "global-level permissions not required, "
1364                                 "fetching context org ids" );
1365             const char* pkey = osrfHashGet( class, "primarykey" );
1366                 jsonObject *param = NULL;
1367
1368                 if( obj->classname ) {
1369                         pkey_value = oilsFMGetStringConst( obj, pkey );
1370                         if( !fetch )
1371                                 param = jsonObjectClone( obj );
1372                         osrfLogDebug( OSRF_LOG_MARK, "Object supplied, using primary key value of %s",
1373                                         pkey_value );
1374                 } else {
1375                         pkey_value = jsonObjectGetString( obj );
1376                         fetch = 1;
1377                         osrfLogDebug( OSRF_LOG_MARK, "Object not supplied, using primary key value "
1378                                         "of %s and retrieving from the database", pkey_value );
1379                 }
1380
1381                 if( fetch ) {
1382                         // Fetch the row so that we can look at the foreign key(s)
1383                         jsonObject* _tmp_params = single_hash( pkey, pkey_value );
1384                         jsonObject* _list = doFieldmapperSearch( ctx, class, _tmp_params, NULL, &err );
1385                         jsonObjectFree( _tmp_params );
1386
1387                         param = jsonObjectExtractIndex( _list, 0 );
1388                         jsonObjectFree( _list );
1389                 }
1390
1391                 if( !param ) {
1392                         // The row doesn't exist.  Complain, and deny access.
1393                         osrfLogDebug( OSRF_LOG_MARK,
1394                                         "Object not found in the database with primary key %s of %s",
1395                                         pkey, pkey_value );
1396
1397                         growing_buffer* msg = buffer_init( 128 );
1398                         buffer_fadd(
1399                                 msg,
1400                                 "%s: no object found with primary key %s of %s",
1401                                 modulename,
1402                                 pkey,
1403                                 pkey_value
1404                         );
1405
1406                         char* m = buffer_release( msg );
1407                         osrfAppSessionStatus(
1408                                 ctx->session,
1409                                 OSRF_STATUS_INTERNALSERVERERROR,
1410                                 "osrfMethodException",
1411                                 ctx->request,
1412                                 m
1413                         );
1414
1415                         free( m );
1416                         return 0;
1417                 }
1418
1419                 if( local_context && local_context->size > 0 ) {
1420                         // The IDL provides a list of column names for the foreign keys denoting
1421                         // local context.  Look up the value of each one, and if it isn't null,
1422                         // add it to the list of org units.
1423                         osrfLogDebug( OSRF_LOG_MARK, "%d class-local context field(s) specified",
1424                                         local_context->size );
1425                         int i = 0;
1426                         const char* lcontext = NULL;
1427                         while ( (lcontext = osrfStringArrayGetString(local_context, i++)) ) {
1428                                 const char* fkey_value = oilsFMGetStringConst( param, lcontext );
1429                                 if( fkey_value ) {    // if not null
1430                                         osrfStringArrayAdd( context_org_array, fkey_value );
1431                                         osrfLogDebug(
1432                                                 OSRF_LOG_MARK,
1433                                                 "adding class-local field %s (value: %s) to the context org list",
1434                                                 lcontext,
1435                                                 osrfStringArrayGetString( context_org_array, context_org_array->size - 1 )
1436                                         );
1437                                 }
1438                         }
1439                 }
1440
1441                 if( foreign_context ) {
1442                         unsigned long class_count = osrfHashGetCount( foreign_context );
1443                         osrfLogDebug( OSRF_LOG_MARK, "%d foreign context classes(s) specified", class_count );
1444
1445                         if( class_count > 0 ) {
1446
1447                                 // The IDL provides a list of foreign key columns pointing to rows that
1448                                 // an org unit may own.  Follow each link, identify the owning org unit,
1449                                 // and add it to the list.
1450                                 osrfHash* fcontext = NULL;
1451                                 osrfHashIterator* class_itr = osrfNewHashIterator( foreign_context );
1452                                 while( (fcontext = osrfHashIteratorNext( class_itr )) ) {
1453                                         // For each class to which a foreign key points:
1454                                         const char* class_name = osrfHashIteratorKey( class_itr );
1455                                         osrfHash* fcontext = osrfHashGet( foreign_context, class_name );
1456
1457                                         osrfLogDebug(
1458                                                 OSRF_LOG_MARK,
1459                                                 "%d foreign context fields(s) specified for class %s",
1460                                                 ((osrfStringArray*)osrfHashGet(fcontext,"context"))->size,
1461                                                 class_name
1462                                         );
1463
1464                                         // Get the name of the key field in the foreign table
1465                                         const char* foreign_pkey = osrfHashGet( fcontext, "field" );
1466
1467                                         // Get the value of the foreign key pointing to the foreign table
1468                                         char* foreign_pkey_value =
1469                                                         oilsFMGetString( param, osrfHashGet( fcontext, "fkey" ));
1470                                         if( !foreign_pkey_value )
1471                                                 continue;    // Foreign key value is null; skip it
1472
1473                                         // Look up the row to which the foreign key points
1474                                         jsonObject* _tmp_params = single_hash( foreign_pkey, foreign_pkey_value );
1475                                         jsonObject* _list = doFieldmapperSearch(
1476                                                 ctx, osrfHashGet( oilsIDL(), class_name ), _tmp_params, NULL, &err );
1477
1478                                         jsonObject* _fparam = NULL;
1479                                         if( _list && JSON_ARRAY == _list->type && _list->size > 0 )
1480                                                 _fparam = jsonObjectExtractIndex( _list, 0 );
1481
1482                                         jsonObjectFree( _tmp_params );
1483                                         jsonObjectFree( _list );
1484
1485                                         // At this point _fparam either points to the row identified by the
1486                                         // foreign key, or it's NULL (no such row found).
1487
1488                                         osrfStringArray* jump_list = osrfHashGet( fcontext, "jump" );
1489
1490                                         const char* bad_class = NULL;  // For noting failed lookups
1491                                         if( ! _fparam )
1492                                                 bad_class = class_name;    // Referenced row not found
1493                                         else if( jump_list ) {
1494                                                 // Follow a chain of rows, linked by foreign keys, to find an owner
1495                                                 const char* flink = NULL;
1496                                                 int k = 0;
1497                                                 while ( (flink = osrfStringArrayGetString(jump_list, k++)) && _fparam ) {
1498                                                         // For each entry in the jump list.  Each entry (i.e. flink) is
1499                                                         // the name of a foreign key column in the current row.
1500
1501                                                         // From the IDL, get the linkage information for the next jump
1502                                                         osrfHash* foreign_link_hash =
1503                                                                         oilsIDLFindPath( "/%s/links/%s", _fparam->classname, flink );
1504
1505                                                         // Get the class metadata for the class
1506                                                         // to which the foreign key points
1507                                                         osrfHash* foreign_class_meta = osrfHashGet( oilsIDL(),
1508                                                                         osrfHashGet( foreign_link_hash, "class" ));
1509
1510                                                         // Get the name of the referenced key of that class
1511                                                         foreign_pkey = osrfHashGet( foreign_link_hash, "key" );
1512
1513                                                         // Get the value of the foreign key pointing to that class
1514                                                         free( foreign_pkey_value );
1515                                                         foreign_pkey_value = oilsFMGetString( _fparam, flink );
1516                                                         if( !foreign_pkey_value )
1517                                                                 break;    // Foreign key is null; quit looking
1518
1519                                                         // Build a WHERE clause for the lookup
1520                                                         _tmp_params = single_hash( foreign_pkey, foreign_pkey_value );
1521
1522                                                         // Do the lookup
1523                                                         _list = doFieldmapperSearch( ctx, foreign_class_meta,
1524                                                                         _tmp_params, NULL, &err );
1525
1526                                                         // Get the resulting row
1527                                                         jsonObjectFree( _fparam );
1528                                                         if( _list && JSON_ARRAY == _list->type && _list->size > 0 )
1529                                                                 _fparam = jsonObjectExtractIndex( _list, 0 );
1530                                                         else {
1531                                                                 // Referenced row not found
1532                                                                 _fparam = NULL;
1533                                                                 bad_class = osrfHashGet( foreign_link_hash, "class" );
1534                                                         }
1535
1536                                                         jsonObjectFree( _tmp_params );
1537                                                         jsonObjectFree( _list );
1538                                                 }
1539                                         }
1540
1541                                         if( bad_class ) {
1542
1543                                                 // We had a foreign key pointing to such-and-such a row, but then
1544                                                 // we couldn't fetch that row.  The data in the database are in an
1545                                                 // inconsistent state; the database itself may even be corrupted.
1546                                                 growing_buffer* msg = buffer_init( 128 );
1547                                                 buffer_fadd(
1548                                                         msg,
1549                                                         "%s: no object of class %s found with primary key %s of %s",
1550                                                         modulename,
1551                                                         bad_class,
1552                                                         foreign_pkey,
1553                                                         foreign_pkey_value ? foreign_pkey_value : "(null)"
1554                                                 );
1555
1556                                                 char* m = buffer_release( msg );
1557                                                 osrfAppSessionStatus(
1558                                                         ctx->session,
1559                                                         OSRF_STATUS_INTERNALSERVERERROR,
1560                                                         "osrfMethodException",
1561                                                         ctx->request,
1562                                                         m
1563                                                 );
1564
1565                                                 free( m );
1566                                                 osrfHashIteratorFree( class_itr );
1567                                                 free( foreign_pkey_value );
1568                                                 jsonObjectFree( param );
1569
1570                                                 return 0;
1571                                         }
1572
1573                                         free( foreign_pkey_value );
1574
1575                                         if( _fparam ) {
1576                                                 // Examine each context column of the foreign row,
1577                                                 // and add its value to the list of org units.
1578                                                 int j = 0;
1579                                                 const char* foreign_field = NULL;
1580                                                 osrfStringArray* ctx_array = osrfHashGet( fcontext, "context" );
1581                                                 while ( (foreign_field = osrfStringArrayGetString( ctx_array, j++ )) ) {
1582                                                         osrfStringArrayAdd( context_org_array,
1583                                                                 oilsFMGetStringConst( _fparam, foreign_field ));
1584                                                         osrfLogDebug( OSRF_LOG_MARK,
1585                                                                 "adding foreign class %s field %s (value: %s) "
1586                                                                         "to the context org      list",
1587                                                                 class_name,
1588                                                                 foreign_field,
1589                                                                 osrfStringArrayGetString(
1590                                                                         context_org_array, context_org_array->size - 1 )
1591                                                         );
1592                                                 }
1593
1594                                                 jsonObjectFree( _fparam );
1595                                         }
1596                                 }
1597
1598                                 osrfHashIteratorFree( class_itr );
1599                         }
1600                 }
1601
1602                 jsonObjectFree( param );
1603         }
1604
1605         const char* context_org = NULL;
1606         const char* perm = NULL;
1607         int OK = 0;
1608
1609         if( permission->size == 0 ) {
1610             osrfLogDebug( OSRF_LOG_MARK, "No permission specified for this action, passing through" );
1611                 OK = 1;
1612         }
1613
1614         // For every combination of permission and context org unit: call a stored procedure
1615         // to determine if the user has this permission in the context of this org unit.
1616         // If the answer is yes at any point, then we're done, and the user has permission.
1617         // In other words permissions are additive.
1618         int i = 0;
1619         while( (perm = osrfStringArrayGetString(permission, i++)) ) {
1620                 int j = 0;
1621                 while( (context_org = osrfStringArrayGetString( context_org_array, j++ )) ) {
1622                         dbi_result result;
1623
1624                         if( pkey_value ) {
1625                                 osrfLogDebug(
1626                                         OSRF_LOG_MARK,
1627                                         "Checking object permission [%s] for user %d "
1628                                                         "on object %s (class %s) at org %d",
1629                                         perm,
1630                                         userid,
1631                                         pkey_value,
1632                                         osrfHashGet( class, "classname" ),
1633                                         atoi( context_org )
1634                                 );
1635
1636                                 result = dbi_conn_queryf(
1637                                         writehandle,
1638                                         "SELECT permission.usr_has_object_perm(%d, '%s', '%s', '%s', %d) AS has_perm;",
1639                                         userid,
1640                                         perm,
1641                                         osrfHashGet( class, "classname" ),
1642                                         pkey_value,
1643                                         atoi( context_org )
1644                                 );
1645
1646                                 if( result ) {
1647                                         osrfLogDebug(
1648                                                 OSRF_LOG_MARK,
1649                                                 "Received a result for object permission [%s] "
1650                                                                 "for user %d on object %s (class %s) at org %d",
1651                                                 perm,
1652                                                 userid,
1653                                                 pkey_value,
1654                                                 osrfHashGet( class, "classname" ),
1655                                                 atoi( context_org )
1656                                         );
1657
1658                                         if( dbi_result_first_row( result )) {
1659                                                 jsonObject* return_val = oilsMakeJSONFromResult( result );
1660                                                 const char* has_perm = jsonObjectGetString(
1661                                                                 jsonObjectGetKeyConst( return_val, "has_perm" ));
1662
1663                                                 osrfLogDebug(
1664                                                         OSRF_LOG_MARK,
1665                                                         "Status of object permission [%s] for user %d "
1666                                                                         "on object %s (class %s) at org %d is %s",
1667                                                         perm,
1668                                                         userid,
1669                                                         pkey_value,
1670                                                         osrfHashGet(class, "classname"),
1671                                                         atoi(context_org),
1672                                                         has_perm
1673                                                 );
1674
1675                                                 if( *has_perm == 't' )
1676                                                         OK = 1;
1677                                                 jsonObjectFree( return_val );
1678                                         }
1679
1680                                         dbi_result_free( result );
1681                                         if( OK )
1682                                                 break;
1683                                 }
1684                         }
1685
1686                         osrfLogDebug( OSRF_LOG_MARK,
1687                                         "Checking non-object permission [%s] for user %d at org %d",
1688                                         perm, userid, atoi(context_org) );
1689                         result = dbi_conn_queryf(
1690                                 writehandle,
1691                                 "SELECT permission.usr_has_perm(%d, '%s', %d) AS has_perm;",
1692                                 userid,
1693                                 perm,
1694                                 atoi( context_org )
1695                         );
1696
1697                         if( result ) {
1698                                 osrfLogDebug( OSRF_LOG_MARK,
1699                                                 "Received a result for permission [%s] for user %d at org %d",
1700                                                 perm, userid, atoi( context_org ));
1701                                 if( dbi_result_first_row( result )) {
1702                                         jsonObject* return_val = oilsMakeJSONFromResult( result );
1703                                         const char* has_perm = jsonObjectGetString(
1704                                                         jsonObjectGetKeyConst( return_val, "has_perm" ));
1705                                         osrfLogDebug( OSRF_LOG_MARK,
1706                                                         "Status of permission [%s] for user %d at org %d is [%s]",
1707                                                         perm, userid, atoi( context_org ), has_perm );
1708                                         if( *has_perm == 't' )
1709                                                 OK = 1;
1710                                         jsonObjectFree( return_val );
1711                                 }
1712
1713                                 dbi_result_free( result );
1714                                 if( OK )
1715                                         break;
1716                         }
1717
1718                 }
1719                 if( OK )
1720                         break;
1721         }
1722
1723         osrfStringArrayFree( context_org_array );
1724
1725         return OK;
1726 }
1727
1728 /**
1729         @brief Look up the root of the org_unit tree.
1730         @param ctx Pointer to the method context.
1731         @return The id of the root org unit, as a character string.
1732
1733         Query actor.org_unit where parent_ou is null, and return the id as a string.
1734
1735         This function assumes that there is only one root org unit, i.e. that we
1736         have a single tree, not a forest.
1737
1738         The calling code is responsible for freeing the returned string.
1739 */
1740 static const char* org_tree_root( osrfMethodContext* ctx ) {
1741
1742         static char cached_root_id[ 32 ] = "";  // extravagantly large buffer
1743         static time_t last_lookup_time = 0;
1744         time_t current_time = time( NULL );
1745
1746         if( cached_root_id[ 0 ] && ( current_time - last_lookup_time < 3600 ) ) {
1747                 // We successfully looked this up less than an hour ago.
1748                 // It's not likely to have changed since then.
1749                 return strdup( cached_root_id );
1750         }
1751         last_lookup_time = current_time;
1752
1753         int err = 0;
1754         jsonObject* where_clause = single_hash( "parent_ou", NULL );
1755         jsonObject* result = doFieldmapperSearch(
1756                 ctx, osrfHashGet( oilsIDL(), "aou" ), where_clause, NULL, &err );
1757         jsonObjectFree( where_clause );
1758
1759         jsonObject* tree_top = jsonObjectGetIndex( result, 0 );
1760
1761         if( !tree_top ) {
1762                 jsonObjectFree( result );
1763
1764                 growing_buffer* msg = buffer_init( 128 );
1765                 OSRF_BUFFER_ADD( msg, modulename );
1766                 OSRF_BUFFER_ADD( msg,
1767                                 ": Internal error, could not find the top of the org tree (parent_ou = NULL)" );
1768
1769                 char* m = buffer_release( msg );
1770                 osrfAppSessionStatus( ctx->session,
1771                                 OSRF_STATUS_INTERNALSERVERERROR, "osrfMethodException", ctx->request, m );
1772                 free( m );
1773
1774                 cached_root_id[ 0 ] = '\0';
1775                 return NULL;
1776         }
1777
1778         const char* root_org_unit_id = oilsFMGetStringConst( tree_top, "id" );
1779         osrfLogDebug( OSRF_LOG_MARK, "Top of the org tree is %s", root_org_unit_id );
1780
1781         strcpy( cached_root_id, root_org_unit_id );
1782         jsonObjectFree( result );
1783         return cached_root_id;
1784 }
1785
1786 /**
1787         @brief Create a JSON_HASH with a single key/value pair.
1788         @param key The key of the key/value pair.
1789         @param value the value of the key/value pair.
1790         @return Pointer to a newly created jsonObject of type JSON_HASH.
1791
1792         The value of the key/value is either a string or (if @a value is NULL) a null.
1793 */
1794 static jsonObject* single_hash( const char* key, const char* value ) {
1795         // Sanity check
1796         if( ! key ) key = "";
1797
1798         jsonObject* hash = jsonNewObjectType( JSON_HASH );
1799         jsonObjectSetKey( hash, key, jsonNewObject( value ) );
1800         return hash;
1801 }
1802
1803
1804 int doCreate( osrfMethodContext* ctx ) {
1805         if(osrfMethodVerifyContext( ctx )) {
1806                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
1807                 return -1;
1808         }
1809
1810         if( enforce_pcrud )
1811                 timeout_needs_resetting = 1;
1812
1813         osrfHash* meta = osrfHashGet( (osrfHash*) ctx->method->userData, "class" );
1814         jsonObject* target = NULL;
1815         jsonObject* options = NULL;
1816
1817         if( enforce_pcrud ) {
1818                 target = jsonObjectGetIndex( ctx->params, 1 );
1819                 options = jsonObjectGetIndex( ctx->params, 2 );
1820         } else {
1821                 target = jsonObjectGetIndex( ctx->params, 0 );
1822                 options = jsonObjectGetIndex( ctx->params, 1 );
1823         }
1824
1825         if( !verifyObjectClass( ctx, target )) {
1826                 osrfAppRespondComplete( ctx, NULL );
1827                 return -1;
1828         }
1829
1830         osrfLogDebug( OSRF_LOG_MARK, "Object seems to be of the correct type" );
1831
1832         const char* trans_id = getXactId( ctx );
1833         if( !trans_id ) {
1834                 osrfLogError( OSRF_LOG_MARK, "No active transaction -- required for CREATE" );
1835
1836                 osrfAppSessionStatus(
1837                         ctx->session,
1838                         OSRF_STATUS_BADREQUEST,
1839                         "osrfMethodException",
1840                         ctx->request,
1841                         "No active transaction -- required for CREATE"
1842                 );
1843                 osrfAppRespondComplete( ctx, NULL );
1844                 return -1;
1845         }
1846
1847         // The following test is harmless but redundant.  If a class is
1848         // readonly, we don't register a create method for it.
1849         if( str_is_true( osrfHashGet( meta, "readonly" ) ) ) {
1850                 osrfAppSessionStatus(
1851                         ctx->session,
1852                         OSRF_STATUS_BADREQUEST,
1853                         "osrfMethodException",
1854                         ctx->request,
1855                         "Cannot INSERT readonly class"
1856                 );
1857                 osrfAppRespondComplete( ctx, NULL );
1858                 return -1;
1859         }
1860
1861         // Set the last_xact_id
1862         int index = oilsIDL_ntop( target->classname, "last_xact_id" );
1863         if( index > -1 ) {
1864                 osrfLogDebug(OSRF_LOG_MARK, "Setting last_xact_id to %s on %s at position %d",
1865                         trans_id, target->classname, index);
1866                 jsonObjectSetIndex( target, index, jsonNewObject( trans_id ));
1867         }
1868
1869         osrfLogDebug( OSRF_LOG_MARK, "There is a transaction running..." );
1870
1871         dbhandle = writehandle;
1872
1873         osrfHash* fields = osrfHashGet( meta, "fields" );
1874         char* pkey       = osrfHashGet( meta, "primarykey" );
1875         char* seq        = osrfHashGet( meta, "sequence" );
1876
1877         growing_buffer* table_buf = buffer_init( 128 );
1878         growing_buffer* col_buf   = buffer_init( 128 );
1879         growing_buffer* val_buf   = buffer_init( 128 );
1880
1881         OSRF_BUFFER_ADD( table_buf, "INSERT INTO " );
1882         OSRF_BUFFER_ADD( table_buf, osrfHashGet( meta, "tablename" ));
1883         OSRF_BUFFER_ADD_CHAR( col_buf, '(' );
1884         buffer_add( val_buf,"VALUES (" );
1885
1886
1887         int first = 1;
1888         osrfHash* field = NULL;
1889         osrfHashIterator* field_itr = osrfNewHashIterator( fields );
1890         while( (field = osrfHashIteratorNext( field_itr ) ) ) {
1891
1892                 const char* field_name = osrfHashIteratorKey( field_itr );
1893
1894                 if( str_is_true( osrfHashGet( field, "virtual" ) ) )
1895                         continue;
1896
1897                 const jsonObject* field_object = oilsFMGetObject( target, field_name );
1898
1899                 char* value;
1900                 if( field_object && field_object->classname ) {
1901                         value = oilsFMGetString(
1902                                 field_object,
1903                                 (char*)oilsIDLFindPath( "/%s/primarykey", field_object->classname )
1904                         );
1905                 } else if( field_object && JSON_BOOL == field_object->type ) {
1906                         if( jsonBoolIsTrue( field_object ) )
1907                                 value = strdup( "t" );
1908                         else
1909                                 value = strdup( "f" );
1910                 } else {
1911                         value = jsonObjectToSimpleString( field_object );
1912                 }
1913
1914                 if( first ) {
1915                         first = 0;
1916                 } else {
1917                         OSRF_BUFFER_ADD_CHAR( col_buf, ',' );
1918                         OSRF_BUFFER_ADD_CHAR( val_buf, ',' );
1919                 }
1920
1921                 buffer_add( col_buf, field_name );
1922
1923                 if( !field_object || field_object->type == JSON_NULL ) {
1924                         buffer_add( val_buf, "DEFAULT" );
1925
1926                 } else if( !strcmp( get_primitive( field ), "number" )) {
1927                         const char* numtype = get_datatype( field );
1928                         if( !strcmp( numtype, "INT8" )) {
1929                                 buffer_fadd( val_buf, "%lld", atoll( value ));
1930
1931                         } else if( !strcmp( numtype, "INT" )) {
1932                                 buffer_fadd( val_buf, "%d", atoi( value ));
1933
1934                         } else if( !strcmp( numtype, "NUMERIC" )) {
1935                                 buffer_fadd( val_buf, "%f", atof( value ));
1936                         }
1937                 } else {
1938                         if( dbi_conn_quote_string( writehandle, &value )) {
1939                                 OSRF_BUFFER_ADD( val_buf, value );
1940
1941                         } else {
1942                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting string [%s]", modulename, value );
1943                                 osrfAppSessionStatus(
1944                                         ctx->session,
1945                                         OSRF_STATUS_INTERNALSERVERERROR,
1946                                         "osrfMethodException",
1947                                         ctx->request,
1948                                         "Error quoting string -- please see the error log for more details"
1949                                 );
1950                                 free( value );
1951                                 buffer_free( table_buf );
1952                                 buffer_free( col_buf );
1953                                 buffer_free( val_buf );
1954                                 osrfAppRespondComplete( ctx, NULL );
1955                                 return -1;
1956                         }
1957                 }
1958
1959                 free( value );
1960         }
1961
1962         osrfHashIteratorFree( field_itr );
1963
1964         OSRF_BUFFER_ADD_CHAR( col_buf, ')' );
1965         OSRF_BUFFER_ADD_CHAR( val_buf, ')' );
1966
1967         char* table_str = buffer_release( table_buf );
1968         char* col_str   = buffer_release( col_buf );
1969         char* val_str   = buffer_release( val_buf );
1970         growing_buffer* sql = buffer_init( 128 );
1971         buffer_fadd( sql, "%s %s %s;", table_str, col_str, val_str );
1972         free( table_str );
1973         free( col_str );
1974         free( val_str );
1975
1976         char* query = buffer_release( sql );
1977
1978         osrfLogDebug( OSRF_LOG_MARK, "%s: Insert SQL [%s]", modulename, query );
1979
1980         jsonObject* obj = NULL;
1981         int rc = 0;
1982
1983         dbi_result result = dbi_conn_query( writehandle, query );
1984         if( !result ) {
1985                 obj = jsonNewObject( NULL );
1986                 osrfLogError(
1987                         OSRF_LOG_MARK,
1988                         "%s ERROR inserting %s object using query [%s]",
1989                         modulename,
1990                         osrfHashGet(meta, "fieldmapper"),
1991                         query
1992                 );
1993                 osrfAppSessionStatus(
1994                         ctx->session,
1995                         OSRF_STATUS_INTERNALSERVERERROR,
1996                         "osrfMethodException",
1997                         ctx->request,
1998                         "INSERT error -- please see the error log for more details"
1999                 );
2000                 rc = -1;
2001         } else {
2002
2003                 char* id = oilsFMGetString( target, pkey );
2004                 if( !id ) {
2005                         unsigned long long new_id = dbi_conn_sequence_last( writehandle, seq );
2006                         growing_buffer* _id = buffer_init( 10 );
2007                         buffer_fadd( _id, "%lld", new_id );
2008                         id = buffer_release( _id );
2009                 }
2010
2011                 // Find quietness specification, if present
2012                 const char* quiet_str = NULL;
2013                 if( options ) {
2014                         const jsonObject* quiet_obj = jsonObjectGetKeyConst( options, "quiet" );
2015                         if( quiet_obj )
2016                                 quiet_str = jsonObjectGetString( quiet_obj );
2017                 }
2018
2019                 if( str_is_true( quiet_str )) {  // if quietness is specified
2020                         obj = jsonNewObject( id );
2021                 }
2022                 else {
2023
2024                         // Fetch the row that we just inserted, so that we can return it to the client
2025                         jsonObject* where_clause = jsonNewObjectType( JSON_HASH );
2026                         jsonObjectSetKey( where_clause, pkey, jsonNewObject( id ));
2027
2028                         int err = 0;
2029                         jsonObject* list = doFieldmapperSearch( ctx, meta, where_clause, NULL, &err );
2030                         if( err )
2031                                 rc = -1;
2032                         else
2033                                 obj = jsonObjectClone( jsonObjectGetIndex( list, 0 ));
2034
2035                         jsonObjectFree( list );
2036                         jsonObjectFree( where_clause );
2037                 }
2038
2039                 free( id );
2040         }
2041
2042         free( query );
2043         osrfAppRespondComplete( ctx, obj );
2044         jsonObjectFree( obj );
2045         return rc;
2046 }
2047
2048 /**
2049         @brief Implement the retrieve method.
2050         @param ctx Pointer to the method context.
2051         @param err Pointer through which to return an error code.
2052         @return If successful, a pointer to the result to be returned to the client;
2053         otherwise NULL.
2054
2055         From the method's class, fetch a row with a specified value in the primary key.  This
2056         method relies on the database design convention that a primary key consists of a single
2057         column.
2058
2059         Method parameters:
2060         - authkey (PCRUD only)
2061         - value of the primary key for the desired row, for building the WHERE clause
2062         - a JSON_HASH containing any other SQL clauses: select, join, etc.
2063
2064         Return to client: One row from the query.
2065 */
2066 int doRetrieve( osrfMethodContext* ctx ) {
2067         if(osrfMethodVerifyContext( ctx )) {
2068                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
2069                 return -1;
2070         }
2071
2072         if( enforce_pcrud )
2073                 timeout_needs_resetting = 1;
2074
2075         int id_pos = 0;
2076         int order_pos = 1;
2077
2078         if( enforce_pcrud ) {
2079                 id_pos = 1;
2080                 order_pos = 2;
2081         }
2082
2083         // Get the class metadata
2084         osrfHash* class_def = osrfHashGet( (osrfHash*) ctx->method->userData, "class" );
2085
2086         // Get the value of the primary key, from a method parameter
2087         const jsonObject* id_obj = jsonObjectGetIndex( ctx->params, id_pos );
2088
2089         osrfLogDebug(
2090                 OSRF_LOG_MARK,
2091                 "%s retrieving %s object with primary key value of %s",
2092                 modulename,
2093                 osrfHashGet( class_def, "fieldmapper" ),
2094                 jsonObjectGetString( id_obj )
2095         );
2096
2097         // Build a WHERE clause based on the key value
2098         jsonObject* where_clause = jsonNewObjectType( JSON_HASH );
2099         jsonObjectSetKey(
2100                 where_clause,
2101                 osrfHashGet( class_def, "primarykey" ),  // name of key column
2102                 jsonObjectClone( id_obj )                // value of key column
2103         );
2104
2105         jsonObject* rest_of_query = jsonObjectGetIndex( ctx->params, order_pos );
2106
2107         // Do the query
2108         int err = 0;
2109         jsonObject* list = doFieldmapperSearch( ctx, class_def, where_clause, rest_of_query, &err );
2110
2111         jsonObjectFree( where_clause );
2112         if( err ) {
2113                 osrfAppRespondComplete( ctx, NULL );
2114                 return -1;
2115         }
2116
2117         jsonObject* obj = jsonObjectExtractIndex( list, 0 );
2118         jsonObjectFree( list );
2119
2120         if( enforce_pcrud ) {
2121                 if(!verifyObjectPCRUD( ctx, obj )) {
2122                         jsonObjectFree( obj );
2123
2124                         growing_buffer* msg = buffer_init( 128 );
2125                         OSRF_BUFFER_ADD( msg, modulename );
2126                         OSRF_BUFFER_ADD( msg, ": Insufficient permissions to retrieve object" );
2127
2128                         char* m = buffer_release( msg );
2129                         osrfAppSessionStatus( ctx->session, OSRF_STATUS_NOTALLOWED, "osrfMethodException",
2130                                         ctx->request, m );
2131                         free( m );
2132
2133                         osrfAppRespondComplete( ctx, NULL );
2134                         return -1;
2135                 }
2136         }
2137
2138         osrfAppRespondComplete( ctx, obj );
2139         jsonObjectFree( obj );
2140         return 0;
2141 }
2142
2143 /**
2144         @brief Translate a numeric value to a string representation for the database.
2145         @param field Pointer to the IDL field definition.
2146         @param value Pointer to a jsonObject holding the value of a field.
2147         @return Pointer to a newly allocated string.
2148
2149         The input object is typically a JSON_NUMBER, but it may be a JSON_STRING as long as
2150         its contents are numeric.  A non-numeric string is likely to result in invalid SQL,
2151         or (what is worse) valid SQL that is wrong.
2152
2153         If the datatype of the receiving field is not numeric, wrap the value in quotes.
2154
2155         The calling code is responsible for freeing the resulting string by calling free().
2156 */
2157 static char* jsonNumberToDBString( osrfHash* field, const jsonObject* value ) {
2158         growing_buffer* val_buf = buffer_init( 32 );
2159         const char* numtype = get_datatype( field );
2160
2161         // For historical reasons the following contains cruft that could be cleaned up.
2162         if( !strncmp( numtype, "INT", 3 ) ) {
2163                 if( value->type == JSON_NUMBER )
2164                         //buffer_fadd( val_buf, "%ld", (long)jsonObjectGetNumber(value) );
2165                         buffer_fadd( val_buf, jsonObjectGetString( value ) );
2166                 else {
2167                         buffer_fadd( val_buf, jsonObjectGetString( value ) );
2168                 }
2169
2170         } else if( !strcmp( numtype, "NUMERIC" )) {
2171                 if( value->type == JSON_NUMBER )
2172                         buffer_fadd( val_buf, jsonObjectGetString( value ));
2173                 else {
2174                         buffer_fadd( val_buf, jsonObjectGetString( value ));
2175                 }
2176
2177         } else {
2178                 // Presumably this was really intended to be a string, so quote it
2179                 char* str = jsonObjectToSimpleString( value );
2180                 if( dbi_conn_quote_string( dbhandle, &str )) {
2181                         OSRF_BUFFER_ADD( val_buf, str );
2182                         free( str );
2183                 } else {
2184                         osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]", modulename, str );
2185                         free( str );
2186                         buffer_free( val_buf );
2187                         return NULL;
2188                 }
2189         }
2190
2191         return buffer_release( val_buf );
2192 }
2193
2194 static char* searchINPredicate( const char* class_alias, osrfHash* field,
2195                 jsonObject* node, const char* op, osrfMethodContext* ctx ) {
2196         growing_buffer* sql_buf = buffer_init( 32 );
2197
2198         buffer_fadd(
2199                 sql_buf,
2200                 "\"%s\".%s ",
2201                 class_alias,
2202                 osrfHashGet( field, "name" )
2203         );
2204
2205         if( !op ) {
2206                 buffer_add( sql_buf, "IN (" );
2207         } else if( !strcasecmp( op,"not in" )) {
2208                 buffer_add( sql_buf, "NOT IN (" );
2209         } else {
2210                 buffer_add( sql_buf, "IN (" );
2211         }
2212
2213         if( node->type == JSON_HASH ) {
2214                 // subquery predicate
2215                 char* subpred = buildQuery( ctx, node, SUBSELECT );
2216                 if( ! subpred ) {
2217                         buffer_free( sql_buf );
2218                         return NULL;
2219                 }
2220
2221                 buffer_add( sql_buf, subpred );
2222                 free( subpred );
2223
2224         } else if( node->type == JSON_ARRAY ) {
2225                 // literal value list
2226                 int in_item_index = 0;
2227                 int in_item_first = 1;
2228                 const jsonObject* in_item;
2229                 while( (in_item = jsonObjectGetIndex( node, in_item_index++ )) ) {
2230
2231                         if( in_item_first )
2232                                 in_item_first = 0;
2233                         else
2234                                 buffer_add( sql_buf, ", " );
2235
2236                         // Sanity check
2237                         if( in_item->type != JSON_STRING && in_item->type != JSON_NUMBER ) {
2238                                 osrfLogError( OSRF_LOG_MARK,
2239                                                 "%s: Expected string or number within IN list; found %s",
2240                                                 modulename, json_type( in_item->type ) );
2241                                 buffer_free( sql_buf );
2242                                 return NULL;
2243                         }
2244
2245                         // Append the literal value -- quoted if not a number
2246                         if( JSON_NUMBER == in_item->type ) {
2247                                 char* val = jsonNumberToDBString( field, in_item );
2248                                 OSRF_BUFFER_ADD( sql_buf, val );
2249                                 free( val );
2250
2251                         } else if( !strcmp( get_primitive( field ), "number" )) {
2252                                 char* val = jsonNumberToDBString( field, in_item );
2253                                 OSRF_BUFFER_ADD( sql_buf, val );
2254                                 free( val );
2255
2256                         } else {
2257                                 char* key_string = jsonObjectToSimpleString( in_item );
2258                                 if( dbi_conn_quote_string( dbhandle, &key_string )) {
2259                                         OSRF_BUFFER_ADD( sql_buf, key_string );
2260                                         free( key_string );
2261                                 } else {
2262                                         osrfLogError( OSRF_LOG_MARK,
2263                                                         "%s: Error quoting key string [%s]", modulename, key_string );
2264                                         free( key_string );
2265                                         buffer_free( sql_buf );
2266                                         return NULL;
2267                                 }
2268                         }
2269                 }
2270
2271                 if( in_item_first ) {
2272                         osrfLogError(OSRF_LOG_MARK, "%s: Empty IN list", modulename );
2273                         buffer_free( sql_buf );
2274                         return NULL;
2275                 }
2276         } else {
2277                 osrfLogError( OSRF_LOG_MARK, "%s: Expected object or array for IN clause; found %s",
2278                         modulename, json_type( node->type ));
2279                 buffer_free( sql_buf );
2280                 return NULL;
2281         }
2282
2283         OSRF_BUFFER_ADD_CHAR( sql_buf, ')' );
2284
2285         return buffer_release( sql_buf );
2286 }
2287
2288 // Receive a JSON_ARRAY representing a function call.  The first
2289 // entry in the array is the function name.  The rest are parameters.
2290 static char* searchValueTransform( const jsonObject* array ) {
2291
2292         if( array->size < 1 ) {
2293                 osrfLogError( OSRF_LOG_MARK, "%s: Empty array for value transform", modulename );
2294                 return NULL;
2295         }
2296
2297         // Get the function name
2298         jsonObject* func_item = jsonObjectGetIndex( array, 0 );
2299         if( func_item->type != JSON_STRING ) {
2300                 osrfLogError( OSRF_LOG_MARK, "%s: Error: expected function name, found %s",
2301                         modulename, json_type( func_item->type ));
2302                 return NULL;
2303         }
2304
2305         growing_buffer* sql_buf = buffer_init( 32 );
2306
2307         OSRF_BUFFER_ADD( sql_buf, jsonObjectGetString( func_item ) );
2308         OSRF_BUFFER_ADD( sql_buf, "( " );
2309
2310         // Get the parameters
2311         int func_item_index = 1;   // We already grabbed the zeroth entry
2312         while( (func_item = jsonObjectGetIndex( array, func_item_index++ )) ) {
2313
2314                 // Add a separator comma, if we need one
2315                 if( func_item_index > 2 )
2316                         buffer_add( sql_buf, ", " );
2317
2318                 // Add the current parameter
2319                 if( func_item->type == JSON_NULL ) {
2320                         buffer_add( sql_buf, "NULL" );
2321                 } else {
2322                         char* val = jsonObjectToSimpleString( func_item );
2323                         if( dbi_conn_quote_string( dbhandle, &val )) {
2324                                 OSRF_BUFFER_ADD( sql_buf, val );
2325                                 free( val );
2326                         } else {
2327                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]",
2328                                         modulename, val );
2329                                 buffer_free( sql_buf );
2330                                 free( val );
2331                                 return NULL;
2332                         }
2333                 }
2334         }
2335
2336         buffer_add( sql_buf, " )" );
2337
2338         return buffer_release( sql_buf );
2339 }
2340
2341 static char* searchFunctionPredicate( const char* class_alias, osrfHash* field,
2342                 const jsonObject* node, const char* op ) {
2343
2344         if( ! is_good_operator( op ) ) {
2345                 osrfLogError( OSRF_LOG_MARK, "%s: Invalid operator [%s]", modulename, op );
2346                 return NULL;
2347         }
2348
2349         char* val = searchValueTransform( node );
2350         if( !val )
2351                 return NULL;
2352
2353         growing_buffer* sql_buf = buffer_init( 32 );
2354         buffer_fadd(
2355                 sql_buf,
2356                 "\"%s\".%s %s %s",
2357                 class_alias,
2358                 osrfHashGet( field, "name" ),
2359                 op,
2360                 val
2361         );
2362
2363         free( val );
2364
2365         return buffer_release( sql_buf );
2366 }
2367
2368 // class_alias is a class name or other table alias
2369 // field is a field definition as stored in the IDL
2370 // node comes from the method parameter, and may represent an entry in the SELECT list
2371 static char* searchFieldTransform( const char* class_alias, osrfHash* field,
2372                 const jsonObject* node ) {
2373         growing_buffer* sql_buf = buffer_init( 32 );
2374
2375         const char* field_transform = jsonObjectGetString(
2376                 jsonObjectGetKeyConst( node, "transform" ) );
2377         const char* transform_subcolumn = jsonObjectGetString(
2378                 jsonObjectGetKeyConst( node, "result_field" ) );
2379
2380         if( transform_subcolumn ) {
2381                 if( ! is_identifier( transform_subcolumn ) ) {
2382                         osrfLogError( OSRF_LOG_MARK, "%s: Invalid subfield name: \"%s\"\n",
2383                                         modulename, transform_subcolumn );
2384                         buffer_free( sql_buf );
2385                         return NULL;
2386                 }
2387                 OSRF_BUFFER_ADD_CHAR( sql_buf, '(' );    // enclose transform in parentheses
2388         }
2389
2390         if( field_transform ) {
2391
2392                 if( ! is_identifier( field_transform ) ) {
2393                         osrfLogError( OSRF_LOG_MARK, "%s: Expected function name, found \"%s\"\n",
2394                                         modulename, field_transform );
2395                         buffer_free( sql_buf );
2396                         return NULL;
2397                 }
2398
2399                 if( obj_is_true( jsonObjectGetKeyConst( node, "distinct" ) ) ) {
2400                         buffer_fadd( sql_buf, "%s(DISTINCT \"%s\".%s",
2401                                 field_transform, class_alias, osrfHashGet( field, "name" ));
2402                 } else {
2403                         buffer_fadd( sql_buf, "%s(\"%s\".%s",
2404                                 field_transform, class_alias, osrfHashGet( field, "name" ));
2405                 }
2406
2407                 const jsonObject* array = jsonObjectGetKeyConst( node, "params" );
2408
2409                 if( array ) {
2410                         if( array->type != JSON_ARRAY ) {
2411                                 osrfLogError( OSRF_LOG_MARK,
2412                                         "%s: Expected JSON_ARRAY for function params; found %s",
2413                                         modulename, json_type( array->type ) );
2414                                 buffer_free( sql_buf );
2415                                 return NULL;
2416                         }
2417                         int func_item_index = 0;
2418                         jsonObject* func_item;
2419                         while( (func_item = jsonObjectGetIndex( array, func_item_index++ ))) {
2420
2421                                 char* val = jsonObjectToSimpleString( func_item );
2422
2423                                 if( !val ) {
2424                                         buffer_add( sql_buf, ",NULL" );
2425                                 } else if( dbi_conn_quote_string( dbhandle, &val )) {
2426                                         OSRF_BUFFER_ADD_CHAR( sql_buf, ',' );
2427                                         OSRF_BUFFER_ADD( sql_buf, val );
2428                                 } else {
2429                                         osrfLogError( OSRF_LOG_MARK,
2430                                                         "%s: Error quoting key string [%s]", modulename, val );
2431                                         free( val );
2432                                         buffer_free( sql_buf );
2433                                         return NULL;
2434                                 }
2435                                 free( val );
2436                         }
2437                 }
2438
2439                 buffer_add( sql_buf, " )" );
2440
2441         } else {
2442                 buffer_fadd( sql_buf, "\"%s\".%s", class_alias, osrfHashGet( field, "name" ));
2443         }
2444
2445         if( transform_subcolumn )
2446                 buffer_fadd( sql_buf, ").\"%s\"", transform_subcolumn );
2447
2448         return buffer_release( sql_buf );
2449 }
2450
2451 static char* searchFieldTransformPredicate( const ClassInfo* class_info, osrfHash* field,
2452                 const jsonObject* node, const char* op ) {
2453
2454         if( ! is_good_operator( op ) ) {
2455                 osrfLogError( OSRF_LOG_MARK, "%s: Error: Invalid operator %s", modulename, op );
2456                 return NULL;
2457         }
2458
2459         char* field_transform = searchFieldTransform( class_info->alias, field, node );
2460         if( ! field_transform )
2461                 return NULL;
2462         char* value = NULL;
2463         int extra_parens = 0;   // boolean
2464
2465         const jsonObject* value_obj = jsonObjectGetKeyConst( node, "value" );
2466         if( ! value_obj ) {
2467                 value = searchWHERE( node, class_info, AND_OP_JOIN, NULL );
2468                 if( !value ) {
2469                         osrfLogError( OSRF_LOG_MARK, "%s: Error building condition for field transform",
2470                                 modulename );
2471                         free( field_transform );
2472                         return NULL;
2473                 }
2474                 extra_parens = 1;
2475         } else if( value_obj->type == JSON_ARRAY ) {
2476                 value = searchValueTransform( value_obj );
2477                 if( !value ) {
2478                         osrfLogError( OSRF_LOG_MARK,
2479                                 "%s: Error building value transform for field transform", modulename );
2480                         free( field_transform );
2481                         return NULL;
2482                 }
2483         } else if( value_obj->type == JSON_HASH ) {
2484                 value = searchWHERE( value_obj, class_info, AND_OP_JOIN, NULL );
2485                 if( !value ) {
2486                         osrfLogError( OSRF_LOG_MARK, "%s: Error building predicate for field transform",
2487                                 modulename );
2488                         free( field_transform );
2489                         return NULL;
2490                 }
2491                 extra_parens = 1;
2492         } else if( value_obj->type == JSON_NUMBER ) {
2493                 value = jsonNumberToDBString( field, value_obj );
2494         } else if( value_obj->type == JSON_NULL ) {
2495                 osrfLogError( OSRF_LOG_MARK,
2496                         "%s: Error building predicate for field transform: null value", modulename );
2497                 free( field_transform );
2498                 return NULL;
2499         } else if( value_obj->type == JSON_BOOL ) {
2500                 osrfLogError( OSRF_LOG_MARK,
2501                         "%s: Error building predicate for field transform: boolean value", modulename );
2502                 free( field_transform );
2503                 return NULL;
2504         } else {
2505                 if( !strcmp( get_primitive( field ), "number") ) {
2506                         value = jsonNumberToDBString( field, value_obj );
2507                 } else {
2508                         value = jsonObjectToSimpleString( value_obj );
2509                         if( !dbi_conn_quote_string( dbhandle, &value )) {
2510                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]",
2511                                         modulename, value );
2512                                 free( value );
2513                                 free( field_transform );
2514                                 return NULL;
2515                         }
2516                 }
2517         }
2518
2519         const char* left_parens  = "";
2520         const char* right_parens = "";
2521
2522         if( extra_parens ) {
2523                 left_parens  = "(";
2524                 right_parens = ")";
2525         }
2526
2527         growing_buffer* sql_buf = buffer_init( 32 );
2528
2529         buffer_fadd(
2530                 sql_buf,
2531                 "%s%s %s %s %s %s%s",
2532                 left_parens,
2533                 field_transform,
2534                 op,
2535                 left_parens,
2536                 value,
2537                 right_parens,
2538                 right_parens
2539         );
2540
2541         free( value );
2542         free( field_transform );
2543
2544         return buffer_release( sql_buf );
2545 }
2546
2547 static char* searchSimplePredicate( const char* op, const char* class_alias,
2548                 osrfHash* field, const jsonObject* node ) {
2549
2550         if( ! is_good_operator( op ) ) {
2551                 osrfLogError( OSRF_LOG_MARK, "%s: Invalid operator [%s]", modulename, op );
2552                 return NULL;
2553         }
2554
2555         char* val = NULL;
2556
2557         // Get the value to which we are comparing the specified column
2558         if( node->type != JSON_NULL ) {
2559                 if( node->type == JSON_NUMBER ) {
2560                         val = jsonNumberToDBString( field, node );
2561                 } else if( !strcmp( get_primitive( field ), "number" ) ) {
2562                         val = jsonNumberToDBString( field, node );
2563                 } else {
2564                         val = jsonObjectToSimpleString( node );
2565                 }
2566         }
2567
2568         if( val ) {
2569                 if( JSON_NUMBER != node->type && strcmp( get_primitive( field ), "number") ) {
2570                         // Value is not numeric; enclose it in quotes
2571                         if( !dbi_conn_quote_string( dbhandle, &val ) ) {
2572                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]",
2573                                         modulename, val );
2574                                 free( val );
2575                                 return NULL;
2576                         }
2577                 }
2578         } else {
2579                 // Compare to a null value
2580                 val = strdup( "NULL" );
2581                 if( strcmp( op, "=" ))
2582                         op = "IS NOT";
2583                 else
2584                         op = "IS";
2585         }
2586
2587         growing_buffer* sql_buf = buffer_init( 32 );
2588         buffer_fadd( sql_buf, "\"%s\".%s %s %s", class_alias, osrfHashGet(field, "name"), op, val );
2589         char* pred = buffer_release( sql_buf );
2590
2591         free( val );
2592
2593         return pred;
2594 }
2595
2596 static char* searchBETWEENPredicate( const char* class_alias,
2597                 osrfHash* field, const jsonObject* node ) {
2598
2599         const jsonObject* x_node = jsonObjectGetIndex( node, 0 );
2600         const jsonObject* y_node = jsonObjectGetIndex( node, 1 );
2601
2602         if( NULL == y_node ) {
2603                 osrfLogError( OSRF_LOG_MARK, "%s: Not enough operands for BETWEEN operator", modulename );
2604                 return NULL;
2605         }
2606         else if( NULL != jsonObjectGetIndex( node, 2 ) ) {
2607                 osrfLogError( OSRF_LOG_MARK, "%s: Too many operands for BETWEEN operator", modulename );
2608                 return NULL;
2609         }
2610
2611         char* x_string;
2612         char* y_string;
2613
2614         if( !strcmp( get_primitive( field ), "number") ) {
2615                 x_string = jsonNumberToDBString( field, x_node );
2616                 y_string = jsonNumberToDBString( field, y_node );
2617
2618         } else {
2619                 x_string = jsonObjectToSimpleString( x_node );
2620                 y_string = jsonObjectToSimpleString( y_node );
2621                 if( !(dbi_conn_quote_string( dbhandle, &x_string )
2622                         && dbi_conn_quote_string( dbhandle, &y_string )) ) {
2623                         osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key strings [%s] and [%s]",
2624                                         modulename, x_string, y_string );
2625                         free( x_string );
2626                         free( y_string );
2627                         return NULL;
2628                 }
2629         }
2630
2631         growing_buffer* sql_buf = buffer_init( 32 );
2632         buffer_fadd( sql_buf, "\"%s\".%s BETWEEN %s AND %s",
2633                         class_alias, osrfHashGet( field, "name" ), x_string, y_string );
2634         free( x_string );
2635         free( y_string );
2636
2637         return buffer_release( sql_buf );
2638 }
2639
2640 static char* searchPredicate( const ClassInfo* class_info, osrfHash* field,
2641                                                           jsonObject* node, osrfMethodContext* ctx ) {
2642
2643         char* pred = NULL;
2644         if( node->type == JSON_ARRAY ) { // equality IN search
2645                 pred = searchINPredicate( class_info->alias, field, node, NULL, ctx );
2646         } else if( node->type == JSON_HASH ) { // other search
2647                 jsonIterator* pred_itr = jsonNewIterator( node );
2648                 if( !jsonIteratorHasNext( pred_itr ) ) {
2649                         osrfLogError( OSRF_LOG_MARK, "%s: Empty predicate for field \"%s\"",
2650                                         modulename, osrfHashGet(field, "name" ));
2651                 } else {
2652                         jsonObject* pred_node = jsonIteratorNext( pred_itr );
2653
2654                         // Verify that there are no additional predicates
2655                         if( jsonIteratorHasNext( pred_itr ) ) {
2656                                 osrfLogError( OSRF_LOG_MARK, "%s: Multiple predicates for field \"%s\"",
2657                                                 modulename, osrfHashGet(field, "name" ));
2658                         } else if( !(strcasecmp( pred_itr->key,"between" )) )
2659                                 pred = searchBETWEENPredicate( class_info->alias, field, pred_node );
2660                         else if( !(strcasecmp( pred_itr->key,"in" ))
2661                                         || !(strcasecmp( pred_itr->key,"not in" )) )
2662                                 pred = searchINPredicate(
2663                                         class_info->alias, field, pred_node, pred_itr->key, ctx );
2664                         else if( pred_node->type == JSON_ARRAY )
2665                                 pred = searchFunctionPredicate(
2666                                         class_info->alias, field, pred_node, pred_itr->key );
2667                         else if( pred_node->type == JSON_HASH )
2668                                 pred = searchFieldTransformPredicate(
2669                                         class_info, field, pred_node, pred_itr->key );
2670                         else
2671                                 pred = searchSimplePredicate( pred_itr->key, class_info->alias, field, pred_node );
2672                 }
2673                 jsonIteratorFree( pred_itr );
2674
2675         } else if( node->type == JSON_NULL ) { // IS NULL search
2676                 growing_buffer* _p = buffer_init( 64 );
2677                 buffer_fadd(
2678                         _p,
2679                         "\"%s\".%s IS NULL",
2680                         class_info->class_name,
2681                         osrfHashGet( field, "name" )
2682                 );
2683                 pred = buffer_release( _p );
2684         } else { // equality search
2685                 pred = searchSimplePredicate( "=", class_info->alias, field, node );
2686         }
2687
2688         return pred;
2689
2690 }
2691
2692
2693 /*
2694
2695 join : {
2696         acn : {
2697                 field : record,
2698                 fkey : id
2699                 type : left
2700                 filter_op : or
2701                 filter : { ... },
2702                 join : {
2703                         acp : {
2704                                 field : call_number,
2705                                 fkey : id,
2706                                 filter : { ... },
2707                         },
2708                 },
2709         },
2710         mrd : {
2711                 field : record,
2712                 type : inner
2713                 fkey : id,
2714                 filter : { ... },
2715         }
2716 }
2717
2718 */
2719
2720 static char* searchJOIN( const jsonObject* join_hash, const ClassInfo* left_info ) {
2721
2722         const jsonObject* working_hash;
2723         jsonObject* freeable_hash = NULL;
2724
2725         if( join_hash->type == JSON_HASH ) {
2726                 working_hash = join_hash;
2727         } else if( join_hash->type == JSON_STRING ) {
2728                 // turn it into a JSON_HASH by creating a wrapper
2729                 // around a copy of the original
2730                 const char* _tmp = jsonObjectGetString( join_hash );
2731                 freeable_hash = jsonNewObjectType( JSON_HASH );
2732                 jsonObjectSetKey( freeable_hash, _tmp, NULL );
2733                 working_hash = freeable_hash;
2734         } else {
2735                 osrfLogError(
2736                         OSRF_LOG_MARK,
2737                         "%s: JOIN failed; expected JSON object type not found",
2738                         modulename
2739                 );
2740                 return NULL;
2741         }
2742
2743         growing_buffer* join_buf = buffer_init( 128 );
2744         const char* leftclass = left_info->class_name;
2745
2746         jsonObject* snode = NULL;
2747         jsonIterator* search_itr = jsonNewIterator( working_hash );
2748
2749         while ( (snode = jsonIteratorNext( search_itr )) ) {
2750                 const char* right_alias = search_itr->key;
2751                 const char* class =
2752                                 jsonObjectGetString( jsonObjectGetKeyConst( snode, "class" ) );
2753                 if( ! class )
2754                         class = right_alias;
2755
2756                 const ClassInfo* right_info = add_joined_class( right_alias, class );
2757                 if( !right_info ) {
2758                         osrfLogError(
2759                                 OSRF_LOG_MARK,
2760                                 "%s: JOIN failed.  Class \"%s\" not resolved in IDL",
2761                                 modulename,
2762                                 search_itr->key
2763                         );
2764                         jsonIteratorFree( search_itr );
2765                         buffer_free( join_buf );
2766                         if( freeable_hash )
2767                                 jsonObjectFree( freeable_hash );
2768                         return NULL;
2769                 }
2770                 osrfHash* links    = right_info->links;
2771                 const char* table  = right_info->source_def;
2772
2773                 const char* fkey  = jsonObjectGetString( jsonObjectGetKeyConst( snode, "fkey" ) );
2774                 const char* field = jsonObjectGetString( jsonObjectGetKeyConst( snode, "field" ) );
2775
2776                 if( field && !fkey ) {
2777                         // Look up the corresponding join column in the IDL.
2778                         // The link must be defined in the child table,
2779                         // and point to the right parent table.
2780                         osrfHash* idl_link = (osrfHash*) osrfHashGet( links, field );
2781                         const char* reltype = NULL;
2782                         const char* other_class = NULL;
2783                         reltype = osrfHashGet( idl_link, "reltype" );
2784                         if( reltype && strcmp( reltype, "has_many" ) )
2785                                 other_class = osrfHashGet( idl_link, "class" );
2786                         if( other_class && !strcmp( other_class, leftclass ) )
2787                                 fkey = osrfHashGet( idl_link, "key" );
2788                         if( !fkey ) {
2789                                 osrfLogError(
2790                                         OSRF_LOG_MARK,
2791                                         "%s: JOIN failed.  No link defined from %s.%s to %s",
2792                                         modulename,
2793                                         class,
2794                                         field,
2795                                         leftclass
2796                                 );
2797                                 buffer_free( join_buf );
2798                                 if( freeable_hash )
2799                                         jsonObjectFree( freeable_hash );
2800                                 jsonIteratorFree( search_itr );
2801                                 return NULL;
2802                         }
2803
2804                 } else if( !field && fkey ) {
2805                         // Look up the corresponding join column in the IDL.
2806                         // The link must be defined in the child table,
2807                         // and point to the right parent table.
2808                         osrfHash* left_links = left_info->links;
2809                         osrfHash* idl_link = (osrfHash*) osrfHashGet( left_links, fkey );
2810                         const char* reltype = NULL;
2811                         const char* other_class = NULL;
2812                         reltype = osrfHashGet( idl_link, "reltype" );
2813                         if( reltype && strcmp( reltype, "has_many" ) )
2814                                 other_class = osrfHashGet( idl_link, "class" );
2815                         if( other_class && !strcmp( other_class, class ) )
2816                                 field = osrfHashGet( idl_link, "key" );
2817                         if( !field ) {
2818                                 osrfLogError(
2819                                         OSRF_LOG_MARK,
2820                                         "%s: JOIN failed.  No link defined from %s.%s to %s",
2821                                         modulename,
2822                                         leftclass,
2823                                         fkey,
2824                                         class
2825                                 );
2826                                 buffer_free( join_buf );
2827                                 if( freeable_hash )
2828                                         jsonObjectFree( freeable_hash );
2829                                 jsonIteratorFree( search_itr );
2830                                 return NULL;
2831                         }
2832
2833                 } else if( !field && !fkey ) {
2834                         osrfHash* left_links = left_info->links;
2835
2836                         // For each link defined for the left class:
2837                         // see if the link references the joined class
2838                         osrfHashIterator* itr = osrfNewHashIterator( left_links );
2839                         osrfHash* curr_link = NULL;
2840                         while( (curr_link = osrfHashIteratorNext( itr ) ) ) {
2841                                 const char* other_class = osrfHashGet( curr_link, "class" );
2842                                 if( other_class && !strcmp( other_class, class ) ) {
2843
2844                                         // In the IDL, the parent class doesn't always know then names of the child
2845                                         // columns that are pointing to it, so don't use that end of the link
2846                                         const char* reltype = osrfHashGet( curr_link, "reltype" );
2847                                         if( reltype && strcmp( reltype, "has_many" ) ) {
2848                                                 // Found a link between the classes
2849                                                 fkey = osrfHashIteratorKey( itr );
2850                                                 field = osrfHashGet( curr_link, "key" );
2851                                                 break;
2852                                         }
2853                                 }
2854                         }
2855                         osrfHashIteratorFree( itr );
2856
2857                         if( !field || !fkey ) {
2858                                 // Do another such search, with the classes reversed
2859
2860                                 // For each link defined for the joined class:
2861                                 // see if the link references the left class
2862                                 osrfHashIterator* itr = osrfNewHashIterator( links );
2863                                 osrfHash* curr_link = NULL;
2864                                 while( (curr_link = osrfHashIteratorNext( itr ) ) ) {
2865                                         const char* other_class = osrfHashGet( curr_link, "class" );
2866                                         if( other_class&n