Plug some memory leaks, and eliminate some unnecessary
[working/Evergreen.git] / Open-ILS / src / c-apps / oils_sql.c
1 /**
2         @file oils_sql.c
3         @brief Utility routines for translating JSON into SQL.
4 */
5
6 #include <stdlib.h>
7 #include <string.h>
8 #include <time.h>
9 #include <ctype.h>
10 #include <dbi/dbi.h>
11 #include "opensrf/utils.h"
12 #include "opensrf/log.h"
13 #include "opensrf/osrf_application.h"
14 #include "openils/oils_utils.h"
15 #include "openils/oils_sql.h"
16
17 // The next four macros are OR'd together as needed to form a set
18 // of bitflags.  SUBCOMBO enables an extra pair of parentheses when
19 // nesting one UNION, INTERSECT or EXCEPT inside another.
20 // SUBSELECT tells us we're in a subquery, so don't add the
21 // terminal semicolon yet.
22 #define SUBCOMBO    8
23 #define SUBSELECT   4
24 #define DISABLE_I18N    2
25 #define SELECT_DISTINCT 1
26
27 #define AND_OP_JOIN     0
28 #define OR_OP_JOIN      1
29
30 struct ClassInfoStruct;
31 typedef struct ClassInfoStruct ClassInfo;
32
33 #define ALIAS_STORE_SIZE 16
34 #define CLASS_NAME_STORE_SIZE 16
35
36 struct ClassInfoStruct {
37         char* alias;
38         char* class_name;
39         char* source_def;
40         osrfHash* class_def;      // Points into IDL
41         osrfHash* fields;         // Points into IDL
42         osrfHash* links;          // Points into IDL
43
44         // The remaining members are private and internal.  Client code should not
45         // access them directly.
46
47         ClassInfo* next;          // Supports linked list of joined classes
48         int in_use;               // boolean
49
50         // We usually store the alias and class name in the following arrays, and
51         // point the corresponding pointers at them.  When the string is too big
52         // for the array (which will probably never happen in practice), we strdup it.
53
54         char alias_store[ ALIAS_STORE_SIZE + 1 ];
55         char class_name_store[ CLASS_NAME_STORE_SIZE + 1 ];
56 };
57
58 struct QueryFrameStruct;
59 typedef struct QueryFrameStruct QueryFrame;
60
61 struct QueryFrameStruct {
62         ClassInfo core;
63         ClassInfo* join_list;  // linked list of classes joined to the core class
64         QueryFrame* next;      // implements stack as linked list
65         int in_use;            // boolean
66 };
67
68 static int timeout_needs_resetting;
69 static time_t time_next_reset;
70
71 static int verifyObjectClass ( osrfMethodContext*, const jsonObject* );
72
73 static void setXactId( osrfMethodContext* ctx );
74 static inline const char* getXactId( osrfMethodContext* ctx );
75 static inline void clearXactId( osrfMethodContext* ctx );
76
77 static jsonObject* doFieldmapperSearch ( osrfMethodContext* ctx, osrfHash* class_meta,
78                 jsonObject* where_hash, jsonObject* query_hash, int* err );
79 static jsonObject* oilsMakeFieldmapperFromResult( dbi_result, osrfHash* );
80 static jsonObject* oilsMakeJSONFromResult( dbi_result );
81
82 static char* searchSimplePredicate ( const char* op, const char* class_alias,
83                                 osrfHash* field, const jsonObject* node );
84 static char* searchFunctionPredicate ( const char*, osrfHash*, const jsonObject*, const char* );
85 static char* searchFieldTransform ( const char*, osrfHash*, const jsonObject* );
86 static char* searchFieldTransformPredicate ( const ClassInfo*, osrfHash*, const jsonObject*,
87                 const char* );
88 static char* searchBETWEENPredicate ( const char*, osrfHash*, const jsonObject* );
89 static char* searchINPredicate ( const char*, osrfHash*,
90                                                                  jsonObject*, const char*, osrfMethodContext* );
91 static char* searchPredicate ( const ClassInfo*, osrfHash*, jsonObject*, osrfMethodContext* );
92 static char* searchJOIN ( const jsonObject*, const ClassInfo* left_info );
93 static char* searchWHERE ( const jsonObject*, const ClassInfo*, int, osrfMethodContext* );
94 static char* buildSELECT ( jsonObject*, jsonObject*, osrfHash*, osrfMethodContext* );
95 char* buildQuery( osrfMethodContext* ctx, jsonObject* query, int flags );
96
97 char* SELECT ( osrfMethodContext*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, jsonObject*, int );
98
99 void userDataFree( void* );
100 static void sessionDataFree( char*, void* );
101 static int obj_is_true( const jsonObject* obj );
102 static const char* json_type( int code );
103 static const char* get_primitive( osrfHash* field );
104 static const char* get_datatype( osrfHash* field );
105 static int is_identifier( const char* s );
106 static int is_good_operator( const char* op );
107 static void pop_query_frame( void );
108 static void push_query_frame( void );
109 static int add_query_core( const char* alias, const char* class_name );
110 static inline ClassInfo* search_alias( const char* target );
111 static ClassInfo* search_all_alias( const char* target );
112 static ClassInfo* add_joined_class( const char* alias, const char* classname );
113 static void clear_query_stack( void );
114
115 static const jsonObject* verifyUserPCRUD( osrfMethodContext* );
116 static int verifyObjectPCRUD( osrfMethodContext*, const jsonObject* );
117 static const char* org_tree_root( osrfMethodContext* ctx );
118 static jsonObject* single_hash( const char* key, const char* value );
119
120 static int child_initialized = 0;   /* boolean */
121
122 static dbi_conn writehandle; /* our MASTER db connection */
123 static dbi_conn dbhandle; /* our CURRENT db connection */
124 //static osrfHash * readHandles;
125
126 // The following points to the top of a stack of QueryFrames.  It's a little
127 // confusing because the top level of the query is at the bottom of the stack.
128 static QueryFrame* curr_query = NULL;
129
130 static dbi_conn writehandle; /* our MASTER db connection */
131 static dbi_conn dbhandle; /* our CURRENT db connection */
132 //static osrfHash * readHandles;
133
134 static int max_flesh_depth = 100;
135
136 static int enforce_pcrud = 0;     // Boolean
137 static char* modulename = NULL;
138
139 /**
140         @brief Connect to the database.
141         @return A database connection if successful, or NULL if not.
142  */
143 dbi_conn oilsConnectDB( const char* mod_name ) {
144
145         osrfLogDebug( OSRF_LOG_MARK, "Attempting to initialize libdbi..." );
146         if( dbi_initialize( NULL ) == -1 ) {
147                 osrfLogError( OSRF_LOG_MARK, "Unable to initialize libdbi" );
148                 return NULL;
149         } else
150                 osrfLogDebug( OSRF_LOG_MARK, "... libdbi initialized." );
151
152         char* driver = osrf_settings_host_value( "/apps/%s/app_settings/driver", mod_name );
153         char* user   = osrf_settings_host_value( "/apps/%s/app_settings/database/user", mod_name );
154         char* host   = osrf_settings_host_value( "/apps/%s/app_settings/database/host", mod_name );
155         char* port   = osrf_settings_host_value( "/apps/%s/app_settings/database/port", mod_name );
156         char* db     = osrf_settings_host_value( "/apps/%s/app_settings/database/db", mod_name );
157         char* pw     = osrf_settings_host_value( "/apps/%s/app_settings/database/pw", mod_name );
158
159         osrfLogDebug( OSRF_LOG_MARK, "Attempting to load the database driver [%s]...", driver );
160         dbi_conn handle = dbi_conn_new( driver );
161
162         if( !handle ) {
163                 osrfLogError( OSRF_LOG_MARK, "Error loading database driver [%s]", driver );
164                 return NULL;
165         }
166         osrfLogDebug( OSRF_LOG_MARK, "Database driver [%s] seems OK", driver );
167
168         osrfLogInfo(OSRF_LOG_MARK, "%s connecting to database.  host=%s, "
169                 "port=%s, user=%s, db=%s", mod_name, host, port, user, db );
170
171         if( host ) dbi_conn_set_option( handle, "host", host );
172         if( port ) dbi_conn_set_option_numeric( handle, "port", atoi( port ));
173         if( user ) dbi_conn_set_option( handle, "username", user );
174         if( pw )   dbi_conn_set_option( handle, "password", pw );
175         if( db )   dbi_conn_set_option( handle, "dbname", db );
176
177         free( user );
178         free( host );
179         free( port );
180         free( db );
181         free( pw );
182
183         if( dbi_conn_connect( handle ) < 0 ) {
184                 sleep( 1 );
185                 if( dbi_conn_connect( handle ) < 0 ) {
186                         const char* errmsg;
187                         dbi_conn_error( handle, &errmsg );
188                         osrfLogError( OSRF_LOG_MARK, "Error connecting to database: %s", errmsg );
189                         return NULL;
190                 }
191         }
192
193         osrfLogInfo( OSRF_LOG_MARK, "%s successfully connected to the database", mod_name );
194
195         return handle;
196 }
197
198 /**
199         @brief Select some options.
200         @param module_name: Name of the server.
201         @param do_pcrud: Boolean.  True if we are to enforce PCRUD permissions.
202
203         This source file is used (at this writing) to implement three different servers:
204         - open-ils.reporter-store
205         - open-ils.pcrud
206         - open-ils.cstore
207
208         These servers behave mostly the same, but they implement different combinations of
209         methods, and open-ils.pcrud enforces a permissions scheme that the other two don't.
210
211         Here we use the server name in messages to identify which kind of server issued them.
212         We use do_crud as a boolean to control whether or not to enforce the permissions scheme.
213 */
214 void oilsSetSQLOptions( const char* module_name, int do_pcrud, int flesh_depth ) {
215         if( !module_name )
216                 module_name = "open-ils.cstore";   // bulletproofing with a default
217
218         if( modulename )
219                 free( modulename );
220
221         modulename = strdup( module_name );
222         enforce_pcrud = do_pcrud;
223         max_flesh_depth = flesh_depth;
224 }
225
226 /**
227         @brief Install a database connection.
228         @param conn Pointer to a database connection.
229
230         In some contexts, @a conn may merely provide a driver so that we can process strings
231         properly, without providing an open database connection.
232 */
233 void oilsSetDBConnection( dbi_conn conn ) {
234         dbhandle = writehandle = conn;
235 }
236
237 /**
238         @brief Get a table name, view name, or subquery for use in a FROM clause.
239         @param class Pointer to the IDL class entry.
240         @return A table name, a view name, or a subquery in parentheses.
241
242         In some cases the IDL defines a class, not with a table name or a view name, but with
243         a SELECT statement, which may be used as a subquery.
244 */
245 char* oilsGetRelation( osrfHash* classdef ) {
246
247         char* source_def = NULL;
248         const char* tabledef = osrfHashGet( classdef, "tablename" );
249
250         if( tabledef ) {
251                 source_def = strdup( tabledef );   // Return the name of a table or view
252         } else {
253                 tabledef = osrfHashGet( classdef, "source_definition" );
254                 if( tabledef ) {
255                         // Return a subquery, enclosed in parentheses
256                         source_def = safe_malloc( strlen( tabledef ) + 3 );
257                         source_def[ 0 ] = '(';
258                         strcpy( source_def + 1, tabledef );
259                         strcat( source_def, ")" );
260                 } else {
261                         // Not found: return an error
262                         const char* classname = osrfHashGet( classdef, "classname" );
263                         if( !classname )
264                                 classname = "???";
265                         osrfLogError(
266                                 OSRF_LOG_MARK,
267                                 "%s ERROR No tablename or source_definition for class \"%s\"",
268                                 modulename,
269                                 classname
270                         );
271                 }
272         }
273
274         return source_def;
275 }
276
277 /**
278         @brief Add datatypes from the database to the fields in the IDL.
279         @param handle Handle for a database connection
280         @return Zero if successful, or 1 upon error.
281
282         For each relevant class in the IDL: ask the database for the datatype of every field.
283         In particular, determine which fields are text fields and which fields are numeric
284         fields, so that we know whether to enclose their values in quotes.
285 */
286 int oilsExtendIDL( dbi_conn handle ) {
287         osrfHashIterator* class_itr = osrfNewHashIterator( oilsIDL() );
288         osrfHash* class = NULL;
289         growing_buffer* query_buf = buffer_init( 64 );
290         int results_found = 0;   // boolean
291
292         // For each class in the IDL...
293         while( (class = osrfHashIteratorNext( class_itr ) ) ) {
294                 const char* classname = osrfHashIteratorKey( class_itr );
295                 osrfHash* fields = osrfHashGet( class, "fields" );
296
297                 // If the class is virtual, ignore it
298                 if( str_is_true( osrfHashGet(class, "virtual") ) ) {
299                         osrfLogDebug(OSRF_LOG_MARK, "Class %s is virtual, skipping", classname );
300                         continue;
301                 }
302
303                 char* tabledef = oilsGetRelation( class );
304                 if( !tabledef )
305                         continue;   // No such relation -- a query of it would be doomed to failure
306
307                 buffer_reset( query_buf );
308                 buffer_fadd( query_buf, "SELECT * FROM %s AS x WHERE 1=0;", tabledef );
309
310                 free(tabledef );
311
312                 osrfLogDebug( OSRF_LOG_MARK, "%s Investigatory SQL = %s",
313                                 modulename, OSRF_BUFFER_C_STR( query_buf ) );
314
315                 dbi_result result = dbi_conn_query( handle, OSRF_BUFFER_C_STR( query_buf ) );
316                 if( result ) {
317
318                         results_found = 1;
319                         int columnIndex = 1;
320                         const char* columnName;
321                         while( (columnName = dbi_result_get_field_name(result, columnIndex)) ) {
322
323                                 osrfLogInternal( OSRF_LOG_MARK, "Looking for column named [%s]...",
324                                                 columnName );
325
326                                 /* fetch the fieldmapper index */
327                                 osrfHash* _f = osrfHashGet(fields, columnName);
328                                 if( _f ) {
329
330                                         osrfLogDebug(OSRF_LOG_MARK, "Found [%s] in IDL hash...", columnName);
331
332                                         /* determine the field type and storage attributes */
333
334                                         switch( dbi_result_get_field_type_idx( result, columnIndex )) {
335
336                                                 case DBI_TYPE_INTEGER : {
337
338                                                         if( !osrfHashGet(_f, "primitive") )
339                                                                 osrfHashSet(_f, "number", "primitive");
340
341                                                         int attr = dbi_result_get_field_attribs_idx( result, columnIndex );
342                                                         if( attr & DBI_INTEGER_SIZE8 )
343                                                                 osrfHashSet( _f, "INT8", "datatype" );
344                                                         else
345                                                                 osrfHashSet( _f, "INT", "datatype" );
346                                                         break;
347                                                 }
348                                                 case DBI_TYPE_DECIMAL :
349                                                         if( !osrfHashGet( _f, "primitive" ))
350                                                                 osrfHashSet( _f, "number", "primitive" );
351
352                                                         osrfHashSet( _f, "NUMERIC", "datatype" );
353                                                         break;
354
355                                                 case DBI_TYPE_STRING :
356                                                         if( !osrfHashGet( _f, "primitive" ))
357                                                                 osrfHashSet( _f, "string", "primitive" );
358
359                                                         osrfHashSet( _f,"TEXT", "datatype" );
360                                                         break;
361
362                                                 case DBI_TYPE_DATETIME :
363                                                         if( !osrfHashGet( _f, "primitive" ))
364                                                                 osrfHashSet( _f, "string", "primitive" );
365
366                                                         osrfHashSet( _f, "TIMESTAMP", "datatype" );
367                                                         break;
368
369                                                 case DBI_TYPE_BINARY :
370                                                         if( !osrfHashGet( _f, "primitive" ))
371                                                                 osrfHashSet( _f, "string", "primitive" );
372
373                                                         osrfHashSet( _f, "BYTEA", "datatype" );
374                                         }
375
376                                         osrfLogDebug(
377                                                 OSRF_LOG_MARK,
378                                                 "Setting [%s] to primitive [%s] and datatype [%s]...",
379                                                 columnName,
380                                                 osrfHashGet( _f, "primitive" ),
381                                                 osrfHashGet( _f, "datatype" )
382                                         );
383                                 }
384                                 ++columnIndex;
385                         } // end while loop for traversing columns of result
386                         dbi_result_free( result  );
387                 } else {
388                         osrfLogDebug( OSRF_LOG_MARK, "No data found for class [%s]...", classname );
389                 }
390         } // end for each class in IDL
391
392         buffer_free( query_buf );
393         osrfHashIteratorFree( class_itr );
394         child_initialized = 1;
395
396         if( !results_found ) {
397                 osrfLogError( OSRF_LOG_MARK,
398                         "No results found for any class -- bad database connection?" );
399                 return 1;
400         }
401         else
402                 return 0;
403 }
404
405 /**
406         @brief Free an osrfHash that stores a transaction ID.
407         @param blob A pointer to the osrfHash to be freed, cast to a void pointer.
408
409         This function is a callback, to be called by the application session when it ends.
410         The application session stores the osrfHash via an opaque pointer.
411
412         If the osrfHash contains an entry for the key "xact_id", it means that an
413         uncommitted transaction is pending.  Roll it back.
414 */
415 void userDataFree( void* blob ) {
416         osrfHash* hash = (osrfHash*) blob;
417         if( osrfHashGet( hash, "xact_id" ) && writehandle )
418                 dbi_conn_query( writehandle, "ROLLBACK;" );
419
420         osrfHashFree( hash );
421 }
422
423 /**
424         @name Managing session data
425         @brief Maintain data stored via the userData pointer of the application session.
426
427         Currently, session-level data is stored in an osrfHash.  Other arrangements are
428         possible, and some would be more efficient.  The application session calls a
429         callback function to free userData before terminating.
430
431         Currently, the only data we store at the session level is the transaction id.  By this
432         means we can ensure that any pending transactions are rolled back before the application
433         session terminates.
434 */
435 /*@{*/
436
437 /**
438         @brief Free an item in the application session's userData.
439         @param key The name of a key for an osrfHash.
440         @param item An opaque pointer to the item associated with the key.
441
442         We store an osrfHash as userData with the application session, and arrange (by
443         installing userDataFree() as a different callback) for the session to free that
444         osrfHash before terminating.
445
446         This function is a callback for freeing items in the osrfHash.  Currently we store
447         two things:
448         - Transaction id of a pending transaction; a character string.  Key: "xact_id".
449         - Authkey; a character string.  Key: "authkey".
450         - User object from the authentication server; a jsonObject.  Key: "user_login".
451
452         If we ever store anything else in userData, we will need to revisit this function so
453         that it will free whatever else needs freeing.
454 */
455 static void sessionDataFree( char* key, void* item ) {
456         if( !strcmp( key, "xact_id" )
457              || !strcmp( key, "authkey" ) ) {
458                 free( item );
459         } else if( !strcmp( key, "user_login" ) )
460                 jsonObjectFree( (jsonObject*) item );
461 }
462
463 /**
464         @brief Save a transaction id.
465         @param ctx Pointer to the method context.
466
467         Save the session_id of the current application session as a transaction id.
468 */
469 static void setXactId( osrfMethodContext* ctx ) {
470         if( ctx && ctx->session ) {
471                 osrfAppSession* session = ctx->session;
472
473                 osrfHash* cache = session->userData;
474
475                 // If the session doesn't already have a hash, create one.  Make sure
476                 // that the application session frees the hash when it terminates.
477                 if( NULL == cache ) {
478                         session->userData = cache = osrfNewHash();
479                         osrfHashSetCallback( cache, &sessionDataFree );
480                         ctx->session->userDataFree = &userDataFree;
481                 }
482
483                 // Save the transaction id in the hash, with the key "xact_id"
484                 osrfHashSet( cache, strdup( session->session_id ), "xact_id" );
485         }
486 }
487
488 /**
489         @brief Get the transaction ID for the current transaction, if any.
490         @param ctx Pointer to the method context.
491         @return Pointer to the transaction ID.
492
493         The return value points to an internal buffer, and will become invalid upon issuing
494         a commit or rollback.
495 */
496 static inline const char* getXactId( osrfMethodContext* ctx ) {
497         if( ctx && ctx->session && ctx->session->userData )
498                 return osrfHashGet( (osrfHash*) ctx->session->userData, "xact_id" );
499         else
500                 return NULL;
501 }
502
503 /**
504         @brief Clear the current transaction id.
505         @param ctx Pointer to the method context.
506 */
507 static inline void clearXactId( osrfMethodContext* ctx ) {
508         if( ctx && ctx->session && ctx->session->userData )
509                 osrfHashRemove( ctx->session->userData, "xact_id" );
510 }
511 /*@}*/
512
513 /**
514         @brief Save the user's login in the userData for the current application session.
515         @param ctx Pointer to the method context.
516         @param user_login Pointer to the user login object to be cached (we cache the original,
517         not a copy of it).
518
519         If @a user_login is NULL, remove the user login if one is already cached.
520 */
521 static void setUserLogin( osrfMethodContext* ctx, jsonObject* user_login ) {
522         if( ctx && ctx->session ) {
523                 osrfAppSession* session = ctx->session;
524
525                 osrfHash* cache = session->userData;
526
527                 // If the session doesn't already have a hash, create one.  Make sure
528                 // that the application session frees the hash when it terminates.
529                 if( NULL == cache ) {
530                         session->userData = cache = osrfNewHash();
531                         osrfHashSetCallback( cache, &sessionDataFree );
532                         ctx->session->userDataFree = &userDataFree;
533                 }
534
535                 if( user_login )
536                         osrfHashSet( cache, user_login, "user_login" );
537                 else
538                         osrfHashRemove( cache, "user_login" );
539         }
540 }
541
542 /**
543         @brief Get the user login object for the current application session, if any.
544         @param ctx Pointer to the method context.
545         @return Pointer to the user login object if found; otherwise NULL.
546
547         The user login object was returned from the authentication server, and then cached so
548         we don't have to call the authentication server again for the same user.
549 */
550 static const jsonObject* getUserLogin( osrfMethodContext* ctx ) {
551         if( ctx && ctx->session && ctx->session->userData )
552                 return osrfHashGet( (osrfHash*) ctx->session->userData, "user_login" );
553         else
554                 return NULL;
555 }
556
557 /**
558         @brief Save a copy of an authkey in the userData of the current application session.
559         @param ctx Pointer to the method context.
560         @param authkey The authkey to be saved.
561
562         If @a authkey is NULL, remove the authkey if one is already cached.
563 */
564 static void setAuthkey( osrfMethodContext* ctx, const char* authkey ) {
565         if( ctx && ctx->session && authkey ) {
566                 osrfAppSession* session = ctx->session;
567                 osrfHash* cache = session->userData;
568
569                 // If the session doesn't already have a hash, create one.  Make sure
570                 // that the application session frees the hash when it terminates.
571                 if( NULL == cache ) {
572                         session->userData = cache = osrfNewHash();
573                         osrfHashSetCallback( cache, &sessionDataFree );
574                         ctx->session->userDataFree = &userDataFree;
575                 }
576
577                 // Save the transaction id in the hash, with the key "xact_id"
578                 if( authkey && *authkey )
579                         osrfHashSet( cache, strdup( authkey ), "authkey" );
580                 else
581                         osrfHashRemove( cache, "authkey" );
582         }
583 }
584
585 /**
586         @brief Reset the login timeout.
587         @param authkey The authentication key for the current login session.
588         @param now The current time.
589         @return Zero if successful, or 1 if not.
590
591         Tell the authentication server to reset the timeout so that the login session won't
592         expire for a while longer.
593
594         We could dispense with the @a now parameter by calling time().  But we just called
595         time() in order to decide whether to reset the timeout, so we might as well reuse
596         the result instead of calling time() again.
597 */
598 static int reset_timeout( const char* authkey, time_t now ) {
599         jsonObject* auth_object = jsonNewObject( authkey );
600
601         // Ask the authentication server to reset the timeout.  It returns an event
602         // indicating success or failure.
603         jsonObject* result = oilsUtilsQuickReq( "open-ils.auth",
604                 "open-ils.auth.session.reset_timeout", auth_object );
605         jsonObjectFree( auth_object );
606
607         if( !result || result->type != JSON_HASH ) {
608                 osrfLogError( OSRF_LOG_MARK,
609                          "Unexpected object type receieved from open-ils.auth.session.reset_timeout" );
610                 jsonObjectFree( result );
611                 return 1;       // Not the right sort of object returned
612         }
613
614         const jsonObject* ilsevent = jsonObjectGetKey( result, "ilsevent" );
615         if( !ilsevent || ilsevent->type != JSON_NUMBER ) {
616                 osrfLogError( OSRF_LOG_MARK, "ilsevent is absent or malformed" );
617                 jsonObjectFree( result );
618                 return 1;    // Return code from method not available
619         }
620
621         if( jsonObjectGetNumber( ilsevent ) != 0.0 ) {
622                 const char* desc = jsonObjectGetString( jsonObjectGetKey( result, "desc" ) );
623                 if( !desc )
624                         desc = "(No reason available)";    // failsafe; shouldn't happen
625                 osrfLogInfo( OSRF_LOG_MARK, "Failure to reset timeout: %s", desc );
626                 jsonObjectFree( result );
627                 return 1;
628         }
629
630         // Revise our local proxy for the timeout deadline
631         // by a smallish fraction of the timeout interval
632         const char* timeout = jsonObjectGetString( jsonObjectGetKey( result, "payload" ) );
633         if( !timeout )
634                 timeout = "1";   // failsafe; shouldn't happen
635         time_next_reset = now + atoi( timeout ) / 15;
636
637         jsonObjectFree( result );
638         return 0;     // Successfully reset timeout
639 }
640
641 /**
642         @brief Get the authkey string for the current application session, if any.
643         @param ctx Pointer to the method context.
644         @return Pointer to the cached authkey if found; otherwise NULL.
645
646         If present, the authkey string was cached from a previous method call.
647 */
648 static const char* getAuthkey( osrfMethodContext* ctx ) {
649         if( ctx && ctx->session && ctx->session->userData ) {
650                 const char* authkey = osrfHashGet( (osrfHash*) ctx->session->userData, "authkey" );
651
652                 // Possibly reset the authentication timeout to keep the login alive.  We do so
653                 // no more than once per method call, and not at all if it has been only a short
654                 // time since the last reset.
655
656                 // Here we reset explicitly, if at all.  We also implicitly reset the timeout
657                 // whenever we call the "open-ils.auth.session.retrieve" method.
658                 if( timeout_needs_resetting ) {
659                         time_t now = time( NULL );
660                         if( now >= time_next_reset && reset_timeout( authkey, now ) )
661                                 authkey = NULL;    // timeout has apparently expired already
662                 }
663
664                 timeout_needs_resetting = 0;
665                 return authkey;
666         }
667         else
668                 return NULL;
669 }
670
671 /**
672         @brief Implement the transaction.begin method.
673         @param ctx Pointer to the method context.
674         @return Zero if successful, or -1 upon error.
675
676         Start a transaction.  Save a transaction ID for future reference.
677
678         Method parameters:
679         - authkey (PCRUD only)
680
681         Return to client: Transaction ID
682 */
683 int beginTransaction( osrfMethodContext* ctx ) {
684         if(osrfMethodVerifyContext( ctx )) {
685                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
686                 return -1;
687         }
688
689         if( enforce_pcrud ) {
690                 timeout_needs_resetting = 1;
691                 const jsonObject* user = verifyUserPCRUD( ctx );
692                 if( !user )
693                         return -1;
694         }
695
696         dbi_result result = dbi_conn_query( writehandle, "START TRANSACTION;" );
697         if( !result ) {
698                 osrfLogError( OSRF_LOG_MARK, "%s: Error starting transaction", modulename );
699                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
700                                 "osrfMethodException", ctx->request, "Error starting transaction" );
701                 return -1;
702         } else {
703                 setXactId( ctx );
704                 jsonObject* ret = jsonNewObject( getXactId( ctx ) );
705                 osrfAppRespondComplete( ctx, ret );
706                 jsonObjectFree( ret );
707         }
708         return 0;
709 }
710
711 /**
712         @brief Implement the savepoint.set method.
713         @param ctx Pointer to the method context.
714         @return Zero if successful, or -1 if not.
715
716         Issue a SAVEPOINT to the database server.
717
718         Method parameters:
719         - authkey (PCRUD only)
720         - savepoint name
721
722         Return to client: Savepoint name
723 */
724 int setSavepoint( osrfMethodContext* ctx ) {
725         if(osrfMethodVerifyContext( ctx )) {
726                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
727                 return -1;
728         }
729
730         int spNamePos = 0;
731         if( enforce_pcrud ) {
732                 spNamePos = 1;
733                 timeout_needs_resetting = 1;
734                 const jsonObject* user = verifyUserPCRUD( ctx );
735                 if( !user )
736                         return -1;
737         }
738
739         // Verify that a transaction is pending
740         const char* trans_id = getXactId( ctx );
741         if( NULL == trans_id ) {
742                 osrfAppSessionStatus(
743                         ctx->session,
744                         OSRF_STATUS_INTERNALSERVERERROR,
745                         "osrfMethodException",
746                         ctx->request,
747                         "No active transaction -- required for savepoints"
748                 );
749                 return -1;
750         }
751
752         // Get the savepoint name from the method params
753         const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
754
755         dbi_result result = dbi_conn_queryf( writehandle, "SAVEPOINT \"%s\";", spName );
756         if( !result ) {
757                 osrfLogError(
758                         OSRF_LOG_MARK,
759                         "%s: Error creating savepoint %s in transaction %s",
760                         modulename,
761                         spName,
762                         trans_id
763                 );
764                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
765                                 "osrfMethodException", ctx->request, "Error creating savepoint" );
766                 return -1;
767         } else {
768                 jsonObject* ret = jsonNewObject( spName );
769                 osrfAppRespondComplete( ctx, ret );
770                 jsonObjectFree( ret  );
771         }
772         return 0;
773 }
774
775 /**
776         @brief Implement the savepoint.release method.
777         @param ctx Pointer to the method context.
778         @return Zero if successful, or -1 if not.
779
780         Issue a RELEASE SAVEPOINT to the database server.
781
782         Method parameters:
783         - authkey (PCRUD only)
784         - savepoint name
785
786         Return to client: Savepoint name
787 */
788 int releaseSavepoint( osrfMethodContext* ctx ) {
789         if(osrfMethodVerifyContext( ctx )) {
790                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
791                 return -1;
792         }
793
794         int spNamePos = 0;
795         if( enforce_pcrud ) {
796                 spNamePos = 1;
797                 timeout_needs_resetting = 1;
798                 const jsonObject* user = verifyUserPCRUD( ctx );
799                 if(  !user )
800                         return -1;
801         }
802
803         // Verify that a transaction is pending
804         const char* trans_id = getXactId( ctx );
805         if( NULL == trans_id ) {
806                 osrfAppSessionStatus(
807                         ctx->session,
808                         OSRF_STATUS_INTERNALSERVERERROR,
809                         "osrfMethodException",
810                         ctx->request,
811                         "No active transaction -- required for savepoints"
812                 );
813                 return -1;
814         }
815
816         // Get the savepoint name from the method params
817         const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
818
819         dbi_result result = dbi_conn_queryf( writehandle, "RELEASE SAVEPOINT \"%s\";", spName );
820         if( !result ) {
821                 osrfLogError(
822                         OSRF_LOG_MARK,
823                         "%s: Error releasing savepoint %s in transaction %s",
824                         modulename,
825                         spName,
826                         trans_id
827                 );
828                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
829                                 "osrfMethodException", ctx->request, "Error releasing savepoint" );
830                 return -1;
831         } else {
832                 jsonObject* ret = jsonNewObject( spName );
833                 osrfAppRespondComplete( ctx, ret );
834                 jsonObjectFree( ret );
835         }
836         return 0;
837 }
838
839 /**
840         @brief Implement the savepoint.rollback method.
841         @param ctx Pointer to the method context.
842         @return Zero if successful, or -1 if not.
843
844         Issue a ROLLBACK TO SAVEPOINT to the database server.
845
846         Method parameters:
847         - authkey (PCRUD only)
848         - savepoint name
849
850         Return to client: Savepoint name
851 */
852 int rollbackSavepoint( osrfMethodContext* ctx ) {
853         if(osrfMethodVerifyContext( ctx )) {
854                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
855                 return -1;
856         }
857
858         int spNamePos = 0;
859         if( enforce_pcrud ) {
860                 spNamePos = 1;
861                 timeout_needs_resetting = 1;
862                 const jsonObject* user = verifyUserPCRUD( ctx );
863                 if( !user )
864                         return -1;
865         }
866
867         // Verify that a transaction is pending
868         const char* trans_id = getXactId( ctx );
869         if( NULL == trans_id ) {
870                 osrfAppSessionStatus(
871                         ctx->session,
872                         OSRF_STATUS_INTERNALSERVERERROR,
873                         "osrfMethodException",
874                         ctx->request,
875                         "No active transaction -- required for savepoints"
876                 );
877                 return -1;
878         }
879
880         // Get the savepoint name from the method params
881         const char* spName = jsonObjectGetString( jsonObjectGetIndex(ctx->params, spNamePos) );
882
883         dbi_result result = dbi_conn_queryf( writehandle, "ROLLBACK TO SAVEPOINT \"%s\";", spName );
884         if( !result ) {
885                 osrfLogError(
886                         OSRF_LOG_MARK,
887                         "%s: Error rolling back savepoint %s in transaction %s",
888                         modulename,
889                         spName,
890                         trans_id
891                 );
892                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
893                                 "osrfMethodException", ctx->request, "Error rolling back savepoint" );
894                 return -1;
895         } else {
896                 jsonObject* ret = jsonNewObject( spName );
897                 osrfAppRespondComplete( ctx, ret );
898                 jsonObjectFree( ret );
899         }
900         return 0;
901 }
902
903 /**
904         @brief Implement the transaction.commit method.
905         @param ctx Pointer to the method context.
906         @return Zero if successful, or -1 if not.
907
908         Issue a COMMIT to the database server.
909
910         Method parameters:
911         - authkey (PCRUD only)
912
913         Return to client: Transaction ID.
914 */
915 int commitTransaction( osrfMethodContext* ctx ) {
916         if(osrfMethodVerifyContext( ctx )) {
917                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
918                 return -1;
919         }
920
921         if( enforce_pcrud ) {
922                 timeout_needs_resetting = 1;
923                 const jsonObject* user = verifyUserPCRUD( ctx );
924                 if( !user )
925                         return -1;
926         }
927
928         // Verify that a transaction is pending
929         const char* trans_id = getXactId( ctx );
930         if( NULL == trans_id ) {
931                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
932                                 "osrfMethodException", ctx->request, "No active transaction to commit" );
933                 return -1;
934         }
935
936         dbi_result result = dbi_conn_query( writehandle, "COMMIT;" );
937         if( !result ) {
938                 osrfLogError( OSRF_LOG_MARK, "%s: Error committing transaction", modulename );
939                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
940                                 "osrfMethodException", ctx->request, "Error committing transaction" );
941                 return -1;
942         } else {
943                 jsonObject* ret = jsonNewObject( trans_id );
944                 osrfAppRespondComplete( ctx, ret );
945                 jsonObjectFree( ret );
946                 clearXactId( ctx );
947         }
948         return 0;
949 }
950
951 /**
952         @brief Implement the transaction.rollback method.
953         @param ctx Pointer to the method context.
954         @return Zero if successful, or -1 if not.
955
956         Issue a ROLLBACK to the database server.
957
958         Method parameters:
959         - authkey (PCRUD only)
960
961         Return to client: Transaction ID
962 */
963 int rollbackTransaction( osrfMethodContext* ctx ) {
964         if( osrfMethodVerifyContext( ctx )) {
965                 osrfLogError( OSRF_LOG_MARK,  "Invalid method context" );
966                 return -1;
967         }
968
969         if( enforce_pcrud ) {
970                 timeout_needs_resetting = 1;
971                 const jsonObject* user = verifyUserPCRUD( ctx );
972                 if( !user )
973                         return -1;
974         }
975
976         // Verify that a transaction is pending
977         const char* trans_id = getXactId( ctx );
978         if( NULL == trans_id ) {
979                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
980                                 "osrfMethodException", ctx->request, "No active transaction to roll back" );
981                 return -1;
982         }
983
984         dbi_result result = dbi_conn_query( writehandle, "ROLLBACK;" );
985         if( !result ) {
986                 osrfLogError( OSRF_LOG_MARK, "%s: Error rolling back transaction", modulename );
987                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_INTERNALSERVERERROR,
988                                 "osrfMethodException", ctx->request, "Error rolling back transaction" );
989                 return -1;
990         } else {
991                 jsonObject* ret = jsonNewObject( trans_id );
992                 osrfAppRespondComplete( ctx, ret );
993                 jsonObjectFree( ret );
994                 clearXactId( ctx );
995         }
996         return 0;
997 }
998
999 /**
1000         @brief Implement the "search" method.
1001         @param ctx Pointer to the method context.
1002         @return Zero if successful, or -1 if not.
1003
1004         Method parameters:
1005         - authkey (PCRUD only)
1006         - WHERE clause, as jsonObject
1007         - Other SQL clause(s), as a JSON_HASH: joins, SELECT list, LIMIT, etc.
1008
1009         Return to client: rows of the specified class that satisfy a specified WHERE clause.
1010         Optionally flesh linked fields.
1011 */
1012 int doSearch( osrfMethodContext* ctx ) {
1013         if( osrfMethodVerifyContext( ctx )) {
1014                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
1015                 return -1;
1016         }
1017
1018         if( enforce_pcrud )
1019                 timeout_needs_resetting = 1;
1020
1021         jsonObject* where_clause;
1022         jsonObject* rest_of_query;
1023
1024         if( enforce_pcrud ) {
1025                 where_clause  = jsonObjectGetIndex( ctx->params, 1 );
1026                 rest_of_query = jsonObjectGetIndex( ctx->params, 2 );
1027         } else {
1028                 where_clause  = jsonObjectGetIndex( ctx->params, 0 );
1029                 rest_of_query = jsonObjectGetIndex( ctx->params, 1 );
1030         }
1031
1032         // Get the class metadata
1033         osrfHash* method_meta = (osrfHash*) ctx->method->userData;
1034         osrfHash* class_meta = osrfHashGet( method_meta, "class" );
1035
1036         // Do the query
1037         int err = 0;
1038         jsonObject* obj = doFieldmapperSearch( ctx, class_meta, where_clause, rest_of_query, &err );
1039         if( err ) {
1040                 osrfAppRespondComplete( ctx, NULL );
1041                 return -1;
1042         }
1043
1044         // Return each row to the client (except that some may be suppressed by PCRUD)
1045         jsonObject* cur = 0;
1046         unsigned long res_idx = 0;
1047         while((cur = jsonObjectGetIndex( obj, res_idx++ ) )) {
1048                 if( enforce_pcrud && !verifyObjectPCRUD( ctx, cur ))
1049                         continue;
1050                 osrfAppRespond( ctx, cur );
1051         }
1052         jsonObjectFree( obj );
1053
1054         osrfAppRespondComplete( ctx, NULL );
1055         return 0;
1056 }
1057
1058 /**
1059         @brief Implement the "id_list" method.
1060         @param ctx Pointer to the method context.
1061         @param err Pointer through which to return an error code.
1062         @return Zero if successful, or -1 if not.
1063
1064         Method parameters:
1065         - authkey (PCRUD only)
1066         - WHERE clause, as jsonObject
1067         - Other SQL clause(s), as a JSON_HASH: joins, LIMIT, etc.
1068
1069         Return to client: The primary key values for all rows of the relevant class that
1070         satisfy a specified WHERE clause.
1071
1072         This method relies on the assumption that every class has a primary key consisting of
1073         a single column.
1074 */
1075 int doIdList( osrfMethodContext* ctx ) {
1076         if( osrfMethodVerifyContext( ctx )) {
1077                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
1078                 return -1;
1079         }
1080
1081         if( enforce_pcrud )
1082                 timeout_needs_resetting = 1;
1083
1084         jsonObject* where_clause;
1085         jsonObject* rest_of_query;
1086
1087         // We use the where clause without change.  But we need to massage the rest of the
1088         // query, so we work with a copy of it instead of modifying the original.
1089
1090         if( enforce_pcrud ) {
1091                 where_clause  = jsonObjectGetIndex( ctx->params, 1 );
1092                 rest_of_query = jsonObjectClone( jsonObjectGetIndex( ctx->params, 2 ) );
1093         } else {
1094                 where_clause  = jsonObjectGetIndex( ctx->params, 0 );
1095                 rest_of_query = jsonObjectClone( jsonObjectGetIndex( ctx->params, 1 ) );
1096         }
1097
1098         // Eliminate certain SQL clauses, if present.
1099         if( rest_of_query ) {
1100                 jsonObjectRemoveKey( rest_of_query, "select" );
1101                 jsonObjectRemoveKey( rest_of_query, "no_i18n" );
1102                 jsonObjectRemoveKey( rest_of_query, "flesh" );
1103                 jsonObjectRemoveKey( rest_of_query, "flesh_columns" );
1104         } else {
1105                 rest_of_query = jsonNewObjectType( JSON_HASH );
1106         }
1107
1108         jsonObjectSetKey( rest_of_query, "no_i18n", jsonNewBoolObject( 1 ) );
1109
1110         // Get the class metadata
1111         osrfHash* method_meta = (osrfHash*) ctx->method->userData;
1112         osrfHash* class_meta = osrfHashGet( method_meta, "class" );
1113
1114         // Build a SELECT list containing just the primary key,
1115         // i.e. like { "classname":["keyname"] }
1116         jsonObject* col_list_obj = jsonNewObjectType( JSON_ARRAY );
1117
1118         // Load array with name of primary key
1119         jsonObjectPush( col_list_obj, jsonNewObject( osrfHashGet( class_meta, "primarykey" ) ) );
1120         jsonObject* select_clause = jsonNewObjectType( JSON_HASH );
1121         jsonObjectSetKey( select_clause, osrfHashGet( class_meta, "classname" ), col_list_obj );
1122
1123         jsonObjectSetKey( rest_of_query, "select", select_clause );
1124
1125         // Do the query
1126         int err = 0;
1127         jsonObject* obj =
1128                 doFieldmapperSearch( ctx, class_meta, where_clause, rest_of_query, &err );
1129
1130         jsonObjectFree( rest_of_query );
1131         if( err ) {
1132                 osrfAppRespondComplete( ctx, NULL );
1133                 return -1;
1134         }
1135
1136         // Return each primary key value to the client
1137         jsonObject* cur;
1138         unsigned long res_idx = 0;
1139         while((cur = jsonObjectGetIndex( obj, res_idx++ ) )) {
1140                 if( enforce_pcrud && !verifyObjectPCRUD( ctx, cur ))
1141                         continue;        // Suppress due to lack of permission
1142                 else
1143                         osrfAppRespond( ctx,
1144                                 oilsFMGetObject( cur, osrfHashGet( class_meta, "primarykey" ) ) );
1145         }
1146
1147         jsonObjectFree( obj );
1148         osrfAppRespondComplete( ctx, NULL );
1149         return 0;
1150 }
1151
1152 /**
1153         @brief Verify that we have a valid class reference.
1154         @param ctx Pointer to the method context.
1155         @param param Pointer to the method parameters.
1156         @return 1 if the class reference is valid, or zero if it isn't.
1157
1158         The class of the method params must match the class to which the method id devoted.
1159         For PCRUD there are additional restrictions.
1160 */
1161 static int verifyObjectClass ( osrfMethodContext* ctx, const jsonObject* param ) {
1162
1163         osrfHash* method_meta = (osrfHash*) ctx->method->userData;
1164         osrfHash* class = osrfHashGet( method_meta, "class" );
1165
1166         // Compare the method's class to the parameters' class
1167         if( !param->classname || (strcmp( osrfHashGet(class, "classname"), param->classname ))) {
1168
1169                 // Oops -- they don't match.  Complain.
1170                 growing_buffer* msg = buffer_init( 128 );
1171                 buffer_fadd(
1172                         msg,
1173                         "%s: %s method for type %s was passed a %s",
1174                         modulename,
1175                         osrfHashGet( method_meta, "methodtype" ),
1176                         osrfHashGet( class, "classname" ),
1177                         param->classname ? param->classname : "(null)"
1178                 );
1179
1180                 char* m = buffer_release( msg );
1181                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_BADREQUEST, "osrfMethodException",
1182                                 ctx->request, m );
1183                 free( m );
1184
1185                 return 0;
1186         }
1187
1188         if( enforce_pcrud )
1189                 return verifyObjectPCRUD( ctx, param );
1190         else
1191                 return 1;
1192 }
1193
1194 /**
1195         @brief (PCRUD only) Verify that the user is properly logged in.
1196         @param ctx Pointer to the method context.
1197         @return If the user is logged in, a pointer to the user object from the authentication
1198         server; otherwise NULL.
1199 */
1200 static const jsonObject* verifyUserPCRUD( osrfMethodContext* ctx ) {
1201
1202         // Get the authkey (the first method parameter)
1203         const char* auth = jsonObjectGetString( jsonObjectGetIndex( ctx->params, 0 ) );
1204
1205         // See if we have the same authkey, and a user object,
1206         // locally cached from a previous call
1207         const char* cached_authkey = getAuthkey( ctx );
1208         if( cached_authkey && !strcmp( cached_authkey, auth ) ) {
1209                 const jsonObject* cached_user = getUserLogin( ctx );
1210                 if( cached_user )
1211                         return cached_user;
1212         }
1213
1214         // We have no matching authentication data in the cache.  Authenticate from scratch.
1215         jsonObject* auth_object = jsonNewObject( auth );
1216
1217         // Fetch the user object from the authentication server
1218         jsonObject* user = oilsUtilsQuickReq( "open-ils.auth", "open-ils.auth.session.retrieve",
1219                         auth_object );
1220         jsonObjectFree( auth_object );
1221
1222         if( !user->classname || strcmp(user->classname, "au" )) {
1223
1224                 growing_buffer* msg = buffer_init( 128 );
1225                 buffer_fadd(
1226                         msg,
1227                         "%s: permacrud received a bad auth token: %s",
1228                         modulename,
1229                         auth
1230                 );
1231
1232                 char* m = buffer_release( msg );
1233                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_UNAUTHORIZED, "osrfMethodException",
1234                                 ctx->request, m );
1235
1236                 free( m );
1237                 jsonObjectFree( user );
1238                 user = NULL;
1239         }
1240
1241         setUserLogin( ctx, user );
1242         setAuthkey( ctx, auth );
1243
1244         // Allow ourselves up to a second before we have to reset the login timeout.
1245         // It would be nice to use some fraction of the timeout interval enforced by the
1246         // authentication server, but that value is not readily available at this point.
1247         // Instead, we use a conservative default interval.
1248         time_next_reset = time( NULL ) + 1;
1249
1250         return user;
1251 }
1252
1253 /**
1254         @brief For PCRUD: Determine whether the current user may access the current row.
1255         @param ctx Pointer to the method context.
1256         @param obj Pointer to the row being potentially accessed.
1257         @return 1 if access is permitted, or 0 if it isn't.
1258
1259         The @a obj parameter points to a JSON_HASH of column values, keyed on column name.
1260 */
1261 static int verifyObjectPCRUD (  osrfMethodContext* ctx, const jsonObject* obj ) {
1262
1263         dbhandle = writehandle;
1264
1265         // Figure out what class and method are involved
1266         osrfHash* method_metadata = (osrfHash*) ctx->method->userData;
1267         osrfHash* class = osrfHashGet( method_metadata, "class" );
1268         const char* method_type = osrfHashGet( method_metadata, "methodtype" );
1269
1270         int fetch = 0;
1271         if( *method_type == 's' || *method_type == 'i' ) {
1272                 method_type = "retrieve"; // search and id_list are equivalent to retrieve for this
1273         } else if( *method_type == 'u' || *method_type == 'd' ) {
1274                 fetch = 1; // MUST go to the db for the object for update and delete
1275         }
1276
1277         // Get the appropriate permacrud entry from the IDL, depending on method type
1278         osrfHash* pcrud = osrfHashGet( osrfHashGet( class, "permacrud" ), method_type );
1279         if( !pcrud ) {
1280                 // No permacrud for this method type on this class
1281
1282                 growing_buffer* msg = buffer_init( 128 );
1283                 buffer_fadd(
1284                         msg,
1285                         "%s: %s on class %s has no permacrud IDL entry",
1286                         modulename,
1287                         osrfHashGet( method_metadata, "methodtype" ),
1288                         osrfHashGet( class, "classname" )
1289                 );
1290
1291                 char* m = buffer_release( msg );
1292                 osrfAppSessionStatus( ctx->session, OSRF_STATUS_FORBIDDEN,
1293                                 "osrfMethodException", ctx->request, m );
1294
1295                 free( m );
1296
1297                 return 0;
1298         }
1299
1300         // Get the user id, and make sure the user is logged in
1301         const jsonObject* user = verifyUserPCRUD( ctx );
1302         if( !user )
1303                 return 0;    // Not logged in?  No access.
1304
1305         int userid = atoi( oilsFMGetStringConst( user, "id" ) );
1306
1307         // Get a list of permissions from the permacrud entry.
1308         osrfStringArray* permission = osrfHashGet( pcrud, "permission" );
1309
1310         // Build a list of org units that own the row.  This is fairly convoluted because there
1311         // are several different ways that an org unit may own the row, as defined by the
1312         // permacrud entry.
1313
1314         // Local context means that the row includes a foreign key pointing to actor.org_unit,
1315         // identifying an owning org_unit..
1316         osrfStringArray* local_context = osrfHashGet( pcrud, "local_context" );
1317
1318         // Foreign context adds a layer of indirection.  The row points to some other row that
1319         // an org unit may own.  The "jump" attribute, if present, adds another layer of
1320         // indirection.
1321         osrfHash* foreign_context = osrfHashGet( pcrud, "foreign_context" );
1322
1323         // The following string array stores the list of org units.  (We don't have a thingie
1324         // for storing lists of integers, so we fake it with a list of strings.)
1325         osrfStringArray* context_org_array = osrfNewStringArray( 1 );
1326
1327         int err = 0;
1328         const char* pkey_value = NULL;
1329         if( str_is_true( osrfHashGet(pcrud, "global_required") ) ) {
1330                 // If the global_required attribute is present and true, then the only owning
1331                 // org unit is the root org unit, i.e. the one with no parent.
1332                 osrfLogDebug( OSRF_LOG_MARK,
1333                                 "global-level permissions required, fetching top of the org tree" );
1334
1335                 // check for perm at top of org tree
1336                 const char* org_tree_root_id = org_tree_root( ctx );
1337                 if( org_tree_root_id ) {
1338                         osrfStringArrayAdd( context_org_array, org_tree_root_id );
1339                         osrfLogDebug( OSRF_LOG_MARK, "top of the org tree is %s", org_tree_root_id );
1340                 } else  {
1341                         osrfStringArrayFree( context_org_array );
1342                         return 0;
1343                 }
1344
1345         } else {
1346                 // If the global_required attribute is absent or false, then we look for
1347                 // local and/or foreign context.  In order to find the relevant foreign
1348                 // keys, we must either read the relevant row from the database, or look at
1349                 // the image of the row that we already have in memory.
1350
1351                 // (Herein lies a bug.  Even if we have an image of the row in memory, that
1352                 // image may not include the foreign key column(s) that we need.)
1353
1354             osrfLogDebug( OSRF_LOG_MARK, "global-level permissions not required, "
1355                                 "fetching context org ids" );
1356             const char* pkey = osrfHashGet( class, "primarykey" );
1357                 jsonObject *param = NULL;
1358
1359                 if( obj->classname ) {
1360                         pkey_value = oilsFMGetStringConst( obj, pkey );
1361                         if( !fetch )
1362                                 param = jsonObjectClone( obj );
1363                         osrfLogDebug( OSRF_LOG_MARK, "Object supplied, using primary key value of %s",
1364                                         pkey_value );
1365                 } else {
1366                         pkey_value = jsonObjectGetString( obj );
1367                         fetch = 1;
1368                         osrfLogDebug( OSRF_LOG_MARK, "Object not supplied, using primary key value "
1369                                         "of %s and retrieving from the database", pkey_value );
1370                 }
1371
1372                 if( fetch ) {
1373                         // Fetch the row so that we can look at the foreign key(s)
1374                         jsonObject* _tmp_params = single_hash( pkey, pkey_value );
1375                         jsonObject* _list = doFieldmapperSearch( ctx, class, _tmp_params, NULL, &err );
1376                         jsonObjectFree( _tmp_params );
1377
1378                         param = jsonObjectExtractIndex( _list, 0 );
1379                         jsonObjectFree( _list );
1380                 }
1381
1382                 if( !param ) {
1383                         // The row doesn't exist.  Complain, and deny access.
1384                         osrfLogDebug( OSRF_LOG_MARK,
1385                                         "Object not found in the database with primary key %s of %s",
1386                                         pkey, pkey_value );
1387
1388                         growing_buffer* msg = buffer_init( 128 );
1389                         buffer_fadd(
1390                                 msg,
1391                                 "%s: no object found with primary key %s of %s",
1392                                 modulename,
1393                                 pkey,
1394                                 pkey_value
1395                         );
1396
1397                         char* m = buffer_release( msg );
1398                         osrfAppSessionStatus(
1399                                 ctx->session,
1400                                 OSRF_STATUS_INTERNALSERVERERROR,
1401                                 "osrfMethodException",
1402                                 ctx->request,
1403                                 m
1404                         );
1405
1406                         free( m );
1407                         return 0;
1408                 }
1409
1410                 if( local_context && local_context->size > 0 ) {
1411                         // The IDL provides a list of column names for the foreign keys denoting
1412                         // local context.  Look up the value of each one, and add it to the
1413                         // list of org units.
1414                         osrfLogDebug( OSRF_LOG_MARK, "%d class-local context field(s) specified",
1415                                         local_context->size );
1416                         int i = 0;
1417                         const char* lcontext = NULL;
1418                         while ( (lcontext = osrfStringArrayGetString(local_context, i++)) ) {
1419                                 osrfStringArrayAdd( context_org_array, oilsFMGetStringConst( param, lcontext ));
1420                                 osrfLogDebug(
1421                                         OSRF_LOG_MARK,
1422                                         "adding class-local field %s (value: %s) to the context org list",
1423                                         lcontext,
1424                                         osrfStringArrayGetString( context_org_array, context_org_array->size - 1 )
1425                                 );
1426                         }
1427                 }
1428
1429                 if( foreign_context ) {
1430                         unsigned long class_count = osrfHashGetCount( foreign_context );
1431                         osrfLogDebug( OSRF_LOG_MARK, "%d foreign context classes(s) specified", class_count );
1432
1433                         if( class_count > 0 ) {
1434
1435                                 // The IDL provides a list of foreign key columns pointing to rows that
1436                                 // an org unit may own.  Follow each link, identify the owning org unit,
1437                                 // and add it to the list.
1438                                 osrfHash* fcontext = NULL;
1439                                 osrfHashIterator* class_itr = osrfNewHashIterator( foreign_context );
1440                                 while( (fcontext = osrfHashIteratorNext( class_itr )) ) {
1441                                         // For each linked class...
1442                                         const char* class_name = osrfHashIteratorKey( class_itr );
1443                                         osrfHash* fcontext = osrfHashGet( foreign_context, class_name );
1444
1445                                         osrfLogDebug(
1446                                                 OSRF_LOG_MARK,
1447                                                 "%d foreign context fields(s) specified for class %s",
1448                                                 ((osrfStringArray*)osrfHashGet(fcontext,"context"))->size,
1449                                                 class_name
1450                                         );
1451
1452                                         // Get the name of the key field in the foreign table
1453                                         char* foreign_pkey = osrfHashGet( fcontext, "field" );
1454
1455                                         // Get the value of the foreign key pointing to the foreign table
1456                                         char* foreign_pkey_value =
1457                                                         oilsFMGetString( param, osrfHashGet( fcontext, "fkey" ));
1458
1459                                         // Look up the row to which the foreign key points
1460                                         jsonObject* _tmp_params = single_hash( foreign_pkey, foreign_pkey_value );
1461                                         jsonObject* _list = doFieldmapperSearch(
1462                                                 ctx, osrfHashGet( oilsIDL(), class_name ), _tmp_params, NULL, &err );
1463
1464                                         jsonObject* _fparam = NULL;
1465                                         if( _list && JSON_ARRAY == _list->type && _list->size > 0 )
1466                                                 _fparam = jsonObjectExtractIndex( _list, 0 );
1467
1468                                         jsonObjectFree( _tmp_params );
1469                                         jsonObjectFree( _list );
1470
1471                                         // At this point _fparam either points to the row identified by the
1472                                         // foreign key, or it's NULL (no such row found).
1473
1474                                         osrfStringArray* jump_list = osrfHashGet( fcontext, "jump" );
1475
1476                                         if( _fparam && jump_list ) {
1477                                                 // Follow another level of indirection to find one or more owners
1478                                                 const char* flink = NULL;
1479                                                 int k = 0;
1480                                                 while ( (flink = osrfStringArrayGetString(jump_list, k++)) && _fparam ) {
1481                                                         // For each entry in the jump list.  Each entry is the name of a
1482                                                         // foreign key colum in the foreign table.
1483
1484                                                         osrfHash* foreign_link_hash =
1485                                                                         oilsIDLFindPath( "/%s/links/%s", _fparam->classname, flink );
1486
1487                                                         free( foreign_pkey_value );
1488                                                         foreign_pkey_value = oilsFMGetString( _fparam, flink );
1489                                                         foreign_pkey = osrfHashGet( foreign_link_hash, "key" );
1490
1491                                                         _tmp_params = single_hash( foreign_pkey, foreign_pkey_value );
1492
1493                                                         _list = doFieldmapperSearch(
1494                                                                 ctx,
1495                                                                 osrfHashGet( oilsIDL(),
1496                                                                                 osrfHashGet( foreign_link_hash, "class" ) ),
1497                                                                 _tmp_params,
1498                                                                 NULL,
1499                                                                 &err
1500                                                         );
1501
1502                                                         jsonObjectFree( _fparam );
1503                                                         _fparam = NULL;
1504                                                         if( _list && JSON_ARRAY == _list->type && _list->size > 0 )
1505                                                                 _fparam = jsonObjectExtractIndex( _list, 0 );
1506                                                         jsonObjectFree( _tmp_params );
1507                                                         jsonObjectFree( _list );
1508                                                 }
1509                                         }
1510
1511                                         if( !_fparam ) {
1512
1513                                                 growing_buffer* msg = buffer_init( 128 );
1514                                                 buffer_fadd(
1515                                                         msg,
1516                                                         "%s: no object found with primary key %s of %s",
1517                                                         modulename,
1518                                                         foreign_pkey,
1519                                                         foreign_pkey_value
1520                                                 );
1521
1522                                                 char* m = buffer_release( msg );
1523                                                 osrfAppSessionStatus(
1524                                                         ctx->session,
1525                                                         OSRF_STATUS_INTERNALSERVERERROR,
1526                                                         "osrfMethodException",
1527                                                         ctx->request,
1528                                                         m
1529                                                 );
1530
1531                                                 free( m );
1532                                                 osrfHashIteratorFree( class_itr );
1533                                                 free( foreign_pkey_value );
1534                                                 jsonObjectFree( param );
1535
1536                                                 return 0;
1537                                         }
1538
1539                                         free( foreign_pkey_value );
1540
1541                                         // Examine each context column of the foreign row,
1542                                         // and add its value to the list of org units.
1543                                         int j = 0;
1544                                         const char* foreign_field = NULL;
1545                                         osrfStringArray* ctx_array = osrfHashGet( fcontext, "context" );
1546                                         while ( (foreign_field = osrfStringArrayGetString( ctx_array, j++ )) ) {
1547                                                 osrfStringArrayAdd( context_org_array,
1548                                                         oilsFMGetStringConst( _fparam, foreign_field ));
1549                                                 osrfLogDebug(
1550                                                         OSRF_LOG_MARK,
1551                                                         "adding foreign class %s field %s (value: %s) to the context org list",
1552                                                         class_name,
1553                                                         foreign_field,
1554                                                         osrfStringArrayGetString(
1555                                                                         context_org_array, context_org_array->size - 1 )
1556                                                 );
1557                                         }
1558
1559                                         jsonObjectFree( _fparam );
1560                                 }
1561
1562                                 osrfHashIteratorFree( class_itr );
1563                         }
1564                 }
1565
1566                 jsonObjectFree( param );
1567         }
1568
1569         const char* context_org = NULL;
1570         const char* perm = NULL;
1571         int OK = 0;
1572
1573         if( permission->size == 0 ) {
1574             osrfLogDebug( OSRF_LOG_MARK, "No permission specified for this action, passing through" );
1575                 OK = 1;
1576         }
1577
1578         int i = 0;
1579         while( (perm = osrfStringArrayGetString(permission, i++)) ) {
1580                 int j = 0;
1581                 while( (context_org = osrfStringArrayGetString( context_org_array, j++ )) ) {
1582                         dbi_result result;
1583
1584                         if( pkey_value ) {
1585                                 osrfLogDebug(
1586                                         OSRF_LOG_MARK,
1587                                         "Checking object permission [%s] for user %d "
1588                                                         "on object %s (class %s) at org %d",
1589                                         perm,
1590                                         userid,
1591                                         pkey_value,
1592                                         osrfHashGet( class, "classname" ),
1593                                         atoi( context_org )
1594                                 );
1595
1596                                 result = dbi_conn_queryf(
1597                                         writehandle,
1598                                         "SELECT permission.usr_has_object_perm(%d, '%s', '%s', '%s', %d) AS has_perm;",
1599                                         userid,
1600                                         perm,
1601                                         osrfHashGet( class, "classname" ),
1602                                         pkey_value,
1603                                         atoi( context_org )
1604                                 );
1605
1606                                 if( result ) {
1607                                         osrfLogDebug(
1608                                                 OSRF_LOG_MARK,
1609                                                 "Received a result for object permission [%s] "
1610                                                                 "for user %d on object %s (class %s) at org %d",
1611                                                 perm,
1612                                                 userid,
1613                                                 pkey_value,
1614                                                 osrfHashGet( class, "classname" ),
1615                                                 atoi( context_org )
1616                                         );
1617
1618                                         if( dbi_result_first_row( result )) {
1619                                                 jsonObject* return_val = oilsMakeJSONFromResult( result );
1620                                                 const char* has_perm = jsonObjectGetString(
1621                                                                 jsonObjectGetKeyConst( return_val, "has_perm" ));
1622
1623                                                 osrfLogDebug(
1624                                                         OSRF_LOG_MARK,
1625                                                         "Status of object permission [%s] for user %d "
1626                                                                         "on object %s (class %s) at org %d is %s",
1627                                                         perm,
1628                                                         userid,
1629                                                         pkey_value,
1630                                                         osrfHashGet(class, "classname"),
1631                                                         atoi(context_org),
1632                                                         has_perm
1633                                                 );
1634
1635                                                 if( *has_perm == 't' )
1636                                                         OK = 1;
1637                                                 jsonObjectFree( return_val );
1638                                         }
1639
1640                                         dbi_result_free( result );
1641                                         if( OK )
1642                                                 break;
1643                                 }
1644                         }
1645
1646                         osrfLogDebug( OSRF_LOG_MARK,
1647                                         "Checking non-object permission [%s] for user %d at org %d",
1648                                         perm, userid, atoi(context_org) );
1649                         result = dbi_conn_queryf(
1650                                 writehandle,
1651                                 "SELECT permission.usr_has_perm(%d, '%s', %d) AS has_perm;",
1652                                 userid,
1653                                 perm,
1654                                 atoi( context_org )
1655                         );
1656
1657                         if( result ) {
1658                                 osrfLogDebug( OSRF_LOG_MARK,
1659                                                 "Received a result for permission [%s] for user %d at org %d",
1660                                                 perm, userid, atoi( context_org ));
1661                                 if( dbi_result_first_row( result )) {
1662                                         jsonObject* return_val = oilsMakeJSONFromResult( result );
1663                                         const char* has_perm = jsonObjectGetString(
1664                                                         jsonObjectGetKeyConst( return_val, "has_perm" ));
1665                                         osrfLogDebug( OSRF_LOG_MARK,
1666                                                         "Status of permission [%s] for user %d at org %d is [%s]",
1667                                                         perm, userid, atoi( context_org ), has_perm );
1668                                         if( *has_perm == 't' )
1669                                                 OK = 1;
1670                                         jsonObjectFree( return_val );
1671                                 }
1672
1673                                 dbi_result_free( result );
1674                                 if( OK )
1675                                         break;
1676                         }
1677
1678                 }
1679                 if( OK )
1680                         break;
1681         }
1682
1683         osrfStringArrayFree( context_org_array );
1684
1685         return OK;
1686 }
1687
1688 /**
1689         @brief Look up the root of the org_unit tree.
1690         @param ctx Pointer to the method context.
1691         @return The id of the root org unit, as a character string.
1692
1693         Query actor.org_unit where parent_ou is null, and return the id as a string.
1694
1695         This function assumes that there is only one root org unit, i.e. that we
1696         have a single tree, not a forest.
1697
1698         The calling code is responsible for freeing the returned string.
1699 */
1700 static const char* org_tree_root( osrfMethodContext* ctx ) {
1701
1702         static char cached_root_id[ 32 ] = "";  // extravagantly large buffer
1703         static time_t last_lookup_time = 0;
1704         time_t current_time = time( NULL );
1705
1706         if( cached_root_id[ 0 ] && ( current_time - last_lookup_time < 3600 ) ) {
1707                 // We successfully looked this up less than an hour ago.
1708                 // It's not likely to have changed since then.
1709                 return strdup( cached_root_id );
1710         }
1711         last_lookup_time = current_time;
1712
1713         int err = 0;
1714         jsonObject* where_clause = single_hash( "parent_ou", NULL );
1715         jsonObject* result = doFieldmapperSearch(
1716                 ctx, osrfHashGet( oilsIDL(), "aou" ), where_clause, NULL, &err );
1717         jsonObjectFree( where_clause );
1718
1719         jsonObject* tree_top = jsonObjectGetIndex( result, 0 );
1720
1721         if( !tree_top ) {
1722                 jsonObjectFree( result );
1723
1724                 growing_buffer* msg = buffer_init( 128 );
1725                 OSRF_BUFFER_ADD( msg, modulename );
1726                 OSRF_BUFFER_ADD( msg,
1727                                 ": Internal error, could not find the top of the org tree (parent_ou = NULL)" );
1728
1729                 char* m = buffer_release( msg );
1730                 osrfAppSessionStatus( ctx->session,
1731                                 OSRF_STATUS_INTERNALSERVERERROR, "osrfMethodException", ctx->request, m );
1732                 free( m );
1733
1734                 cached_root_id[ 0 ] = '\0';
1735                 return NULL;
1736         }
1737
1738         const char* root_org_unit_id = oilsFMGetStringConst( tree_top, "id" );
1739         osrfLogDebug( OSRF_LOG_MARK, "Top of the org tree is %s", root_org_unit_id );
1740
1741         strcpy( cached_root_id, root_org_unit_id );
1742         jsonObjectFree( result );
1743         return cached_root_id;
1744 }
1745
1746 /**
1747         @brief Create a JSON_HASH with a single key/value pair.
1748         @param key The key of the key/value pair.
1749         @param value the value of the key/value pair.
1750         @return Pointer to a newly created jsonObject of type JSON_HASH.
1751
1752         The value of the key/value is either a string or (if @a value is NULL) a null.
1753 */
1754 static jsonObject* single_hash( const char* key, const char* value ) {
1755         // Sanity check
1756         if( ! key ) key = "";
1757
1758         jsonObject* hash = jsonNewObjectType( JSON_HASH );
1759         jsonObjectSetKey( hash, key, jsonNewObject( value ) );
1760         return hash;
1761 }
1762
1763
1764 int doCreate( osrfMethodContext* ctx ) {
1765         if(osrfMethodVerifyContext( ctx )) {
1766                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
1767                 return -1;
1768         }
1769
1770         if( enforce_pcrud )
1771                 timeout_needs_resetting = 1;
1772
1773         osrfHash* meta = osrfHashGet( (osrfHash*) ctx->method->userData, "class" );
1774         jsonObject* target = NULL;
1775         jsonObject* options = NULL;
1776
1777         if( enforce_pcrud ) {
1778                 target = jsonObjectGetIndex( ctx->params, 1 );
1779                 options = jsonObjectGetIndex( ctx->params, 2 );
1780         } else {
1781                 target = jsonObjectGetIndex( ctx->params, 0 );
1782                 options = jsonObjectGetIndex( ctx->params, 1 );
1783         }
1784
1785         if( !verifyObjectClass( ctx, target )) {
1786                 osrfAppRespondComplete( ctx, NULL );
1787                 return -1;
1788         }
1789
1790         osrfLogDebug( OSRF_LOG_MARK, "Object seems to be of the correct type" );
1791
1792         const char* trans_id = getXactId( ctx );
1793         if( !trans_id ) {
1794                 osrfLogError( OSRF_LOG_MARK, "No active transaction -- required for CREATE" );
1795
1796                 osrfAppSessionStatus(
1797                         ctx->session,
1798                         OSRF_STATUS_BADREQUEST,
1799                         "osrfMethodException",
1800                         ctx->request,
1801                         "No active transaction -- required for CREATE"
1802                 );
1803                 osrfAppRespondComplete( ctx, NULL );
1804                 return -1;
1805         }
1806
1807         // The following test is harmless but redundant.  If a class is
1808         // readonly, we don't register a create method for it.
1809         if( str_is_true( osrfHashGet( meta, "readonly" ) ) ) {
1810                 osrfAppSessionStatus(
1811                         ctx->session,
1812                         OSRF_STATUS_BADREQUEST,
1813                         "osrfMethodException",
1814                         ctx->request,
1815                         "Cannot INSERT readonly class"
1816                 );
1817                 osrfAppRespondComplete( ctx, NULL );
1818                 return -1;
1819         }
1820
1821         // Set the last_xact_id
1822         int index = oilsIDL_ntop( target->classname, "last_xact_id" );
1823         if( index > -1 ) {
1824                 osrfLogDebug(OSRF_LOG_MARK, "Setting last_xact_id to %s on %s at position %d",
1825                         trans_id, target->classname, index);
1826                 jsonObjectSetIndex( target, index, jsonNewObject( trans_id ));
1827         }
1828
1829         osrfLogDebug( OSRF_LOG_MARK, "There is a transaction running..." );
1830
1831         dbhandle = writehandle;
1832
1833         osrfHash* fields = osrfHashGet( meta, "fields" );
1834         char* pkey       = osrfHashGet( meta, "primarykey" );
1835         char* seq        = osrfHashGet( meta, "sequence" );
1836
1837         growing_buffer* table_buf = buffer_init( 128 );
1838         growing_buffer* col_buf   = buffer_init( 128 );
1839         growing_buffer* val_buf   = buffer_init( 128 );
1840
1841         OSRF_BUFFER_ADD( table_buf, "INSERT INTO " );
1842         OSRF_BUFFER_ADD( table_buf, osrfHashGet( meta, "tablename" ));
1843         OSRF_BUFFER_ADD_CHAR( col_buf, '(' );
1844         buffer_add( val_buf,"VALUES (" );
1845
1846
1847         int first = 1;
1848         osrfHash* field = NULL;
1849         osrfHashIterator* field_itr = osrfNewHashIterator( fields );
1850         while( (field = osrfHashIteratorNext( field_itr ) ) ) {
1851
1852                 const char* field_name = osrfHashIteratorKey( field_itr );
1853
1854                 if( str_is_true( osrfHashGet( field, "virtual" ) ) )
1855                         continue;
1856
1857                 const jsonObject* field_object = oilsFMGetObject( target, field_name );
1858
1859                 char* value;
1860                 if( field_object && field_object->classname ) {
1861                         value = oilsFMGetString(
1862                                 field_object,
1863                                 (char*)oilsIDLFindPath( "/%s/primarykey", field_object->classname )
1864                         );
1865                 } else if( field_object && JSON_BOOL == field_object->type ) {
1866                         if( jsonBoolIsTrue( field_object ) )
1867                                 value = strdup( "t" );
1868                         else
1869                                 value = strdup( "f" );
1870                 } else {
1871                         value = jsonObjectToSimpleString( field_object );
1872                 }
1873
1874                 if( first ) {
1875                         first = 0;
1876                 } else {
1877                         OSRF_BUFFER_ADD_CHAR( col_buf, ',' );
1878                         OSRF_BUFFER_ADD_CHAR( val_buf, ',' );
1879                 }
1880
1881                 buffer_add( col_buf, field_name );
1882
1883                 if( !field_object || field_object->type == JSON_NULL ) {
1884                         buffer_add( val_buf, "DEFAULT" );
1885
1886                 } else if( !strcmp( get_primitive( field ), "number" )) {
1887                         const char* numtype = get_datatype( field );
1888                         if( !strcmp( numtype, "INT8" )) {
1889                                 buffer_fadd( val_buf, "%lld", atoll( value ));
1890
1891                         } else if( !strcmp( numtype, "INT" )) {
1892                                 buffer_fadd( val_buf, "%d", atoi( value ));
1893
1894                         } else if( !strcmp( numtype, "NUMERIC" )) {
1895                                 buffer_fadd( val_buf, "%f", atof( value ));
1896                         }
1897                 } else {
1898                         if( dbi_conn_quote_string( writehandle, &value )) {
1899                                 OSRF_BUFFER_ADD( val_buf, value );
1900
1901                         } else {
1902                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting string [%s]", modulename, value );
1903                                 osrfAppSessionStatus(
1904                                         ctx->session,
1905                                         OSRF_STATUS_INTERNALSERVERERROR,
1906                                         "osrfMethodException",
1907                                         ctx->request,
1908                                         "Error quoting string -- please see the error log for more details"
1909                                 );
1910                                 free( value );
1911                                 buffer_free( table_buf );
1912                                 buffer_free( col_buf );
1913                                 buffer_free( val_buf );
1914                                 osrfAppRespondComplete( ctx, NULL );
1915                                 return -1;
1916                         }
1917                 }
1918
1919                 free( value );
1920         }
1921
1922         osrfHashIteratorFree( field_itr );
1923
1924         OSRF_BUFFER_ADD_CHAR( col_buf, ')' );
1925         OSRF_BUFFER_ADD_CHAR( val_buf, ')' );
1926
1927         char* table_str = buffer_release( table_buf );
1928         char* col_str   = buffer_release( col_buf );
1929         char* val_str   = buffer_release( val_buf );
1930         growing_buffer* sql = buffer_init( 128 );
1931         buffer_fadd( sql, "%s %s %s;", table_str, col_str, val_str );
1932         free( table_str );
1933         free( col_str );
1934         free( val_str );
1935
1936         char* query = buffer_release( sql );
1937
1938         osrfLogDebug( OSRF_LOG_MARK, "%s: Insert SQL [%s]", modulename, query );
1939
1940         jsonObject* obj = NULL;
1941         int rc = 0;
1942
1943         dbi_result result = dbi_conn_query( writehandle, query );
1944         if( !result ) {
1945                 obj = jsonNewObject( NULL );
1946                 osrfLogError(
1947                         OSRF_LOG_MARK,
1948                         "%s ERROR inserting %s object using query [%s]",
1949                         modulename,
1950                         osrfHashGet(meta, "fieldmapper"),
1951                         query
1952                 );
1953                 osrfAppSessionStatus(
1954                         ctx->session,
1955                         OSRF_STATUS_INTERNALSERVERERROR,
1956                         "osrfMethodException",
1957                         ctx->request,
1958                         "INSERT error -- please see the error log for more details"
1959                 );
1960                 rc = -1;
1961         } else {
1962
1963                 char* id = oilsFMGetString( target, pkey );
1964                 if( !id ) {
1965                         unsigned long long new_id = dbi_conn_sequence_last( writehandle, seq );
1966                         growing_buffer* _id = buffer_init( 10 );
1967                         buffer_fadd( _id, "%lld", new_id );
1968                         id = buffer_release( _id );
1969                 }
1970
1971                 // Find quietness specification, if present
1972                 const char* quiet_str = NULL;
1973                 if( options ) {
1974                         const jsonObject* quiet_obj = jsonObjectGetKeyConst( options, "quiet" );
1975                         if( quiet_obj )
1976                                 quiet_str = jsonObjectGetString( quiet_obj );
1977                 }
1978
1979                 if( str_is_true( quiet_str )) {  // if quietness is specified
1980                         obj = jsonNewObject( id );
1981                 }
1982                 else {
1983
1984                         // Fetch the row that we just inserted, so that we can return it to the client
1985                         jsonObject* where_clause = jsonNewObjectType( JSON_HASH );
1986                         jsonObjectSetKey( where_clause, pkey, jsonNewObject( id ));
1987
1988                         int err = 0;
1989                         jsonObject* list = doFieldmapperSearch( ctx, meta, where_clause, NULL, &err );
1990                         if( err )
1991                                 rc = -1;
1992                         else
1993                                 obj = jsonObjectClone( jsonObjectGetIndex( list, 0 ));
1994
1995                         jsonObjectFree( list );
1996                         jsonObjectFree( where_clause );
1997                 }
1998
1999                 free( id );
2000         }
2001
2002         free( query );
2003         osrfAppRespondComplete( ctx, obj );
2004         jsonObjectFree( obj );
2005         return rc;
2006 }
2007
2008 /**
2009         @brief Implement the retrieve method.
2010         @param ctx Pointer to the method context.
2011         @param err Pointer through which to return an error code.
2012         @return If successful, a pointer to the result to be returned to the client;
2013         otherwise NULL.
2014
2015         From the method's class, fetch a row with a specified value in the primary key.  This
2016         method relies on the database design convention that a primary key consists of a single
2017         column.
2018
2019         Method parameters:
2020         - authkey (PCRUD only)
2021         - value of the primary key for the desired row, for building the WHERE clause
2022         - a JSON_HASH containing any other SQL clauses: select, join, etc.
2023
2024         Return to client: One row from the query.
2025 */
2026 int doRetrieve( osrfMethodContext* ctx ) {
2027         if(osrfMethodVerifyContext( ctx )) {
2028                 osrfLogError( OSRF_LOG_MARK, "Invalid method context" );
2029                 return -1;
2030         }
2031
2032         if( enforce_pcrud )
2033                 timeout_needs_resetting = 1;
2034
2035         int id_pos = 0;
2036         int order_pos = 1;
2037
2038         if( enforce_pcrud ) {
2039                 id_pos = 1;
2040                 order_pos = 2;
2041         }
2042
2043         // Get the class metadata
2044         osrfHash* class_def = osrfHashGet( (osrfHash*) ctx->method->userData, "class" );
2045
2046         // Get the value of the primary key, from a method parameter
2047         const jsonObject* id_obj = jsonObjectGetIndex( ctx->params, id_pos );
2048
2049         osrfLogDebug(
2050                 OSRF_LOG_MARK,
2051                 "%s retrieving %s object with primary key value of %s",
2052                 modulename,
2053                 osrfHashGet( class_def, "fieldmapper" ),
2054                 jsonObjectGetString( id_obj )
2055         );
2056
2057         // Build a WHERE clause based on the key value
2058         jsonObject* where_clause = jsonNewObjectType( JSON_HASH );
2059         jsonObjectSetKey(
2060                 where_clause,
2061                 osrfHashGet( class_def, "primarykey" ),  // name of key column
2062                 jsonObjectClone( id_obj )                // value of key column
2063         );
2064
2065         jsonObject* rest_of_query = jsonObjectGetIndex( ctx->params, order_pos );
2066
2067         // Do the query
2068         int err = 0;
2069         jsonObject* list = doFieldmapperSearch( ctx, class_def, where_clause, rest_of_query, &err );
2070
2071         jsonObjectFree( where_clause );
2072         if( err ) {
2073                 osrfAppRespondComplete( ctx, NULL );
2074                 return -1;
2075         }
2076
2077         jsonObject* obj = jsonObjectExtractIndex( list, 0 );
2078         jsonObjectFree( list );
2079
2080         if( enforce_pcrud ) {
2081                 if(!verifyObjectPCRUD( ctx, obj )) {
2082                         jsonObjectFree( obj );
2083
2084                         growing_buffer* msg = buffer_init( 128 );
2085                         OSRF_BUFFER_ADD( msg, modulename );
2086                         OSRF_BUFFER_ADD( msg, ": Insufficient permissions to retrieve object" );
2087
2088                         char* m = buffer_release( msg );
2089                         osrfAppSessionStatus( ctx->session, OSRF_STATUS_NOTALLOWED, "osrfMethodException",
2090                                         ctx->request, m );
2091                         free( m );
2092
2093                         osrfAppRespondComplete( ctx, NULL );
2094                         return -1;
2095                 }
2096         }
2097
2098         osrfAppRespondComplete( ctx, obj );
2099         jsonObjectFree( obj );
2100         return 0;
2101 }
2102
2103 /**
2104         @brief Translate a numeric value to a string representation for the database.
2105         @param field Pointer to the IDL field definition.
2106         @param value Pointer to a jsonObject holding the value of a field.
2107         @return Pointer to a newly allocated string.
2108
2109         The input object is typically a JSON_NUMBER, but it may be a JSON_STRING as long as
2110         its contents are numeric.  A non-numeric string is likely to result in invalid SQL,
2111         or (what is worse) valid SQL that is wrong.
2112
2113         If the datatype of the receiving field is not numeric, wrap the value in quotes.
2114
2115         The calling code is responsible for freeing the resulting string by calling free().
2116 */
2117 static char* jsonNumberToDBString( osrfHash* field, const jsonObject* value ) {
2118         growing_buffer* val_buf = buffer_init( 32 );
2119         const char* numtype = get_datatype( field );
2120
2121         // For historical reasons the following contains cruft that could be cleaned up.
2122         if( !strncmp( numtype, "INT", 3 ) ) {
2123                 if( value->type == JSON_NUMBER )
2124                         //buffer_fadd( val_buf, "%ld", (long)jsonObjectGetNumber(value) );
2125                         buffer_fadd( val_buf, jsonObjectGetString( value ) );
2126                 else {
2127                         buffer_fadd( val_buf, jsonObjectGetString( value ) );
2128                 }
2129
2130         } else if( !strcmp( numtype, "NUMERIC" )) {
2131                 if( value->type == JSON_NUMBER )
2132                         buffer_fadd( val_buf, jsonObjectGetString( value ));
2133                 else {
2134                         buffer_fadd( val_buf, jsonObjectGetString( value ));
2135                 }
2136
2137         } else {
2138                 // Presumably this was really intended to be a string, so quote it
2139                 char* str = jsonObjectToSimpleString( value );
2140                 if( dbi_conn_quote_string( dbhandle, &str )) {
2141                         OSRF_BUFFER_ADD( val_buf, str );
2142                         free( str );
2143                 } else {
2144                         osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]", modulename, str );
2145                         free( str );
2146                         buffer_free( val_buf );
2147                         return NULL;
2148                 }
2149         }
2150
2151         return buffer_release( val_buf );
2152 }
2153
2154 static char* searchINPredicate( const char* class_alias, osrfHash* field,
2155                 jsonObject* node, const char* op, osrfMethodContext* ctx ) {
2156         growing_buffer* sql_buf = buffer_init( 32 );
2157
2158         buffer_fadd(
2159                 sql_buf,
2160                 "\"%s\".%s ",
2161                 class_alias,
2162                 osrfHashGet( field, "name" )
2163         );
2164
2165         if( !op ) {
2166                 buffer_add( sql_buf, "IN (" );
2167         } else if( !strcasecmp( op,"not in" )) {
2168                 buffer_add( sql_buf, "NOT IN (" );
2169         } else {
2170                 buffer_add( sql_buf, "IN (" );
2171         }
2172
2173         if( node->type == JSON_HASH ) {
2174                 // subquery predicate
2175                 char* subpred = buildQuery( ctx, node, SUBSELECT );
2176                 if( ! subpred ) {
2177                         buffer_free( sql_buf );
2178                         return NULL;
2179                 }
2180
2181                 buffer_add( sql_buf, subpred );
2182                 free( subpred );
2183
2184         } else if( node->type == JSON_ARRAY ) {
2185                 // literal value list
2186                 int in_item_index = 0;
2187                 int in_item_first = 1;
2188                 const jsonObject* in_item;
2189                 while( (in_item = jsonObjectGetIndex( node, in_item_index++ )) ) {
2190
2191                         if( in_item_first )
2192                                 in_item_first = 0;
2193                         else
2194                                 buffer_add( sql_buf, ", " );
2195
2196                         // Sanity check
2197                         if( in_item->type != JSON_STRING && in_item->type != JSON_NUMBER ) {
2198                                 osrfLogError( OSRF_LOG_MARK,
2199                                                 "%s: Expected string or number within IN list; found %s",
2200                                                 modulename, json_type( in_item->type ) );
2201                                 buffer_free( sql_buf );
2202                                 return NULL;
2203                         }
2204
2205                         // Append the literal value -- quoted if not a number
2206                         if( JSON_NUMBER == in_item->type ) {
2207                                 char* val = jsonNumberToDBString( field, in_item );
2208                                 OSRF_BUFFER_ADD( sql_buf, val );
2209                                 free( val );
2210
2211                         } else if( !strcmp( get_primitive( field ), "number" )) {
2212                                 char* val = jsonNumberToDBString( field, in_item );
2213                                 OSRF_BUFFER_ADD( sql_buf, val );
2214                                 free( val );
2215
2216                         } else {
2217                                 char* key_string = jsonObjectToSimpleString( in_item );
2218                                 if( dbi_conn_quote_string( dbhandle, &key_string )) {
2219                                         OSRF_BUFFER_ADD( sql_buf, key_string );
2220                                         free( key_string );
2221                                 } else {
2222                                         osrfLogError( OSRF_LOG_MARK,
2223                                                         "%s: Error quoting key string [%s]", modulename, key_string );
2224                                         free( key_string );
2225                                         buffer_free( sql_buf );
2226                                         return NULL;
2227                                 }
2228                         }
2229                 }
2230
2231                 if( in_item_first ) {
2232                         osrfLogError(OSRF_LOG_MARK, "%s: Empty IN list", modulename );
2233                         buffer_free( sql_buf );
2234                         return NULL;
2235                 }
2236         } else {
2237                 osrfLogError( OSRF_LOG_MARK, "%s: Expected object or array for IN clause; found %s",
2238                         modulename, json_type( node->type ));
2239                 buffer_free( sql_buf );
2240                 return NULL;
2241         }
2242
2243         OSRF_BUFFER_ADD_CHAR( sql_buf, ')' );
2244
2245         return buffer_release( sql_buf );
2246 }
2247
2248 // Receive a JSON_ARRAY representing a function call.  The first
2249 // entry in the array is the function name.  The rest are parameters.
2250 static char* searchValueTransform( const jsonObject* array ) {
2251
2252         if( array->size < 1 ) {
2253                 osrfLogError( OSRF_LOG_MARK, "%s: Empty array for value transform", modulename );
2254                 return NULL;
2255         }
2256
2257         // Get the function name
2258         jsonObject* func_item = jsonObjectGetIndex( array, 0 );
2259         if( func_item->type != JSON_STRING ) {
2260                 osrfLogError( OSRF_LOG_MARK, "%s: Error: expected function name, found %s",
2261                         modulename, json_type( func_item->type ));
2262                 return NULL;
2263         }
2264
2265         growing_buffer* sql_buf = buffer_init( 32 );
2266
2267         OSRF_BUFFER_ADD( sql_buf, jsonObjectGetString( func_item ) );
2268         OSRF_BUFFER_ADD( sql_buf, "( " );
2269
2270         // Get the parameters
2271         int func_item_index = 1;   // We already grabbed the zeroth entry
2272         while( (func_item = jsonObjectGetIndex( array, func_item_index++ )) ) {
2273
2274                 // Add a separator comma, if we need one
2275                 if( func_item_index > 2 )
2276                         buffer_add( sql_buf, ", " );
2277
2278                 // Add the current parameter
2279                 if( func_item->type == JSON_NULL ) {
2280                         buffer_add( sql_buf, "NULL" );
2281                 } else {
2282                         char* val = jsonObjectToSimpleString( func_item );
2283                         if( dbi_conn_quote_string( dbhandle, &val )) {
2284                                 OSRF_BUFFER_ADD( sql_buf, val );
2285                                 free( val );
2286                         } else {
2287                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]",
2288                                         modulename, val );
2289                                 buffer_free( sql_buf );
2290                                 free( val );
2291                                 return NULL;
2292                         }
2293                 }
2294         }
2295
2296         buffer_add( sql_buf, " )" );
2297
2298         return buffer_release( sql_buf );
2299 }
2300
2301 static char* searchFunctionPredicate( const char* class_alias, osrfHash* field,
2302                 const jsonObject* node, const char* op ) {
2303
2304         if( ! is_good_operator( op ) ) {
2305                 osrfLogError( OSRF_LOG_MARK, "%s: Invalid operator [%s]", modulename, op );
2306                 return NULL;
2307         }
2308
2309         char* val = searchValueTransform( node );
2310         if( !val )
2311                 return NULL;
2312
2313         growing_buffer* sql_buf = buffer_init( 32 );
2314         buffer_fadd(
2315                 sql_buf,
2316                 "\"%s\".%s %s %s",
2317                 class_alias,
2318                 osrfHashGet( field, "name" ),
2319                 op,
2320                 val
2321         );
2322
2323         free( val );
2324
2325         return buffer_release( sql_buf );
2326 }
2327
2328 // class_alias is a class name or other table alias
2329 // field is a field definition as stored in the IDL
2330 // node comes from the method parameter, and may represent an entry in the SELECT list
2331 static char* searchFieldTransform( const char* class_alias, osrfHash* field,
2332                 const jsonObject* node ) {
2333         growing_buffer* sql_buf = buffer_init( 32 );
2334
2335         const char* field_transform = jsonObjectGetString(
2336                 jsonObjectGetKeyConst( node, "transform" ) );
2337         const char* transform_subcolumn = jsonObjectGetString(
2338                 jsonObjectGetKeyConst( node, "result_field" ) );
2339
2340         if( transform_subcolumn ) {
2341                 if( ! is_identifier( transform_subcolumn ) ) {
2342                         osrfLogError( OSRF_LOG_MARK, "%s: Invalid subfield name: \"%s\"\n",
2343                                         modulename, transform_subcolumn );
2344                         buffer_free( sql_buf );
2345                         return NULL;
2346                 }
2347                 OSRF_BUFFER_ADD_CHAR( sql_buf, '(' );    // enclose transform in parentheses
2348         }
2349
2350         if( field_transform ) {
2351
2352                 if( ! is_identifier( field_transform ) ) {
2353                         osrfLogError( OSRF_LOG_MARK, "%s: Expected function name, found \"%s\"\n",
2354                                         modulename, field_transform );
2355                         buffer_free( sql_buf );
2356                         return NULL;
2357                 }
2358
2359                 if( obj_is_true( jsonObjectGetKeyConst( node, "distinct" ) ) ) {
2360                         buffer_fadd( sql_buf, "%s(DISTINCT \"%s\".%s",
2361                                 field_transform, class_alias, osrfHashGet( field, "name" ));
2362                 } else {
2363                         buffer_fadd( sql_buf, "%s(\"%s\".%s",
2364                                 field_transform, class_alias, osrfHashGet( field, "name" ));
2365                 }
2366
2367                 const jsonObject* array = jsonObjectGetKeyConst( node, "params" );
2368
2369                 if( array ) {
2370                         if( array->type != JSON_ARRAY ) {
2371                                 osrfLogError( OSRF_LOG_MARK,
2372                                         "%s: Expected JSON_ARRAY for function params; found %s",
2373                                         modulename, json_type( array->type ) );
2374                                 buffer_free( sql_buf );
2375                                 return NULL;
2376                         }
2377                         int func_item_index = 0;
2378                         jsonObject* func_item;
2379                         while( (func_item = jsonObjectGetIndex( array, func_item_index++ ))) {
2380
2381                                 char* val = jsonObjectToSimpleString( func_item );
2382
2383                                 if( !val ) {
2384                                         buffer_add( sql_buf, ",NULL" );
2385                                 } else if( dbi_conn_quote_string( dbhandle, &val )) {
2386                                         OSRF_BUFFER_ADD_CHAR( sql_buf, ',' );
2387                                         OSRF_BUFFER_ADD( sql_buf, val );
2388                                 } else {
2389                                         osrfLogError( OSRF_LOG_MARK,
2390                                                         "%s: Error quoting key string [%s]", modulename, val );
2391                                         free( val );
2392                                         buffer_free( sql_buf );
2393                                         return NULL;
2394                                 }
2395                                 free( val );
2396                         }
2397                 }
2398
2399                 buffer_add( sql_buf, " )" );
2400
2401         } else {
2402                 buffer_fadd( sql_buf, "\"%s\".%s", class_alias, osrfHashGet( field, "name" ));
2403         }
2404
2405         if( transform_subcolumn )
2406                 buffer_fadd( sql_buf, ").\"%s\"", transform_subcolumn );
2407
2408         return buffer_release( sql_buf );
2409 }
2410
2411 static char* searchFieldTransformPredicate( const ClassInfo* class_info, osrfHash* field,
2412                 const jsonObject* node, const char* op ) {
2413
2414         if( ! is_good_operator( op ) ) {
2415                 osrfLogError( OSRF_LOG_MARK, "%s: Error: Invalid operator %s", modulename, op );
2416                 return NULL;
2417         }
2418
2419         char* field_transform = searchFieldTransform( class_info->alias, field, node );
2420         if( ! field_transform )
2421                 return NULL;
2422         char* value = NULL;
2423         int extra_parens = 0;   // boolean
2424
2425         const jsonObject* value_obj = jsonObjectGetKeyConst( node, "value" );
2426         if( ! value_obj ) {
2427                 value = searchWHERE( node, class_info, AND_OP_JOIN, NULL );
2428                 if( !value ) {
2429                         osrfLogError( OSRF_LOG_MARK, "%s: Error building condition for field transform",
2430                                 modulename );
2431                         free( field_transform );
2432                         return NULL;
2433                 }
2434                 extra_parens = 1;
2435         } else if( value_obj->type == JSON_ARRAY ) {
2436                 value = searchValueTransform( value_obj );
2437                 if( !value ) {
2438                         osrfLogError( OSRF_LOG_MARK,
2439                                 "%s: Error building value transform for field transform", modulename );
2440                         free( field_transform );
2441                         return NULL;
2442                 }
2443         } else if( value_obj->type == JSON_HASH ) {
2444                 value = searchWHERE( value_obj, class_info, AND_OP_JOIN, NULL );
2445                 if( !value ) {
2446                         osrfLogError( OSRF_LOG_MARK, "%s: Error building predicate for field transform",
2447                                 modulename );
2448                         free( field_transform );
2449                         return NULL;
2450                 }
2451                 extra_parens = 1;
2452         } else if( value_obj->type == JSON_NUMBER ) {
2453                 value = jsonNumberToDBString( field, value_obj );
2454         } else if( value_obj->type == JSON_NULL ) {
2455                 osrfLogError( OSRF_LOG_MARK,
2456                         "%s: Error building predicate for field transform: null value", modulename );
2457                 free( field_transform );
2458                 return NULL;
2459         } else if( value_obj->type == JSON_BOOL ) {
2460                 osrfLogError( OSRF_LOG_MARK,
2461                         "%s: Error building predicate for field transform: boolean value", modulename );
2462                 free( field_transform );
2463                 return NULL;
2464         } else {
2465                 if( !strcmp( get_primitive( field ), "number") ) {
2466                         value = jsonNumberToDBString( field, value_obj );
2467                 } else {
2468                         value = jsonObjectToSimpleString( value_obj );
2469                         if( !dbi_conn_quote_string( dbhandle, &value )) {
2470                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]",
2471                                         modulename, value );
2472                                 free( value );
2473                                 free( field_transform );
2474                                 return NULL;
2475                         }
2476                 }
2477         }
2478
2479         const char* left_parens  = "";
2480         const char* right_parens = "";
2481
2482         if( extra_parens ) {
2483                 left_parens  = "(";
2484                 right_parens = ")";
2485         }
2486
2487         growing_buffer* sql_buf = buffer_init( 32 );
2488
2489         buffer_fadd(
2490                 sql_buf,
2491                 "%s%s %s %s %s %s%s",
2492                 left_parens,
2493                 field_transform,
2494                 op,
2495                 left_parens,
2496                 value,
2497                 right_parens,
2498                 right_parens
2499         );
2500
2501         free( value );
2502         free( field_transform );
2503
2504         return buffer_release( sql_buf );
2505 }
2506
2507 static char* searchSimplePredicate( const char* op, const char* class_alias,
2508                 osrfHash* field, const jsonObject* node ) {
2509
2510         if( ! is_good_operator( op ) ) {
2511                 osrfLogError( OSRF_LOG_MARK, "%s: Invalid operator [%s]", modulename, op );
2512                 return NULL;
2513         }
2514
2515         char* val = NULL;
2516
2517         // Get the value to which we are comparing the specified column
2518         if( node->type != JSON_NULL ) {
2519                 if( node->type == JSON_NUMBER ) {
2520                         val = jsonNumberToDBString( field, node );
2521                 } else if( !strcmp( get_primitive( field ), "number" ) ) {
2522                         val = jsonNumberToDBString( field, node );
2523                 } else {
2524                         val = jsonObjectToSimpleString( node );
2525                 }
2526         }
2527
2528         if( val ) {
2529                 if( JSON_NUMBER != node->type && strcmp( get_primitive( field ), "number") ) {
2530                         // Value is not numeric; enclose it in quotes
2531                         if( !dbi_conn_quote_string( dbhandle, &val ) ) {
2532                                 osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key string [%s]",
2533                                         modulename, val );
2534                                 free( val );
2535                                 return NULL;
2536                         }
2537                 }
2538         } else {
2539                 // Compare to a null value
2540                 val = strdup( "NULL" );
2541                 if( strcmp( op, "=" ))
2542                         op = "IS NOT";
2543                 else
2544                         op = "IS";
2545         }
2546
2547         growing_buffer* sql_buf = buffer_init( 32 );
2548         buffer_fadd( sql_buf, "\"%s\".%s %s %s", class_alias, osrfHashGet(field, "name"), op, val );
2549         char* pred = buffer_release( sql_buf );
2550
2551         free( val );
2552
2553         return pred;
2554 }
2555
2556 static char* searchBETWEENPredicate( const char* class_alias,
2557                 osrfHash* field, const jsonObject* node ) {
2558
2559         const jsonObject* x_node = jsonObjectGetIndex( node, 0 );
2560         const jsonObject* y_node = jsonObjectGetIndex( node, 1 );
2561
2562         if( NULL == y_node ) {
2563                 osrfLogError( OSRF_LOG_MARK, "%s: Not enough operands for BETWEEN operator", modulename );
2564                 return NULL;
2565         }
2566         else if( NULL != jsonObjectGetIndex( node, 2 ) ) {
2567                 osrfLogError( OSRF_LOG_MARK, "%s: Too many operands for BETWEEN operator", modulename );
2568                 return NULL;
2569         }
2570
2571         char* x_string;
2572         char* y_string;
2573
2574         if( !strcmp( get_primitive( field ), "number") ) {
2575                 x_string = jsonNumberToDBString( field, x_node );
2576                 y_string = jsonNumberToDBString( field, y_node );
2577
2578         } else {
2579                 x_string = jsonObjectToSimpleString( x_node );
2580                 y_string = jsonObjectToSimpleString( y_node );
2581                 if( !(dbi_conn_quote_string( dbhandle, &x_string )
2582                         && dbi_conn_quote_string( dbhandle, &y_string )) ) {
2583                         osrfLogError( OSRF_LOG_MARK, "%s: Error quoting key strings [%s] and [%s]",
2584                                         modulename, x_string, y_string );
2585                         free( x_string );
2586                         free( y_string );
2587                         return NULL;
2588                 }
2589         }
2590
2591         growing_buffer* sql_buf = buffer_init( 32 );
2592         buffer_fadd( sql_buf, "\"%s\".%s BETWEEN %s AND %s",
2593                         class_alias, osrfHashGet( field, "name" ), x_string, y_string );
2594         free( x_string );
2595         free( y_string );
2596
2597         return buffer_release( sql_buf );
2598 }
2599
2600 static char* searchPredicate( const ClassInfo* class_info, osrfHash* field,
2601                                                           jsonObject* node, osrfMethodContext* ctx ) {
2602
2603         char* pred = NULL;
2604         if( node->type == JSON_ARRAY ) { // equality IN search
2605                 pred = searchINPredicate( class_info->alias, field, node, NULL, ctx );
2606         } else if( node->type == JSON_HASH ) { // other search
2607                 jsonIterator* pred_itr = jsonNewIterator( node );
2608                 if( !jsonIteratorHasNext( pred_itr ) ) {
2609                         osrfLogError( OSRF_LOG_MARK, "%s: Empty predicate for field \"%s\"",
2610                                         modulename, osrfHashGet(field, "name" ));
2611                 } else {
2612                         jsonObject* pred_node = jsonIteratorNext( pred_itr );
2613
2614                         // Verify that there are no additional predicates
2615                         if( jsonIteratorHasNext( pred_itr ) ) {
2616                                 osrfLogError( OSRF_LOG_MARK, "%s: Multiple predicates for field \"%s\"",
2617                                                 modulename, osrfHashGet(field, "name" ));
2618                         } else if( !(strcasecmp( pred_itr->key,"between" )) )
2619                                 pred = searchBETWEENPredicate( class_info->alias, field, pred_node );
2620                         else if( !(strcasecmp( pred_itr->key,"in" ))
2621                                         || !(strcasecmp( pred_itr->key,"not in" )) )
2622                                 pred = searchINPredicate(
2623                                         class_info->alias, field, pred_node, pred_itr->key, ctx );
2624                         else if( pred_node->type == JSON_ARRAY )
2625                                 pred = searchFunctionPredicate(
2626                                         class_info->alias, field, pred_node, pred_itr->key );
2627                         else if( pred_node->type == JSON_HASH )
2628                                 pred = searchFieldTransformPredicate(
2629                                         class_info, field, pred_node, pred_itr->key );
2630                         else
2631                                 pred = searchSimplePredicate( pred_itr->key, class_info->alias, field, pred_node );
2632                 }
2633                 jsonIteratorFree( pred_itr );
2634
2635         } else if( node->type == JSON_NULL ) { // IS NULL search
2636                 growing_buffer* _p = buffer_init( 64 );
2637                 buffer_fadd(
2638                         _p,
2639                         "\"%s\".%s IS NULL",
2640                         class_info->class_name,
2641                         osrfHashGet( field, "name" )
2642                 );
2643                 pred = buffer_release( _p );
2644         } else { // equality search
2645                 pred = searchSimplePredicate( "=", class_info->alias, field, node );
2646         }
2647
2648         return pred;
2649
2650 }
2651
2652
2653 /*
2654
2655 join : {
2656         acn : {
2657                 field : record,
2658                 fkey : id
2659                 type : left
2660                 filter_op : or
2661                 filter : { ... },
2662                 join : {
2663                         acp : {
2664                                 field : call_number,
2665                                 fkey : id,
2666                                 filter : { ... },
2667                         },
2668                 },
2669         },
2670         mrd : {
2671                 field : record,
2672                 type : inner
2673                 fkey : id,
2674                 filter : { ... },
2675         }
2676 }
2677
2678 */
2679
2680 static char* searchJOIN( const jsonObject* join_hash, const ClassInfo* left_info ) {
2681
2682         const jsonObject* working_hash;
2683         jsonObject* freeable_hash = NULL;
2684
2685         if( join_hash->type == JSON_HASH ) {
2686                 working_hash = join_hash;
2687         } else if( join_hash->type == JSON_STRING ) {
2688                 // turn it into a JSON_HASH by creating a wrapper
2689                 // around a copy of the original
2690                 const char* _tmp = jsonObjectGetString( join_hash );
2691                 freeable_hash = jsonNewObjectType( JSON_HASH );
2692                 jsonObjectSetKey( freeable_hash, _tmp, NULL );
2693                 working_hash = freeable_hash;
2694         } else {
2695                 osrfLogError(
2696                         OSRF_LOG_MARK,
2697                         "%s: JOIN failed; expected JSON object type not found",
2698                         modulename
2699                 );
2700                 return NULL;
2701         }
2702
2703         growing_buffer* join_buf = buffer_init( 128 );
2704         const char* leftclass = left_info->class_name;
2705
2706         jsonObject* snode = NULL;
2707         jsonIterator* search_itr = jsonNewIterator( working_hash );
2708
2709         while ( (snode = jsonIteratorNext( search_itr )) ) {
2710                 const char* right_alias = search_itr->key;
2711                 const char* class =
2712                                 jsonObjectGetString( jsonObjectGetKeyConst( snode, "class" ) );
2713                 if( ! class )
2714                         class = right_alias;
2715
2716                 const ClassInfo* right_info = add_joined_class( right_alias, class );
2717                 if( !right_info ) {
2718                         osrfLogError(
2719                                 OSRF_LOG_MARK,
2720                                 "%s: JOIN failed.  Class \"%s\" not resolved in IDL",
2721                                 modulename,
2722                                 search_itr->key
2723                         );
2724                         jsonIteratorFree( search_itr );
2725                         buffer_free( join_buf );
2726                         if( freeable_hash )
2727                                 jsonObjectFree( freeable_hash );
2728                         return NULL;
2729                 }
2730                 osrfHash* links    = right_info->links;
2731                 const char* table  = right_info->source_def;
2732
2733                 const char* fkey  = jsonObjectGetString( jsonObjectGetKeyConst( snode, "fkey" ) );
2734                 const char* field = jsonObjectGetString( jsonObjectGetKeyConst( snode, "field" ) );
2735
2736                 if( field && !fkey ) {
2737                         // Look up the corresponding join column in the IDL.
2738                         // The link must be defined in the child table,
2739                         // and point to the right parent table.
2740                         osrfHash* idl_link = (osrfHash*) osrfHashGet( links, field );
2741                         const char* reltype = NULL;
2742                         const char* other_class = NULL;
2743                         reltype = osrfHashGet( idl_link, "reltype" );
2744                         if( reltype && strcmp( reltype, "has_many" ) )
2745                                 other_class = osrfHashGet( idl_link, "class" );
2746                         if( other_class && !strcmp( other_class, leftclass ) )
2747                                 fkey = osrfHashGet( idl_link, "key" );
2748                         if( !fkey ) {
2749                                 osrfLogError(
2750                                         OSRF_LOG_MARK,
2751                                         "%s: JOIN failed.  No link defined from %s.%s to %s",
2752                                         modulename,
2753                                         class,
2754                                         field,
2755                                         leftclass
2756                                 );
2757                                 buffer_free( join_buf );
2758                                 if( freeable_hash )
2759                                         jsonObjectFree( freeable_hash );
2760                                 jsonIteratorFree( search_itr );
2761                                 return NULL;
2762                         }
2763
2764                 } else if( !field && fkey ) {
2765                         // Look up the corresponding join column in the IDL.
2766                         // The link must be defined in the child table,
2767                         // and point to the right parent table.
2768                         osrfHash* left_links = left_info->links;
2769                         osrfHash* idl_link = (osrfHash*) osrfHashGet( left_links, fkey );
2770                         const char* reltype = NULL;
2771                         const char* other_class = NULL;
2772                         reltype = osrfHashGet( idl_link, "reltype" );
2773                         if( reltype && strcmp( reltype, "has_many" ) )
2774                                 other_class = osrfHashGet( idl_link, "class" );
2775                         if( other_class && !strcmp( other_class, class ) )
2776                                 field = osrfHashGet( idl_link, "key" );
2777                         if( !field ) {
2778                                 osrfLogError(
2779                                         OSRF_LOG_MARK,
2780                                         "%s: JOIN failed.  No link defined from %s.%s to %s",
2781                                         modulename,
2782                                         leftclass,
2783                                         fkey,
2784                                         class
2785                                 );
2786                                 buffer_free( join_buf );
2787                                 if( freeable_hash )
2788                                         jsonObjectFree( freeable_hash );
2789                                 jsonIteratorFree( search_itr );
2790                                 return NULL;
2791                         }
2792
2793                 } else if( !field && !fkey ) {
2794                         osrfHash* left_links = left_info->links;
2795
2796                         // For each link defined for the left class:
2797                         // see if the link references the joined class
2798                         osrfHashIterator* itr = osrfNewHashIterator( left_links );
2799                         osrfHash* curr_link = NULL;
2800                         while( (curr_link = osrfHashIteratorNext( itr ) ) ) {
2801                                 const char* other_class = osrfHashGet( curr_link, "class" );
2802                                 if( other_class && !strcmp( other_class, class ) ) {
2803
2804                                         // In the IDL, the parent class doesn't always know then names of the child
2805                                         // columns that are pointing to it, so don't use that end of the link
2806                                         const char* reltype = osrfHashGet( curr_link, "reltype" );
2807                                         if( reltype && strcmp( reltype, "has_many" ) ) {
2808                                                 // Found a link between the classes
2809                                                 fkey = osrfHashIteratorKey( itr );
2810                                                 field = osrfHashGet( curr_link, "key" );
2811                                                 break;
2812                                         }
2813                                 }
2814                         }
2815                         osrfHashIteratorFree( itr );
2816
2817                         if( !field || !fkey ) {
2818                                 // Do another such search, with the classes reversed
2819
2820                                 // For each link defined for the joined class:
2821                                 // see if the link references the left class
2822                                 osrfHashIterator* itr = osrfNewHashIterator( links );
2823                                 osrfHash* curr_link = NULL;
2824                                 while( (curr_link = osrfHashIteratorNext( itr ) ) ) {
2825                                         const char* other_class = osrfHashGet( curr_link, "class" );
2826                                         if( other_class && !strcmp( other_class, leftclass ) ) {
2827
2828                                                 // In the IDL, the parent class doesn't know then names of the child
2829                                                 // columns that are pointing to it, so don't use that end of the link
2830                                                 const char* reltype = osrfHashGet( curr_link, "reltype" );
2831                                                 if( reltype && strcmp( reltype, "has_many" ) ) {
2832                                                         // Found a link between the classes
2833                                                         field = osrfHashIteratorKey( itr );
2834                                                         fkey = osrfHashGet( curr_link, "key" );
2835                                                         break;
2836                                                 }
2837                                         }
2838                                 }
2839                                 osrfHashIteratorFree( itr );
2840                         }
2841
2842                         if( !field || !fkey ) {
2843                                 osrfLogError(
2844                                         OSRF_LOG_MARK,
2845                                         "%s: JOIN failed.  No link defined between %s and %s",
2846                                         modulename,
2847                                         leftclass,
2848                                         class
2849                                 );
2850                                 buffer_free( join_buf );
2851                                 if( freeable_hash )
2852                                         jsonObjectFree( freeable_hash );
2853                                 jsonIteratorFree( search_itr );
2854                                 return NULL;
2855                         }
2856                 }
2857
2858                 const char* type = jsonObjectGetString( jsonObjectGetKeyConst( snode, "type" ) );
2859                 if( type ) {
2860                         if( !strcasecmp( type,"left" )) {
2861                                 buffer_add( join_buf, " LEFT JOIN" );
2862                         } else if( !strcasecmp( type,"right" )) {
2863                                 buffer_add( join_buf, " RIGHT JOIN" );
2864                         } else if( !strcasecmp( type,"full" )) {
2865                                 buffer_add( join_buf, " FULL JOIN" );
2866                         } else {
2867                                 buffer_add( join_buf, " INNER JOIN" );
2868                         }
2869                 } else {
2870                         buffer_add( join_buf, " INNER JOIN" );
2871                 }
2872
2873               &