hedgedoc: fix util list
This commit is contained in:
parent
f521f42370
commit
b31a5bf5d8
|
@ -53,12 +53,18 @@
|
||||||
for fieldname in fieldnames:
|
for fieldname in fieldnames:
|
||||||
if fieldname in i:
|
if fieldname in i:
|
||||||
if i[fieldname] == None:
|
if i[fieldname] == None:
|
||||||
@@ -87,31 +82,35 @@
|
@@ -84,34 +79,40 @@
|
||||||
def pad_list(db, columns, last_change_older=0, owner=0):
|
def note_id_encode_to_url(input_id):
|
||||||
|
return base64.urlsafe_b64encode(binascii.unhexlify(input_id.replace('-', '').encode())).decode().replace('=', '')
|
||||||
|
|
||||||
|
-def pad_list(db, columns, last_change_older=0, owner=0):
|
||||||
|
+def pad_list(db, columns, last_change_older, owner):
|
||||||
|
+ if owner == None:
|
||||||
|
+ owner = "00000000-0000-0000-0000-000000000000"
|
||||||
with db.cursor() as cursor:
|
with db.cursor() as cursor:
|
||||||
# this is no sql injection vulnerability because we let click verify the content of "columns" to match a whitelist
|
# this is no sql injection vulnerability because we let click verify the content of "columns" to match a whitelist
|
||||||
- cursor.execute(F"SELECT {','.join(columns)} FROM Notes WHERE (%(last_change_older)s = 0 OR DATEDIFF(NOW(), lastchangeAt) > %(last_change_older)s OR (lastchangeAt IS NULL AND DATEDIFF(NOW(), createdAt) > %(last_change_older)s) AND (%(owner)s = '' OR ownerId = %(owner)s)) ORDER BY id", {'last_change_older': last_change_older, 'owner': owner})
|
- cursor.execute(F"SELECT {','.join(columns)} FROM Notes WHERE (%(last_change_older)s = 0 OR DATEDIFF(NOW(), lastchangeAt) > %(last_change_older)s OR (lastchangeAt IS NULL AND DATEDIFF(NOW(), createdAt) > %(last_change_older)s) AND (%(owner)s = '' OR ownerId = %(owner)s)) ORDER BY id", {'last_change_older': last_change_older, 'owner': owner})
|
||||||
+ cursor.execute(F"SELECT {','.join(columns)} FROM \"Notes\" WHERE (%(last_change_older)s = 0 OR DATEDIFF(NOW(), lastchangeAt) > %(last_change_older)s OR (lastchangeAt IS NULL AND DATEDIFF(NOW(), createdAt) > %(last_change_older)s) AND (%(owner)s = '' OR ownerId = %(owner)s)) ORDER BY id", {'last_change_older': last_change_older, 'owner': owner})
|
+ cursor.execute(F"SELECT {','.join(columns)} FROM \"Notes\" WHERE (%(last_change_older)s = 0 OR NOW() - \"lastchangeAt\" > interval '%(last_change_older)s' OR (\"lastchangeAt\" IS NULL AND NOW() - \"createdAt\" > interval '%(last_change_older)s') AND (%(owner)s = '' OR \"ownerId\" = %(owner)s::uuid)) ORDER BY id", {'last_change_older': last_change_older, 'owner': owner})
|
||||||
return _decode_nested_json(cursor.fetchall(), ['authorship'])
|
return _decode_nested_json(cursor.fetchall(), ['authorship'])
|
||||||
|
|
||||||
def pad_get(db, id):
|
def pad_get(db, id):
|
||||||
|
@ -105,7 +111,7 @@
|
||||||
|
|
||||||
def pad_mail(db, id, template, formats):
|
def pad_mail(db, id, template, formats):
|
||||||
with db.cursor() as cursor:
|
with db.cursor() as cursor:
|
||||||
@@ -144,12 +143,12 @@
|
@@ -144,12 +145,12 @@
|
||||||
def user_list(db, columns):
|
def user_list(db, columns):
|
||||||
with db.cursor() as cursor:
|
with db.cursor() as cursor:
|
||||||
# this is no sql injection vulnerability because we let click verify the content of "columns" to match a whitelist
|
# this is no sql injection vulnerability because we let click verify the content of "columns" to match a whitelist
|
||||||
|
@ -120,7 +126,7 @@
|
||||||
return _decode_nested_json([cursor.fetchone()], ['profile', 'history'])[0]
|
return _decode_nested_json([cursor.fetchone()], ['profile', 'history'])[0]
|
||||||
|
|
||||||
def user_get_mail(db, id):
|
def user_get_mail(db, id):
|
||||||
@@ -192,12 +191,11 @@
|
@@ -192,12 +193,11 @@
|
||||||
|
|
||||||
@click.group()
|
@click.group()
|
||||||
@click.option('-o', '--output', type=click.Choice(['text', 'json', 'tsv', 'tsv-noheader']), default='text', help='Select output format', show_default=True, show_envvar=True)
|
@click.option('-o', '--output', type=click.Choice(['text', 'json', 'tsv', 'tsv-noheader']), default='text', help='Select output format', show_default=True, show_envvar=True)
|
||||||
|
@ -135,7 +141,16 @@
|
||||||
@click.pass_context
|
@click.pass_context
|
||||||
def cli(ctx, **kwargs):
|
def cli(ctx, **kwargs):
|
||||||
ctx.obj = GlobalState(kwargs)
|
ctx.obj = GlobalState(kwargs)
|
||||||
@@ -231,10 +229,10 @@
|
@@ -219,7 +219,7 @@
|
||||||
|
@cli_pad.command(name="list", help="List all pads")
|
||||||
|
@click.option('-c', '--columns', default=['id'], type=click.Choice(['id', 'title', 'content', 'ownerId', 'createdAt', 'updatedAt', 'shortid', 'permission', 'viewcount', 'lastchangeuserId', 'lastchangeAt', 'alias', 'deletedAt', 'authorship']), help="Select what data to display. Can be passed multiple times.", multiple=True, show_default=True, show_envvar=True)
|
||||||
|
@click.option('--last-change-older', type=click.INT, default=0, help='Only list those pads which are older than this value. In days.', show_envvar=True)
|
||||||
|
-@click.option('--owner', type=click.STRING, default='', help='Only list pads with this owner, pass the user id', show_envvar=True)
|
||||||
|
+@click.option('--owner', type=click.STRING, help='Only list pads with this owner, pass the user id', show_envvar=True)
|
||||||
|
@click.pass_obj
|
||||||
|
def _pad_list(obj, columns, last_change_older, owner):
|
||||||
|
output_object(pad_list(obj.db, columns, last_change_older=last_change_older, owner=owner))
|
||||||
|
@@ -231,10 +231,10 @@
|
||||||
output_object(pad_get(obj.db, id))
|
output_object(pad_get(obj.db, id))
|
||||||
|
|
||||||
@cli_pad.command(name="delete", help="Deletes a pad")
|
@cli_pad.command(name="delete", help="Deletes a pad")
|
||||||
|
|
Loading…
Reference in New Issue