Merge branch 'release/staging'

2012-09-18 17:05:58 +02:00 · 2012-09-18 17:05:58 +02:00 · 409e35a92d
commit 409e35a92d
parent 167e1e1b51 f05f18e552
4 changed files with 81 additions and 9 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -0,0 +1,3 @@
+0.9.0 (18/09/12)
+-----
+* Fix INSERT and UPDATE with RETURNING clause
--- a/app/controllers/app.js
+++ b/app/controllers/app.js
@ -160,14 +160,9 @@ function handleQuery(req, res) {
                    var end = new Date().getTime();

                    var json_result = {'time' : (end - start)/1000};
-
-                    if (result.command === 'SELECT') {
-                        json_result.total_rows = result.rows.length;
-                        json_result.rows = result.rows;
-                    } else {
                        json_result.total_rows = result.rowCount;
-                    }
-                    
+                        json_result.rows = result.rows;
+
                    return json_result;
                }
            },
--- a/test/acceptance/app.auth.test.js
+++ b/test/acceptance/app.auth.test.js
@ -45,4 +45,28 @@ test('invalid api key (old redis location) should NOT allow insert in protected
    }, function() { done(); });
 });

+test('no api key should NOT allow insert in protected tables', function(done){
+    assert.response(app, {
+        // view prepare_db.sh to see where to set api_key
+        url: "/api/v1/sql?q=INSERT%20INTO%20private_table%20(name)%20VALUES%20('RAMBO')",
+
+        headers: {host: 'vizzuality.cartodb.com' },
+        method: 'GET'
+    },{
+        status: 400
+    }, function() { done(); });
+});
+
+test('no api key should NOT allow insert in public tables', function(done){
+    assert.response(app, {
+        // view prepare_db.sh to find public table name and structure
+        url: "/api/v1/sql?q=INSERT%20INTO%20untitle_table_4%20(name)%20VALUES%20('RAMBO')",
+
+        headers: {host: 'vizzuality.cartodb.com' },
+        method: 'GET'
+    },{
+        status: 400
+    }, function() { done(); });
+});
+
 });
--- a/test/acceptance/app.test.js
+++ b/test/acceptance/app.test.js
@ -16,8 +16,8 @@ require('../support/assert');

 var app    = require(global.settings.app_root + '/app/controllers/app')
    , assert = require('assert')
-    , tests  = module.exports = {}
-    , querystring = require('querystring');
+    , querystring = require('querystring')
+    , _ = require('underscore');

 // allow lots of emitters to be set to silence warning
 app.setMaxListeners(0);
@ -111,6 +111,56 @@ test('GET /api/v1/sql with SQL parameter on INSERT only. header based db - shoul
    });
 });

+// Check results from INSERT .. RETURNING
+//
+// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/50
+test('INSERT with RETURNING returns all results', function(done){
+    assert.response(app, {
+        // view prepare_db.sh to see where to set api_key
+        url: "/api/v1/sql?api_key=1234&"
+         + querystring.stringify({q:
+          "INSERT INTO private_table(name) VALUES('test') RETURNING upper(name), reverse(name)"
+        }),
+        headers: {host: 'vizzuality.localhost.lan:8080' },
+        method: 'GET'
+    },{}, function(res) {
+        assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
+        var out = JSON.parse(res.body);
+        assert.ok(out.hasOwnProperty('time'));
+        assert.equal(out.total_rows, 1);
+        assert.equal(out.rows.length, 1);
+        assert.equal(_.keys(out.rows[0]).length, 2);
+        assert.equal(out.rows[0].upper, 'TEST');
+        assert.equal(out.rows[0].reverse, 'tset');
+        done();
+    });
+});
+
+// Check results from UPDATE .. RETURNING
+//
+// See https://github.com/Vizzuality/CartoDB-SQL-API/issues/50
+test('UPDATE with RETURNING returns all results', function(done){
+    assert.response(app, {
+        // view prepare_db.sh to see where to set api_key
+        url: "/api/v1/sql?api_key=1234&"
+         + querystring.stringify({q:
+          "UPDATE private_table SET name = 'tost' WHERE name = 'test' RETURNING upper(name), reverse(name)"
+        }),
+        headers: {host: 'vizzuality.localhost.lan:8080' },
+        method: 'GET'
+    },{}, function(res) {
+        assert.equal(res.statusCode, 200, res.statusCode + ': ' + res.body);
+        var out = JSON.parse(res.body);
+        assert.ok(out.hasOwnProperty('time'));
+        assert.equal(out.total_rows, 1);
+        assert.equal(out.rows.length, 1);
+        assert.equal(_.keys(out.rows[0]).length, 2);
+        assert.equal(out.rows[0].upper, 'TOST');
+        assert.equal(out.rows[0].reverse, 'tsot');
+        done();
+    });
+});
+
 test('GET /api/v1/sql with SQL parameter on DROP DATABASE only.header based db - should fail', function(){
    assert.response(app, {
        url: "/api/v1/sql?q=DROP%20TABLE%20untitle_table_4",