From 73424fbf64ae93f89cee5f9b879e79187ddcfbff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Victor=20Tozatti=20Risso?= <jvtr12@c3sl.ufpr.br>
Date: Mon, 11 Jul 2016 14:51:08 -0300
Subject: [PATCH] Implement queries for cities and states
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: João Victor Tozatti Risso <jvtr12@c3sl.ufpr.br>
---
libs/routes/api.js | 78 ++++++++++++++++++++--------------------------
1 file changed, 33 insertions(+), 45 deletions(-)
diff --git a/libs/routes/api.js b/libs/routes/api.js
index ad255719..eb1926e0 100644
--- a/libs/routes/api.js
+++ b/libs/routes/api.js
@@ -47,8 +47,7 @@ router.get('/enrollments', function(req, res) {
var id = 0;
var location_id = 0;
var adm_dependency_id = 0;
- var start_year = 0;
- var end_year = 0;
+ var census_year = 0;
var enrollmentSql = "";
if (params.id)
@@ -63,77 +62,66 @@ router.get('/enrollments', function(req, res) {
if (params.adm_dependency_id)
{
- adm_dependency_id = parseInt(params.adm_dependency_id)
+ adm_dependency_id = parseInt(params.adm_dependency_id, 10);
}
- if (!params.start_year && !params.end_year)
+ if (params.census_year)
{
- var yearSql = "SELECT MIN(t.ano_censo) AS start_year, MAX(t.ano_censo) AS end_year FROM turmas AS t";
- conn.query(yearSql, true).then(function(result) {
- start_year = result.data.start_year;
- end_year = result.data.end_year;
- });
- }
-
- if (params.start_year)
- {
- start_year = parseInt(params.start_year, 10);
- } else if (start_year == 0) { // if start_year was not previously set
- var yearSql = "SELECT MIN(t.ano_censo) AS start_year FROM turmas AS t";
- conn.query(yearSql, true).then(function(result) {
- start_year = result.data.start_year;
- });
- }
-
- if (params.end_year)
- {
- end_year = parseInt(params.end_year, 10);
- } else if (end_year == 0) { // if end_year was not previously set
- var yearSql = "SELECT MAX(t.ano_censo) AS end_year FROM turmas AS t";
- conn.query(yearSql, true).then(function(result) {
- end_year = result.data.end_year;
- });
+ census_year = parseInt(params.census_year, 10);
}
+ /**
+ * FIXME: parameter substitution in the queries is not safe (vulnerable to
+ * SQL injection). Substitution from MonetDB module is not working for some
+ * reason.
+ */
switch(params.aggregate)
{
- /** TODO: function to compute enrollments by state in the database not yet available
+ case "city":
+ if (id) {
+ enrollmentSql = "SELECT nome AS name, total FROM mat_municipio(" + id + "," + census_year + "," + adm_dependency_id + "," + location_id + ")";
+ } else {
+ enrollmentSql = "SELECT nome AS name, total FROM mat_municipios(" + census_year + "," + adm_dependency_id + "," + location_id + ")";
+ }
+ break;
case "state":
- tbl_name = "matriculas_estado";
+ if (id) {
+ enrollmentSql = "SELECT nome AS name, total FROM mat_estado(" + id + "," + census_year + "," + adm_dependency_id + "," + location_id + ")";
+ } else {
+ enrollmentSql = "SELECT nome AS name, total FROM mat_estados(" + census_year + "," + adm_dependency_id + "," + location_id + ")";
+ }
break;
- */
case "region":
- if (!id) {
- enrollmentSql = "SELECT nome AS name, total, ano_inicio AS start_year, ano_fim AS end_year \
- FROM matRegioes(" + start_year + "," + end_year + "," + adm_dependency_id + "," + location_id + ")";
+ if (id) {
+ enrollmentSql = "SELECT nome AS name, total FROM mat_regiao(" + id + "," + census_year + "," + adm_dependency_id + "," + location_id + ")";
} else {
- enrollmentSql = "SELECT nome AS name, total, ano_inicio AS start_year, ano_fim AS end_year \
- FROM matRegiao(" + id + "," + start_year + "," + end_year + "," + adm_dependency_id + "," + location_id + ")";
+ enrollmentSql = "SELECT nome AS name, total FROM mat_regioes(" + census_year + "," + adm_dependency_id + "," + location_id + ")";
}
break;
default:
- enrollmentSql = "SELECT nome AS name, total, ano_inicio AS start_year, ano_fim AS end_year \
- FROM matBrasil(" + start_year + "," + end_year + "," + adm_dependency_id + "," + location_id + ")";
+ enrollmentSql = "SELECT nome AS name, total FROM mat_brasil(" + census_year + "," + adm_dependency_id + "," + location_id + ")";
}
log.debug(params);
- log.debug("Executing query :\"" + enrollmentSql + "\"");
+ log.debug("Executing query: " + enrollmentSql);
+ log.debug("Query parameters:" + enrollmentSqlParams);
- conn.query(enrollmentSql, true).then(function(result) {
+ conn.query(enrollmentSql).then(function(result) {
log.debug(result);
if (req.query.format === 'csv') {
- res.csv(result.data)
+ res.csv(result.data);
} else if (req.query.format === 'xml') {
- res.set('Content-Type', 'text/xml')
+ res.set('Content-Type', 'text/xml');
res.send(xml({
result: result.data
- }))
+ }));
}
else {
res.json({
result: result.data
- })
+ });
}
+ log.debug("All resources were released");
});
})
--
GitLab