dossier: fix SQL deprecation error

ActiveRecord 6.1 disallows passing strings to the `order()` function, to
prevent SQL injections.

Here we know that the order string is safe: `ts_vector` is constant,
and `ts_query` is properly escaped.

Wrap the SQL fragment in Arel.sql to bypass the error.
This commit is contained in:
Pierre de La Morinerie 2021-02-17 17:25:41 +00:00
parent 21356e42b8
commit 185c74d891

View file

@ -37,7 +37,7 @@ class DossierSearchService
dossiers
.where("#{ts_vector} @@ #{ts_query}")
.order("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC")
.order(Arel.sql("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC"))
end
def self.dossier_by_exact_id_for_user(search_terms, user)
@ -57,7 +57,7 @@ class DossierSearchService
.dossiers
.state_not_brouillon
.where("#{ts_vector} @@ #{ts_query}")
.order("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC")
.order(Arel.sql("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC"))
end
def self.to_tsquery(search_terms)