diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2013-09-26 13:27:21 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2013-09-26 13:27:21 +0000 |
| commit | d44b92b01f42e62573ff952215b102552159beb0 (patch) | |
| tree | 47f237723dfc632d17abc1e9dcfcb7dd54c9d2d5 | |
| parent | fb00ff8f05dae3c110beceb929ea036e4cd14ae1 (diff) | |
| download | acf-provisioning-d44b92b01f42e62573ff952215b102552159beb0.tar.bz2 acf-provisioning-d44b92b01f42e62573ff952215b102552159beb0.tar.xz | |
Use acf.db library from acf-lib-0.6.0
| -rw-r--r-- | provisioning-model.lua | 370 |
1 files changed, 150 insertions, 220 deletions
diff --git a/provisioning-model.lua b/provisioning-model.lua index fd20d7e..c9fe6d3 100644 --- a/provisioning-model.lua +++ b/provisioning-model.lua @@ -6,6 +6,7 @@ require("posix") fs = require("acf.fs") format = require("acf.format") validator = require("acf.validator") +db = require("acf.db") require("luasql.postgres") require("session") @@ -21,8 +22,9 @@ local deletedevicescriptfile = "/etc/provisioning/delete_device.lua" local determineclassscriptfile = "/etc/provisioning/determine_class.lua" local processputscriptfile = "/etc/provisioning/process_put.lua" local scriptfiles = {updatedevicescriptfile, updatedeviceparamsscriptfile, deletedevicescriptfile, determineclassscriptfile, processputscriptfile} -local env -local con + +local provdb = db.create(db.engine.postgresql, DatabaseName, DatabaseUser, DatabasePassword) +provdb.table_creation_scripts = require("provisioning/provisioning-scripts") local saved_devices = {} local saved_device_params = {} @@ -32,8 +34,6 @@ local get_device local get_device_params local set_device_params -local table_creation_scripts = require("provisioning/provisioning-scripts") - -- ################################################################################ -- LOCAL FUNCTIONS local function assert (v, m) @@ -44,12 +44,6 @@ local function assert (v, m) return v, m end --- Escape special characters in sql statements -local escape = function(sql) - sql = sql or "" - return con:escape(sql) -end - local createdatabase = function() local result = {} local cmdresult, errtxt @@ -101,101 +95,37 @@ local deletedatabase = function() end local databaseconnect = function() - if not con then - -- create environment object - env = assert (luasql.postgres()) - -- connect to data source - local err - con, err = env:connect(DatabaseName, DatabaseUser, DatabasePassword) - if err and (string.match(err, 'Error connecting to database.') or string.match(string.lower(err), 'database "provisioning" does not exist')) then + local result = false + local res, err = pcall(function() + result = provdb.databaseconnect() + end) + if not res and err then + if string.match(err, 'Error connecting to database.') or string.match(string.lower(err), 'database "provisioning" does not exist') then createdatabase() - con, err = env:connect(DatabaseName, DatabaseUser, DatabasePassword) - if con then - -- Let's create all the tables from the start - for n,v in pairs(table_creation_scripts) do - if not string.match(n, "^_") then - runsqlcommand("SELECT * FROM "..escape(n).." LIMIT 1") - end + result = provdb.databaseconnect() + -- Let's create all the tables from the start + for n,v in pairs(provdb.table_creation_scripts) do + if not string.match(n, "^_") then + runsqlcommand("SELECT * FROM "..provdb.escape(n).." LIMIT 1") end end + else + assert(res, err) end - assert(con, err) - return true - end - return false -end - -local databasedisconnect = function() - if env then - env:close() - env = nil - end - if con then - con:close() - con = nil - end -end - -local runscript = function(script, in_transaction) - for i,scr in ipairs(script) do - runsqlcommand(scr, in_transaction) end + return result end -- This function is used by scripts, do not change prototype -runsqlcommand = function(sql, in_transaction) +runsqlcommand = function(sql, transaction) logevent(sql) - if in_transaction then assert(con:execute("SAVEPOINT before_command")) end - local res, err = con:execute(sql) - if not res and err then - -- Catch the error to see if it's caused by lack of table -logevent(err) - local table = string.match(err, "relation \"(%S+)\" does not exist") - if table and table_creation_scripts[table] then - if in_transaction then assert(con:execute("ROLLBACK TO before_command")) end - runscript(table_creation_scripts[table]) - runsqlcommand(sql) - else - assert(res, err) - end - else - if in_transaction then assert(con:execute("RELEASE SAVEPOINT before_command")) end - end + return provdb.runsqlcommand(sql, transaction) end -- This function is used by scripts, do not change prototype getselectresponse = function(sql, in_transaction) - local retval = {} - if in_transaction then assert(con:execute("SAVEPOINT before_select")) end - local res, err = pcall(function() logevent(sql) - local cur = assert (con:execute(sql)) - local row = cur:fetch ({}, "a") - while row do - local tmp = {} - for name,val in pairs(row) do - tmp[name] = val - end - retval[#retval + 1] = tmp - row = cur:fetch (row, "a") - end - cur:close() - end) - if not res and err then -logevent(err) - -- Catch the error to see if it's caused by lack of table - local table = string.match(err, "relation \"(%S+)\" does not exist") - if table and table_creation_scripts[table] then - if in_transaction then assert(con:execute("ROLLBACK TO before_select")) end - runscript(table_creation_scripts[table]) - return getselectresponse(sql) - else - assert(res, err) - end - else - if in_transaction then assert(con:execute("RELEASE SAVEPOINT before_select")) end - end - return retval + return provdb.getselectresponse(sql, transaction) end local validateparam @@ -333,7 +263,7 @@ list_templates = function() local connected = databaseconnect() local sql = "SELECT value AS filename, label, seq FROM provisioning_options WHERE param_id = (SELECT param_id FROM provisioning_params WHERE name = 'template') ORDER BY seq ASC, label ASC, value ASC" retval = getselectresponse(sql) - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -375,7 +305,7 @@ get_template = function(self, clientdata) if filename and filename ~= "" then local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..escape(filename).."' ORDER BY seq ASC, label ASC, value ASC" + local sql = "SELECT * FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..provdb.escape(filename).."' ORDER BY seq ASC, label ASC, value ASC" local tmp = getselectresponse(sql) if tmp and #tmp > 0 then for n,v in pairs(tmp[1]) do @@ -386,7 +316,7 @@ get_template = function(self, clientdata) end end end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -426,7 +356,7 @@ update_template = function(self, template, action, create) if success then local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..escape(template.value.filename.value).."'" + local sql = "SELECT * FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..provdb.escape(template.value.filename.value).."'" local tmp = getselectresponse(sql) if not create and (not tmp or #tmp == 0) then success = false @@ -437,15 +367,15 @@ update_template = function(self, template, action, create) end if success then if create then - sql = "INSERT INTO provisioning_options VALUES((SELECT param_id FROM provisioning_params WHERE name='template'), '"..escape(template.value.label.value).."', '"..escape(template.value.filename.value).."', '"..escape(template.value.seq.value).."')" + sql = "INSERT INTO provisioning_options VALUES((SELECT param_id FROM provisioning_params WHERE name='template'), '"..provdb.escape(template.value.label.value).."', '"..provdb.escape(template.value.filename.value).."', '"..provdb.escape(template.value.seq.value).."')" else - sql = "UPDATE provisioning_options SET (label, seq) = ('"..escape(template.value.label.value).."', '"..escape(template.value.seq.value).."') WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..escape(template.value.filename.value).."'" + sql = "UPDATE provisioning_options SET (label, seq) = ('"..provdb.escape(template.value.label.value).."', '"..provdb.escape(template.value.seq.value).."') WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..provdb.escape(template.value.filename.value).."'" end runsqlcommand(sql) fs.write_file(template.value.filename.value, string.gsub(format.dostounix(template.value.filecontent.value), "\n+$", "")) end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then success = false @@ -474,19 +404,19 @@ delete_template = function(self, delreq) delreq.errtxt = "Failed to delete template" local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..escape(filename).."'" + local sql = "SELECT * FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..provdb.escape(filename).."'" local tmp = getselectresponse(sql) if #tmp == 0 then delreq.value.filename.errtxt = "Template does not exist" else -- Remove the template - sql = "DELETE FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..escape(filename).."'" + sql = "DELETE FROM provisioning_options WHERE param_id=(SELECT param_id FROM provisioning_params WHERE name = 'template') AND value='"..provdb.escape(filename).."'" runsqlcommand(sql) -- Delete the template file os.remove(filename) delreq.errtxt = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then delreq.errtxt = err @@ -503,7 +433,7 @@ list_class_groups = function() local connected = databaseconnect() local sql = "SELECT * FROM provisioning_class_groups ORDER BY seq ASC, label ASC" retval = getselectresponse(sql) - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -524,7 +454,7 @@ get_class_group = function(self, clientdata) local res, err = pcall(function() local connected = databaseconnect() if class_group_id and class_group_id ~= "" then - sql = "SELECT * FROM provisioning_class_groups WHERE class_group_id='"..escape(class_group_id).."'" + sql = "SELECT * FROM provisioning_class_groups WHERE class_group_id='"..provdb.escape(class_group_id).."'" tmp = getselectresponse(sql) if tmp and #tmp > 0 then for n,v in pairs(tmp[1]) do @@ -536,7 +466,7 @@ get_class_group = function(self, clientdata) else retval.class_group_id = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -572,7 +502,7 @@ update_class_group = function(self, group, action, create) local res, err = pcall(function() local connected = databaseconnect() if not create then - local sql = "SELECT * FROM provisioning_class_groups WHERE class_group_id='"..escape(group.value.class_group_id.value).."'" + local sql = "SELECT * FROM provisioning_class_groups WHERE class_group_id='"..provdb.escape(group.value.class_group_id.value).."'" local tmp = getselectresponse(sql) if not tmp or #tmp == 0 then success = false @@ -583,9 +513,9 @@ update_class_group = function(self, group, action, create) local sql = "BEGIN TRANSACTION" runsqlcommand(sql) if create then - sql = "INSERT INTO provisioning_class_groups VALUES(DEFAULT, '"..escape(group.value.name.value).."', '"..escape(group.value.label.value).."', '"..escape(group.value.seq.value).."')" + sql = "INSERT INTO provisioning_class_groups VALUES(DEFAULT, '"..provdb.escape(group.value.name.value).."', '"..provdb.escape(group.value.label.value).."', '"..provdb.escape(group.value.seq.value).."')" runsqlcommand(sql, true) - sql = "SELECT class_group_id FROM provisioning_class_groups WHERE label='"..escape(group.value.label.value).."'" + sql = "SELECT class_group_id FROM provisioning_class_groups WHERE label='"..provdb.escape(group.value.label.value).."'" local tmp = getselectresponse(sql, true) if tmp and #tmp>0 then group.value.class_group_id = cfe({value=tmp[1].class_group_id, label="Class Group ID", readonly=true, seq=1}) @@ -593,14 +523,14 @@ update_class_group = function(self, group, action, create) error("Failed to insert class group", 0) end else - sql = "UPDATE provisioning_class_groups SET (name, label, seq) = ('"..escape(group.value.name.value).."', '"..escape(group.value.label.value).."', '"..escape(group.value.seq.value).."') WHERE class_group_id='"..escape(group.value.class_group_id.value).."'" + sql = "UPDATE provisioning_class_groups SET (name, label, seq) = ('"..provdb.escape(group.value.name.value).."', '"..provdb.escape(group.value.label.value).."', '"..provdb.escape(group.value.seq.value).."') WHERE class_group_id='"..provdb.escape(group.value.class_group_id.value).."'" runsqlcommand(sql, true) end sql = "COMMIT" runsqlcommand(sql) end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -630,16 +560,16 @@ delete_class_group = function(self, delreq) delreq.errtxt = "Failed to delete class group" local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_class_groups WHERE class_group_id='"..escape(class_group_id).."'" + local sql = "SELECT * FROM provisioning_class_groups WHERE class_group_id='"..provdb.escape(class_group_id).."'" local tmp = getselectresponse(sql) if #tmp == 0 then delreq.value.class_group_id.errtxt = "Group does not exist" else - sql = "DELETE FROM provisioning_class_groups WHERE class_group_id='"..escape(class_group_id).."'" + sql = "DELETE FROM provisioning_class_groups WHERE class_group_id='"..provdb.escape(class_group_id).."'" runsqlcommand(sql) delreq.errtxt = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then delreq.errtxt = err @@ -656,7 +586,7 @@ list_classes = function() local connected = databaseconnect() local sql = "SELECT class_id, g.label AS group, g.name, c.label, c.seq FROM provisioning_classes c JOIN provisioning_class_groups g USING(class_group_id) ORDER BY g.seq ASC, g.label ASC, c.seq ASC, c.label ASC" retval = getselectresponse(sql) - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -679,7 +609,7 @@ get_class = function(self, clientdata) local groups = {} local connected = databaseconnect() if class_id and class_id ~= "" then - local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..escape(class_id).."'" + local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..provdb.escape(class_id).."'" local tmp = getselectresponse(sql) if tmp and #tmp > 0 then for n,v in pairs(tmp[1]) do @@ -689,7 +619,7 @@ get_class = function(self, clientdata) end end -- Now, get the class-to-paramgroup mappings - sql = "SELECT group_id FROM classes_to_param_groups WHERE class_id='"..escape(class_id).."'" + sql = "SELECT group_id FROM classes_to_param_groups WHERE class_id='"..provdb.escape(class_id).."'" tmp = getselectresponse(sql) for i,g in ipairs(tmp) do groups[g.group_id] = true @@ -716,7 +646,7 @@ get_class = function(self, clientdata) group.value = g.group_id end end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -749,7 +679,7 @@ update_class = function(self, class, action, create) local res, err = pcall(function() local connected = databaseconnect() if not create then - local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..escape(class.value.class_id.value).."'" + local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..provdb.escape(class.value.class_id.value).."'" local tmp = getselectresponse(sql) if not tmp or #tmp == 0 then success = false @@ -760,9 +690,9 @@ update_class = function(self, class, action, create) local sql = "BEGIN TRANSACTION" runsqlcommand(sql) if create then - sql = "INSERT INTO provisioning_classes VALUES(DEFAULT, '"..escape(class.value.class_group_id.value).."', '"..escape(class.value.label.value).."', '"..escape(class.value.seq.value).."')" + sql = "INSERT INTO provisioning_classes VALUES(DEFAULT, '"..provdb.escape(class.value.class_group_id.value).."', '"..provdb.escape(class.value.label.value).."', '"..provdb.escape(class.value.seq.value).."')" runsqlcommand(sql, true) - sql = "SELECT class_id FROM provisioning_classes WHERE class_group_id='"..escape(class.value.class_group_id.value).."' AND label='"..escape(class.value.label.value).."'" + sql = "SELECT class_id FROM provisioning_classes WHERE class_group_id='"..provdb.escape(class.value.class_group_id.value).."' AND label='"..provdb.escape(class.value.label.value).."'" local tmp = getselectresponse(sql, true) if tmp and #tmp>0 then class.value.class_id = cfe({value=tmp[1].class_id, label="Class ID", readonly=true, seq=1}) @@ -770,15 +700,15 @@ update_class = function(self, class, action, create) error("Failed to insert class", 0) end else - sql = "UPDATE provisioning_classes SET (class_group_id, label, seq) = ('"..escape(class.value.class_group_id.value).."', '"..escape(class.value.label.value).."', '"..escape(class.value.seq.value).."') WHERE class_id='"..escape(class.value.class_id.value).."'" + sql = "UPDATE provisioning_classes SET (class_group_id, label, seq) = ('"..provdb.escape(class.value.class_group_id.value).."', '"..provdb.escape(class.value.label.value).."', '"..provdb.escape(class.value.seq.value).."') WHERE class_id='"..provdb.escape(class.value.class_id.value).."'" runsqlcommand(sql, true) - sql = "DELETE FROM classes_to_param_groups WHERE class_id='"..escape(class.value.class_id.value).."'" + sql = "DELETE FROM classes_to_param_groups WHERE class_id='"..provdb.escape(class.value.class_id.value).."'" runsqlcommand(sql, true) end -- Insert the class to group entries for n,g in pairs(class.value.groups.value) do if g.value ~= "" then - sql = "INSERT INTO classes_to_param_groups VALUES('"..escape(class.value.class_id.value).."', '"..escape(g.value).."')" + sql = "INSERT INTO classes_to_param_groups VALUES('"..provdb.escape(class.value.class_id.value).."', '"..provdb.escape(g.value).."')" runsqlcommand(sql, true) end end @@ -786,7 +716,7 @@ update_class = function(self, class, action, create) sql = "COMMIT" runsqlcommand(sql) end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -816,22 +746,22 @@ delete_class = function(self, delreq) delreq.errtxt = "Failed to delete class" local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..escape(class_id).."'" + local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..provdb.escape(class_id).."'" local tmp = getselectresponse(sql) if #tmp == 0 then delreq.value.class_id.errtxt = "Class does not exist" else sql = "BEGIN TRANSACTION" runsqlcommand(sql) - sql = "DELETE FROM classes_to_param_groups WHERE class_id='"..escape(class_id).."'" + sql = "DELETE FROM classes_to_param_groups WHERE class_id='"..provdb.escape(class_id).."'" runsqlcommand(sql, true) - sql = "DELETE FROM provisioning_classes WHERE class_id='"..escape(class_id).."'" + sql = "DELETE FROM provisioning_classes WHERE class_id='"..provdb.escape(class_id).."'" runsqlcommand(sql, true) sql = "COMMIT" runsqlcommand(sql) delreq.errtxt = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -849,7 +779,7 @@ list_groups = function() local connected = databaseconnect() local sql = "SELECT * FROM provisioning_groups ORDER BY seq ASC, name ASC, label ASC" retval = getselectresponse(sql) - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -880,7 +810,7 @@ get_group = function(self, clientdata) retval.editable.option[#retval.editable.option + 1] = {value=p.param_id, label=p.label} p.seq = i if p.type == "select" then - sql = "SELECT * FROM provisioning_options WHERE param_id='"..escape(p.param_id).."' ORDER BY seq ASC" + sql = "SELECT * FROM provisioning_options WHERE param_id='"..provdb.escape(p.param_id).."' ORDER BY seq ASC" p.option = getselectresponse(sql) or {} end if p.type == "boolean" then @@ -890,7 +820,7 @@ get_group = function(self, clientdata) retval.defaults.value[p.param_id] = p end if group_id and group_id ~= "" then - sql = "SELECT * FROM provisioning_groups WHERE group_id='"..escape(group_id).."'" + sql = "SELECT * FROM provisioning_groups WHERE group_id='"..provdb.escape(group_id).."'" tmp = getselectresponse(sql) if tmp and #tmp > 0 then for n,v in pairs(tmp[1]) do @@ -900,7 +830,7 @@ get_group = function(self, clientdata) end end -- Now, get the paramgroup-to-param mappings - sql = "SELECT * FROM param_groups_to_params WHERE group_id='"..escape(group_id).."'" + sql = "SELECT * FROM param_groups_to_params WHERE group_id='"..provdb.escape(group_id).."'" tmp = getselectresponse(sql) for i,p in ipairs(tmp) do retval.params.value[#retval.params.value + 1] = p.param_id @@ -918,7 +848,7 @@ get_group = function(self, clientdata) else retval.group_id = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -964,7 +894,7 @@ update_group = function(self, group, action, create) local res, err = pcall(function() local connected = databaseconnect() if not create then - local sql = "SELECT * FROM provisioning_groups WHERE group_id='"..escape(group.value.group_id.value).."'" + local sql = "SELECT * FROM provisioning_groups WHERE group_id='"..provdb.escape(group.value.group_id.value).."'" local tmp = getselectresponse(sql) if not tmp or #tmp == 0 then success = false @@ -975,9 +905,9 @@ update_group = function(self, group, action, create) local sql = "BEGIN TRANSACTION" runsqlcommand(sql) if create then - sql = "INSERT INTO provisioning_groups VALUES(DEFAULT, '"..escape(group.value.name.value).."', '"..escape(group.value.label.value).."', '"..escape(group.value.seq.value).."')" + sql = "INSERT INTO provisioning_groups VALUES(DEFAULT, '"..provdb.escape(group.value.name.value).."', '"..provdb.escape(group.value.label.value).."', '"..provdb.escape(group.value.seq.value).."')" runsqlcommand(sql, true) - sql = "SELECT group_id FROM provisioning_groups WHERE name='"..escape(group.value.name.value).."' AND label='"..escape(group.value.label.value).."'" + sql = "SELECT group_id FROM provisioning_groups WHERE name='"..provdb.escape(group.value.name.value).."' AND label='"..provdb.escape(group.value.label.value).."'" local tmp = getselectresponse(sql, true) if tmp and #tmp>0 then group.value.group_id = cfe({value=tmp[1].group_id, label="Group ID", readonly=true, seq=1}) @@ -985,9 +915,9 @@ update_group = function(self, group, action, create) error("Failed to insert parameter group", 0) end else - sql = "UPDATE provisioning_groups SET (name, label, seq) = ('"..escape(group.value.name.value).."', '"..escape(group.value.label.value).."', '"..escape(group.value.seq.value).."') WHERE group_id='"..escape(group.value.group_id.value).."'" + sql = "UPDATE provisioning_groups SET (name, label, seq) = ('"..provdb.escape(group.value.name.value).."', '"..provdb.escape(group.value.label.value).."', '"..provdb.escape(group.value.seq.value).."') WHERE group_id='"..provdb.escape(group.value.group_id.value).."'" runsqlcommand(sql, true) - sql = "DELETE FROM param_groups_to_params WHERE group_id='"..escape(group.value.group_id.value).."'" + sql = "DELETE FROM param_groups_to_params WHERE group_id='"..provdb.escape(group.value.group_id.value).."'" runsqlcommand(sql, true) end -- Reverse the editable table for ease of use below @@ -997,20 +927,20 @@ update_group = function(self, group, action, create) end -- Insert the group to param entries for i,p in ipairs(group.value.params.value) do - sql = "INSERT INTO param_groups_to_params VALUES('"..escape(group.value.group_id.value).."', '"..escape(p).."', " + sql = "INSERT INTO param_groups_to_params VALUES('"..provdb.escape(group.value.group_id.value).."', '"..provdb.escape(p).."', " if group.value.defaults.value[p].value ~= group.value.defaults.value[p].default then - sql = sql.."'"..escape(tostring(group.value.defaults.value[p].value)).."'" + sql = sql.."'"..provdb.escape(tostring(group.value.defaults.value[p].value)).."'" else sql = sql.."null" end - sql = sql..", '"..escape(tostring(reverseeditable[p] ~= nil)).."')" + sql = sql..", '"..provdb.escape(tostring(reverseeditable[p] ~= nil)).."')" runsqlcommand(sql, true) end sql = "COMMIT" runsqlcommand(sql) end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1040,22 +970,22 @@ delete_group = function(self, delreq) delreq.errtxt = "Failed to delete parameter group" local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_groups WHERE group_id='"..escape(group_id).."'" + local sql = "SELECT * FROM provisioning_groups WHERE group_id='"..provdb.escape(group_id).."'" local tmp = getselectresponse(sql) if #tmp == 0 then delreq.value.group_id.errtxt = "Group does not exist" else sql = "BEGIN TRANSACTION" runsqlcommand(sql) - sql = "DELETE FROM param_groups_to_params WHERE group_id='"..escape(group_id).."'" + sql = "DELETE FROM param_groups_to_params WHERE group_id='"..provdb.escape(group_id).."'" runsqlcommand(sql, true) - sql = "DELETE FROM provisioning_groups WHERE group_id='"..escape(group_id).."'" + sql = "DELETE FROM provisioning_groups WHERE group_id='"..provdb.escape(group_id).."'" runsqlcommand(sql, true) sql = "COMMIT" runsqlcommand(sql) delreq.errtxt = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1073,7 +1003,7 @@ list_params = function() local connected = databaseconnect() local sql = "SELECT * FROM provisioning_params ORDER BY seq ASC, name ASC, label ASC" retval = getselectresponse(sql) - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1099,7 +1029,7 @@ get_param = function(self, clientdata) local res, err = pcall(function() local connected = databaseconnect() if param_id and param_id ~= "" then - sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param_id).."'" + sql = "SELECT * FROM provisioning_params WHERE param_id='"..provdb.escape(param_id).."'" tmp = getselectresponse(sql) if tmp and #tmp > 0 then for n,v in pairs(tmp[1]) do @@ -1111,7 +1041,7 @@ get_param = function(self, clientdata) else retval.param_id = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1153,7 +1083,7 @@ update_param = function(self, param, action, create) local res, err = pcall(function() local connected = databaseconnect() if not create then - local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param.value.param_id.value).."'" + local sql = "SELECT * FROM provisioning_params WHERE param_id='"..provdb.escape(param.value.param_id.value).."'" local tmp = getselectresponse(sql) if not tmp or #tmp == 0 then success = false @@ -1164,9 +1094,9 @@ update_param = function(self, param, action, create) local sql = "BEGIN TRANSACTION" runsqlcommand(sql) if create then - sql = "INSERT INTO provisioning_params VALUES(DEFAULT, '"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."', '"..escape(format.dostounix(param.value.validate.value)).."')" + sql = "INSERT INTO provisioning_params VALUES(DEFAULT, '"..provdb.escape(param.value.name.value).."', '"..provdb.escape(param.value.type.value).."', '"..provdb.escape(param.value.label.value).."', '"..provdb.escape(param.value.descr.value).."', '"..provdb.escape(param.value.value.value).."', '"..provdb.escape(param.value.seq.value).."', '"..provdb.escape(param.value.regexp.value).."', '"..provdb.escape(format.dostounix(param.value.validate.value)).."')" runsqlcommand(sql, true) - sql = "SELECT param_id FROM provisioning_params WHERE name='"..escape(param.value.name.value).."' AND label='"..escape(param.value.label.value).."'" + sql = "SELECT param_id FROM provisioning_params WHERE name='"..provdb.escape(param.value.name.value).."' AND label='"..provdb.escape(param.value.label.value).."'" local tmp = getselectresponse(sql, true) if tmp and #tmp>0 then param.value.param_id = cfe({value=tmp[1].param_id, label="Param ID", readonly=true, seq=1}) @@ -1174,14 +1104,14 @@ update_param = function(self, param, action, create) error("Failed to insert parameter", 0); end else - sql = "UPDATE provisioning_params SET (name, type, label, descr, value, seq, regexp, validate) = ('"..escape(param.value.name.value).."', '"..escape(param.value.type.value).."', '"..escape(param.value.label.value).."', '"..escape(param.value.descr.value).."', '"..escape(param.value.value.value).."', '"..escape(param.value.seq.value).."', '"..escape(param.value.regexp.value).."', '"..escape(format.dostounix(param.value.validate.value)).."') WHERE param_id='"..escape(param.value.param_id.value).."'" + sql = "UPDATE provisioning_params SET (name, type, label, descr, value, seq, regexp, validate) = ('"..provdb.escape(param.value.name.value).."', '"..provdb.escape(param.value.type.value).."', '"..provdb.escape(param.value.label.value).."', '"..provdb.escape(param.value.descr.value).."', '"..provdb.escape(param.value.value.value).."', '"..provdb.escape(param.value.seq.value).."', '"..provdb.escape(param.value.regexp.value).."', '"..provdb.escape(format.dostounix(param.value.validate.value)).."') WHERE param_id='"..provdb.escape(param.value.param_id.value).."'" runsqlcommand(sql, true) end sql = "COMMIT" runsqlcommand(sql) end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1211,22 +1141,22 @@ delete_param = function(self, delreq) delreq.errtxt = "Failed to delete parameter" local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param_id).."'" + local sql = "SELECT * FROM provisioning_params WHERE param_id='"..provdb.escape(param_id).."'" local tmp = getselectresponse(sql) if #tmp == 0 then delreq.value.param_id.errtxt = "Parameter does not exist" else sql = "BEGIN TRANSACTION" runsqlcommand(sql) - sql = "DELETE FROM provisioning_options WHERE param_id='"..escape(param_id).."'" + sql = "DELETE FROM provisioning_options WHERE param_id='"..provdb.escape(param_id).."'" runsqlcommand(sql, true) - sql = "DELETE FROM provisioning_params WHERE param_id='"..escape(param_id).."'" + sql = "DELETE FROM provisioning_params WHERE param_id='"..provdb.escape(param_id).."'" runsqlcommand(sql, true) sql = "COMMIT" runsqlcommand(sql) delreq.errtxt = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1252,7 +1182,7 @@ list_devices = function() end retval[reverse_device_id[d.device_id]][d.group] = d.class end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1282,7 +1212,7 @@ get_device = function(self, device_id, create) local connected = databaseconnect() if not create and device_id and device_id ~= "" then -- Get the device-to-class mappings - local sql = "SELECT class_id FROM devices_to_classes WHERE device_id='"..escape(device_id).."'" + local sql = "SELECT class_id FROM devices_to_classes WHERE device_id='"..provdb.escape(device_id).."'" local tmp = getselectresponse(sql) for i,g in ipairs(tmp) do classes[g.class_id] = true @@ -1301,7 +1231,7 @@ get_device = function(self, device_id, create) class.value = c.class_id end end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1333,7 +1263,7 @@ update_device = function(self, device, action, create) local res, err = pcall(function() local connected = databaseconnect() if not create then - local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..escape(device.value.device_id.value).."' LIMIT 1" + local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..provdb.escape(device.value.device_id.value).."' LIMIT 1" local tmp = getselectresponse(sql) if not tmp or #tmp == 0 then success = false @@ -1353,12 +1283,12 @@ update_device = function(self, device, action, create) device.value.device_id.value = tmp[1].nextval end end - sql = "DELETE FROM devices_to_classes WHERE device_id='"..escape(device.value.device_id.value).."'" + sql = "DELETE FROM devices_to_classes WHERE device_id='"..provdb.escape(device.value.device_id.value).."'" runsqlcommand(sql, true) -- Insert the device to class entries for n,c in pairs(device.value.classes.value) do if c.value ~= "" then - sql = "INSERT INTO devices_to_classes VALUES('"..escape(device.value.device_id.value).."', '"..escape(c.value).."')" + sql = "INSERT INTO devices_to_classes VALUES('"..provdb.escape(device.value.device_id.value).."', '"..provdb.escape(c.value).."')" runsqlcommand(sql, true) end end @@ -1370,7 +1300,7 @@ update_device = function(self, device, action, create) callscript(self, updatedevicescriptfile, device, saved_devices[device.value.device_id.value], get_device_params(self, device.value.device_id.value), s) saved_devices[device.value.device_id.value] = device end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1400,7 +1330,7 @@ delete_device = function(self, delreq) delreq.errtxt = "Failed to delete device" local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..escape(device_id).."' LIMIT 1" + local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..provdb.escape(device_id).."' LIMIT 1" local tmp = getselectresponse(sql) if #tmp == 0 then delreq.value.device_id.errtxt = "Device does not exist" @@ -1410,9 +1340,9 @@ delete_device = function(self, delreq) sql = "BEGIN TRANSACTION" runsqlcommand(sql) - sql = "DELETE FROM provisioning_values WHERE device_id='"..escape(device_id).."'" + sql = "DELETE FROM provisioning_values WHERE device_id='"..provdb.escape(device_id).."'" runsqlcommand(sql, true) - sql = "DELETE FROM devices_to_classes WHERE device_id='"..escape(device_id).."'" + sql = "DELETE FROM devices_to_classes WHERE device_id='"..provdb.escape(device_id).."'" runsqlcommand(sql, true) sql = "COMMIT" runsqlcommand(sql) @@ -1422,7 +1352,7 @@ delete_device = function(self, delreq) saved_devices[device_id] = nil saved_device_params[device_id] = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1451,7 +1381,7 @@ get_device_params = function(self, device_id, editable) local res, err = pcall(function() local connected = databaseconnect() -- First, just check to see if device_id exists - local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..escape(device_id).."' LIMIT 1" + local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..provdb.escape(device_id).."' LIMIT 1" local tmp = getselectresponse(sql) if tmp and #tmp > 0 then errtxt = nil @@ -1468,7 +1398,7 @@ get_device_params = function(self, device_id, editable) sql = "SELECT g.name AS group, g.label AS grouplabel, p.param_id, p.name, p.type, p.label, p.descr, p.seq, p.regexp, p.validate, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS value, CASE WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS default ".. "FROM (devices_to_classes d2t JOIN provisioning_classes t USING(class_id) JOIN classes_to_param_groups t2g USING (class_id) JOIN provisioning_groups g USING(group_id) ".. "JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id)) LEFT JOIN provisioning_values v ON(d2t.device_id=v.device_id AND p.param_id=v.param_id AND g.name=v.group_name ) ".. - "WHERE d2t.device_id='"..escape(device_id).."'" + "WHERE d2t.device_id='"..provdb.escape(device_id).."'" if editable then sql = sql.." AND g2p.editable='t'" end @@ -1477,7 +1407,7 @@ get_device_params = function(self, device_id, editable) for i,p in ipairs(tmp) do -- Options if (p.type == "select") then - sql = "SELECT * FROM provisioning_options WHERE param_id='"..escape(p.param_id).."' ORDER BY seq ASC" + sql = "SELECT * FROM provisioning_options WHERE param_id='"..provdb.escape(p.param_id).."' ORDER BY seq ASC" p.option = getselectresponse(sql) or {} end -- Groups @@ -1499,7 +1429,7 @@ get_device_params = function(self, device_id, editable) end end end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1528,7 +1458,7 @@ get_class_values = function(self, retval) local res, err = pcall(function() local connected = databaseconnect() -- First, just check to see if class_id exists - local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..escape(retval.value.class_id.value).."'" + local sql = "SELECT * FROM provisioning_classes WHERE class_id='"..provdb.escape(retval.value.class_id.value).."'" local tmp = getselectresponse(sql) if tmp and #tmp > 0 then retval.errtxt = nil @@ -1538,7 +1468,7 @@ get_class_values = function(self, retval) local sql = "SELECT g.name AS group, p.name, p.type, CASE WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS value ".. "FROM (provisioning_classes t JOIN classes_to_param_groups t2g USING(class_id) JOIN provisioning_groups g USING(group_id) ".. "JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id)) ".. - "WHERE t.class_id='"..escape(retval.value.class_id.value).."'" + "WHERE t.class_id='"..provdb.escape(retval.value.class_id.value).."'" local tmp = getselectresponse(sql) -- Loop through the params and put them into the groups for i,p in ipairs(tmp) do @@ -1553,7 +1483,7 @@ get_class_values = function(self, retval) else retval.value.class_id.errtxt = "Failed to find Class ID" end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then retval.errtxt = err @@ -1580,7 +1510,7 @@ set_device_params = function(self, params, editable) local res, err = pcall(function() local connected = databaseconnect() success = validateparamcoded(self, params) - local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..escape(params.value.device_id.value).."' LIMIT 1" + local sql = "SELECT * FROM devices_to_classes WHERE device_id='"..provdb.escape(params.value.device_id.value).."' LIMIT 1" local tmp = getselectresponse(sql) if not tmp or #tmp == 0 then success = false @@ -1593,7 +1523,7 @@ set_device_params = function(self, params, editable) runsqlcommand(sql) if not editable then -- Delete all values for this device (can't do this if only updating editable) - sql = "DELETE FROM provisioning_values WHERE device_id='"..escape(params.value.device_id.value).."'" + sql = "DELETE FROM provisioning_values WHERE device_id='"..provdb.escape(params.value.device_id.value).."'" runsqlcommand(sql, true) end -- Loop through the groups and params @@ -1601,11 +1531,11 @@ set_device_params = function(self, params, editable) if v.type == "group" then for name,param in pairs(v.value) do if editable then - sql = "DELETE FROM provisioning_values WHERE device_id='"..escape(params.value.device_id.value).."' AND group_name='"..escape(group).."' AND param_id='"..escape(param.param_id).."'" + sql = "DELETE FROM provisioning_values WHERE device_id='"..provdb.escape(params.value.device_id.value).."' AND group_name='"..provdb.escape(group).."' AND param_id='"..provdb.escape(param.param_id).."'" runsqlcommand(sql, true) end if param.value ~= param.default then - sql = "INSERT INTO provisioning_values VALUES('"..escape(params.value.device_id.value).."', '"..escape(group).."', '"..escape(param.param_id).."', '"..escape(tostring(param.value)).."')" + sql = "INSERT INTO provisioning_values VALUES('"..provdb.escape(params.value.device_id.value).."', '"..provdb.escape(group).."', '"..provdb.escape(param.param_id).."', '"..provdb.escape(tostring(param.value)).."')" runsqlcommand(sql, true) end end @@ -1624,7 +1554,7 @@ set_device_params = function(self, params, editable) end callscript(self, updatedeviceparamsscriptfile, p, tmp) end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1652,7 +1582,7 @@ fetch_device_values = function(self, search) search.value.values = get_device_values(self, search.value.result.value[1].device_id) search.value.values.seq = 5 end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then search.errtxt = err @@ -1671,7 +1601,7 @@ get_device_values = function(self, device_id) local sql = "SELECT g.name AS group, p.name, p.type, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END AS value ".. "FROM (devices_to_classes d2t JOIN provisioning_classes t USING(class_id) JOIN classes_to_param_groups t2g USING(class_id) JOIN provisioning_groups g USING(group_id) ".. "JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id)) LEFT JOIN provisioning_values v ON(d2t.device_id=v.device_id AND p.param_id=v.param_id AND g.name=v.group_name ) ".. - "WHERE d2t.device_id='"..escape(device_id).."'" + "WHERE d2t.device_id='"..provdb.escape(device_id).."'" local tmp = getselectresponse(sql) -- Loop through the params and put them into the groups for i,p in ipairs(tmp) do @@ -1683,7 +1613,7 @@ get_device_values = function(self, device_id) end retval[p.group][p.name] = p.value end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1719,7 +1649,7 @@ get_search_options = function() for i,o in ipairs(blankopt) do retval.id.option[#retval.id.option + 1] = o end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1749,23 +1679,23 @@ search_device_values = function(self, search) sql = "SELECT d2t.device_id, " local group, param = string.match(search.value.id.value, "([^%.]*)%.(.*)") if not group then - sql = sql.."'"..escape(search.value.id.value).."' AS param, d2t."..escape(search.value.id.value).." AS value FROM devices_to_classes d2t WHERE d2t."..escape(search.value.id.value).. - escape(search.value.comparison.value).."'"..escape(search.value.value.value).."' GROUP BY device_id" + sql = sql.."'"..provdb.escape(search.value.id.value).."' AS param, d2t."..provdb.escape(search.value.id.value).." AS value FROM devices_to_classes d2t WHERE d2t."..provdb.escape(search.value.id.value).. + provdb.escape(search.value.comparison.value).."'"..provdb.escape(search.value.value.value).."' GROUP BY device_id" else sql = sql.."g.name as group, p.name as param, CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END as value FROM ".. "devices_to_classes d2t JOIN provisioning_classes t USING(class_id) JOIN classes_to_param_groups t2g USING(class_id) ".. "JOIN provisioning_groups g USING(group_id) JOIN param_groups_to_params g2p USING(group_id) JOIN provisioning_params p USING(param_id) ".. "LEFT JOIN provisioning_values v ON(d2t.device_id=v.device_id AND p.param_id=v.param_id AND g.name=v.group_name ) " if group and group ~= "" then - sql = sql.."WHERE g.name='"..escape(group).."' AND" + sql = sql.."WHERE g.name='"..provdb.escape(group).."' AND" else sql = sql.."WHERE" end - sql = sql.." p.name='"..escape(param).."' AND CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END"..escape(search.value.comparison.value).."'"..escape(search.value.value.value).."'" + sql = sql.." p.name='"..provdb.escape(param).."' AND CASE WHEN v.value IS NOT NULL THEN v.value WHEN g2p.value IS NOT NULL THEN g2p.value ELSE p.value END"..provdb.escape(search.value.comparison.value).."'"..provdb.escape(search.value.value.value).."'" end sql = sql.." ORDER BY d2t.device_id ASC" search.value.result.value = getselectresponse(sql) - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then search.errtxt = err @@ -1789,20 +1719,20 @@ get_param_options = function(self, clientdata) local res, err = pcall(function() local connected = databaseconnect() -- First, just check to see if param_id exists - local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(param_id).."'" + local sql = "SELECT * FROM provisioning_params WHERE param_id='"..provdb.escape(param_id).."'" local tmp = getselectresponse(sql) if tmp and #tmp > 0 then errtxt = nil retval.name.value = tmp[1].name retval.label.value = tmp[1].label -- Next, get all of the param options - sql = "SELECT * FROM provisioning_options WHERE param_id='"..escape(param_id).."' ORDER BY seq ASC" + sql = "SELECT * FROM provisioning_options WHERE param_id='"..provdb.escape(param_id).."' ORDER BY seq ASC" local tmp = getselectresponse(sql) or {} for i,t in ipairs(tmp) do retval.options.value[#retval.options.value + 1] = t.value..","..t.label end end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -1819,7 +1749,7 @@ set_param_options = function(self, options) if success then local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_params WHERE param_id='"..escape(options.value.param_id.value).."'" + local sql = "SELECT * FROM provisioning_params WHERE param_id='"..provdb.escape(options.value.param_id.value).."'" local tmp = getselectresponse(sql) if not tmp or #tmp == 0 then success = false @@ -1829,7 +1759,7 @@ set_param_options = function(self, options) local sql = "BEGIN TRANSACTION" runsqlcommand(sql) -- Delete all options for this device - sql = "DELETE FROM provisioning_options WHERE param_id='"..escape(options.value.param_id.value).."'" + sql = "DELETE FROM provisioning_options WHERE param_id='"..provdb.escape(options.value.param_id.value).."'" runsqlcommand(sql, true) -- Loop through the options for i,o in ipairs(options.value.options.value) do @@ -1840,13 +1770,13 @@ set_param_options = function(self, options) v = string.match(o, "^%s*(.*%S)%s*$") l = v end - sql = "INSERT INTO provisioning_options VALUES('"..escape(options.value.param_id.value).."', '"..escape(l).."', '"..escape(v).."', '"..i.."')" + sql = "INSERT INTO provisioning_options VALUES('"..provdb.escape(options.value.param_id.value).."', '"..provdb.escape(l).."', '"..provdb.escape(v).."', '"..i.."')" runsqlcommand(sql, true) end sql = "COMMIT" runsqlcommand(sql) end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then pcall(function() con:execute("ROLLBACK") end) @@ -1892,57 +1822,57 @@ function dump_database(self, db) local sql = "SELECT name, label, seq FROM provisioning_class_groups ORDER BY name, label" local tmp = getselectresponse(sql) for i,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO provisioning_class_groups VALUES(default, '"..escape(t.name).."', '"..escape(t.label).."', '"..escape(t.seq).."');" + lines[#lines+1] = "INSERT INTO provisioning_class_groups VALUES(default, '"..provdb.escape(t.name).."', '"..provdb.escape(t.label).."', '"..provdb.escape(t.seq).."');" end sql = "SELECT g.name AS group, c.label, c.seq FROM provisioning_classes c JOIN provisioning_class_groups g USING(class_group_id) ORDER BY g.name, c.label" tmp = getselectresponse(sql) for i,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO provisioning_classes VALUES(default, (SELECT class_group_id FROM provisioning_class_groups WHERE name='"..escape(t.group).."'), '"..escape(t.label).."', '"..escape(t.seq).."');" + lines[#lines+1] = "INSERT INTO provisioning_classes VALUES(default, (SELECT class_group_id FROM provisioning_class_groups WHERE name='"..provdb.escape(t.group).."'), '"..provdb.escape(t.label).."', '"..provdb.escape(t.seq).."');" end sql = "SELECT name, label, seq FROM provisioning_groups ORDER BY name, label" tmp = getselectresponse(sql) for i,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO provisioning_groups VALUES(default, '"..escape(t.name).."', '"..escape(t.label).."', '"..escape(t.seq).."');" + lines[#lines+1] = "INSERT INTO provisioning_groups VALUES(default, '"..provdb.escape(t.name).."', '"..provdb.escape(t.label).."', '"..provdb.escape(t.seq).."');" end sql = "SELECT name, type, label, descr, value, seq, regexp, validate FROM provisioning_params ORDER BY name" tmp = getselectresponse(sql) for i,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO provisioning_params VALUES(default, '"..escape(t.name).."', '"..escape(t.type).."', '"..escape(t.label).."', '"..escape(t.descr).."', '"..escape(t.value).."', '"..escape(t.seq).."', '"..escape(t.regexp).."', '"..escape(t.validate).."');" + lines[#lines+1] = "INSERT INTO provisioning_params VALUES(default, '"..provdb.escape(t.name).."', '"..provdb.escape(t.type).."', '"..provdb.escape(t.label).."', '"..provdb.escape(t.descr).."', '"..provdb.escape(t.value).."', '"..provdb.escape(t.seq).."', '"..provdb.escape(t.regexp).."', '"..provdb.escape(t.validate).."');" end sql = "SELECT p.name AS param, o.label, o.value, o.seq FROM provisioning_options o JOIN provisioning_params p USING(param_id) ORDER BY p.name, o.seq, o.label" tmp = getselectresponse(sql) for i,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO provisioning_options VALUES((SELECT param_id FROM provisioning_params WHERE name='"..escape(t.param).."'), '"..escape(t.label).."', '"..escape(t.value).."', '"..escape(t.seq).."');" + lines[#lines+1] = "INSERT INTO provisioning_options VALUES((SELECT param_id FROM provisioning_params WHERE name='"..provdb.escape(t.param).."'), '"..provdb.escape(t.label).."', '"..provdb.escape(t.value).."', '"..provdb.escape(t.seq).."');" end sql = "SELECT c.label AS class, g.label AS group FROM provisioning_classes c JOIN classes_to_param_groups USING(class_id) JOIN provisioning_groups g USING(group_id) ORDER BY c.label, g.label" tmp = getselectresponse(sql) for i,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO classes_to_param_groups VALUES((SELECT class_id FROM provisioning_classes WHERE label='"..escape(t.class).."'), (SELECT group_id FROM provisioning_groups WHERE label='"..escape(t.group).."'));" + lines[#lines+1] = "INSERT INTO classes_to_param_groups VALUES((SELECT class_id FROM provisioning_classes WHERE label='"..provdb.escape(t.class).."'), (SELECT group_id FROM provisioning_groups WHERE label='"..provdb.escape(t.group).."'));" end sql = "SELECT p.name AS param, g.label AS group, t.value, t.editable FROM provisioning_params p JOIN param_groups_to_params t USING(param_id) JOIN provisioning_groups g USING(group_id) ORDER BY p.name, g.label" tmp = getselectresponse(sql) for i,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO param_groups_to_params VALUES((SELECT group_id FROM provisioning_groups WHERE label='"..escape(t.group).."'), (SELECT param_id FROM provisioning_params WHERE name='"..escape(t.param).."'), '"..escape(t.value).."', '"..escape(t.editable).."');" + lines[#lines+1] = "INSERT INTO param_groups_to_params VALUES((SELECT group_id FROM provisioning_groups WHERE label='"..provdb.escape(t.group).."'), (SELECT param_id FROM provisioning_params WHERE name='"..provdb.escape(t.param).."'), '"..provdb.escape(t.value).."', '"..provdb.escape(t.editable).."');" end if db.value.devices and db.value.devices.value then sql = "SELECT device_id FROM devices_to_classes GROUP BY device_id ORDER BY device_id ASC" devices = getselectresponse(sql) for i,d in ipairs(devices) do - sql = "SELECT label FROM devices_to_classes JOIN provisioning_classes USING(class_id) WHERE device_id='"..escape(d.device_id).."'" + sql = "SELECT label FROM devices_to_classes JOIN provisioning_classes USING(class_id) WHERE device_id='"..provdb.escape(d.device_id).."'" tmp = getselectresponse(sql) for j,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO devices_to_classes VALUES("..escape(i)..", (SELECT class_id FROM provisioning_classes WHERE label='"..escape(t.label).."'));" + lines[#lines+1] = "INSERT INTO devices_to_classes VALUES("..provdb.escape(i)..", (SELECT class_id FROM provisioning_classes WHERE label='"..provdb.escape(t.label).."'));" end - sql = "SELECT group_name, p.name AS param, v.value FROM provisioning_values v JOIN provisioning_params p USING(param_id) WHERE device_id='"..escape(d.device_id).."'" + sql = "SELECT group_name, p.name AS param, v.value FROM provisioning_values v JOIN provisioning_params p USING(param_id) WHERE device_id='"..provdb.escape(d.device_id).."'" tmp = getselectresponse(sql) for j,t in ipairs(tmp) do - lines[#lines+1] = "INSERT INTO provisioning_values VALUES("..escape(i)..", '"..escape(t.group_name).."', (SELECT param_id FROM provisioning_params WHERE name='"..escape(t.param).."'), '"..escape(t.value).."');" + lines[#lines+1] = "INSERT INTO provisioning_values VALUES("..provdb.escape(i)..", '"..provdb.escape(t.group_name).."', (SELECT param_id FROM provisioning_params WHERE name='"..provdb.escape(t.param).."'), '"..provdb.escape(t.value).."');" end end - lines[#lines+1] = "SELECT pg_catalog.setval('provisioning_device_seq', "..escape(#devices)..", true);" + lines[#lines+1] = "SELECT pg_catalog.setval('provisioning_device_seq', "..provdb.escape(#devices)..", true);" end db.value.data = cfe({ type="longtext", value=table.concat(lines, "\n") or "", label="Database Values" }) - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then db.errtxt = err @@ -1967,12 +1897,12 @@ function get_file(self, clientdata) local connected = databaseconnect() -- Add the device to the table of requests - local sql = "SELECT * FROM provisioning_requests WHERE mac='"..escape(string.upper(mac)).."'" + local sql = "SELECT * FROM provisioning_requests WHERE mac='"..provdb.escape(string.upper(mac)).."'" local requests = getselectresponse(sql) if requests and #requests > 0 then - sql = "UPDATE provisioning_requests SET ip='"..escape(ip).."', agent='"..escape(agent).."', date=now() WHERE mac='"..escape(string.upper(mac)).."'" + sql = "UPDATE provisioning_requests SET ip='"..provdb.escape(ip).."', agent='"..provdb.escape(agent).."', date=now() WHERE mac='"..provdb.escape(string.upper(mac)).."'" else - sql = "INSERT INTO provisioning_requests VALUES('"..escape(string.upper(mac)).."', '"..escape(ip).."', '"..escape(agent).."', now())" + sql = "INSERT INTO provisioning_requests VALUES('"..provdb.escape(string.upper(mac)).."', '"..provdb.escape(ip).."', '"..provdb.escape(agent).."', now())" end runsqlcommand(sql) @@ -1997,7 +1927,7 @@ function get_file(self, clientdata) end end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then result.errtxt = err @@ -2037,7 +1967,7 @@ function put_file(self, clientdata) -- If the script doesn't exist, allow the write retval.value = retval.value or data end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then retval.errtxt = err @@ -2063,7 +1993,7 @@ list_requests = function() for i,v in ipairs(retval) do v.device_id = reverseids[v.mac] end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then errtxt = err @@ -2084,17 +2014,17 @@ delete_request = function(self, delreq) delreq.errtxt = "Failed to delete request" local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_requests WHERE mac='"..escape(string.upper(mac)).."'" + local sql = "SELECT * FROM provisioning_requests WHERE mac='"..provdb.escape(string.upper(mac)).."'" local tmp = getselectresponse(sql) if #tmp == 0 then delreq.value.mac.errtxt = "Request does not exist" else -- Remove the request - sql = "DELETE FROM provisioning_requests WHERE mac='"..escape(string.upper(mac)).."'" + sql = "DELETE FROM provisioning_requests WHERE mac='"..provdb.escape(string.upper(mac)).."'" runsqlcommand(sql) delreq.errtxt = nil end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then delreq.errtxt = err @@ -2115,7 +2045,7 @@ create_from_request = function(self, request) success = false local res, err = pcall(function() local connected = databaseconnect() - local sql = "SELECT * FROM provisioning_requests WHERE mac='"..escape(string.upper(request.value.mac.value)).."'" + local sql = "SELECT * FROM provisioning_requests WHERE mac='"..provdb.escape(string.upper(request.value.mac.value)).."'" local tmp = getselectresponse(sql) if #tmp == 0 then request.value.mac.errtxt = "Request does not exist" @@ -2157,7 +2087,7 @@ create_from_request = function(self, request) request.errtxt = "Failed to create device - could not determine class" end end - if connected then databasedisconnect() end + if connected then provdb.databasedisconnect() end end) if not res and err then request.errtxt = err |