Add support for IN clauses to db.query()

jagerman · jagerman · commit c5e5cfff43f5 · 2022-01-27T14:44:45.000-04:00
Expanding IN clauses in bindings with SQLAlchemy requires a little more
work (and the existing IN clauses were broken).

This expose the needed mechanics in the query() interface, used such as:

    db.query(
        "SELECT * FROM blah WHERE id IN :ids",
        ids=[1,2,3],
        bind_expanding=['ids']
    )
diff --git a/sogs/db.py b/sogs/db.py
@@ -5,6 +5,7 @@
 import logging
 import importlib.resources
 import sqlalchemy
+from sqlalchemy.sql.expression import bindparam
 
 HAVE_FILE_ID_HACKS = False
 # roomid => (max, offset).  Max is the highest message id that was in the old table; offset is the
@@ -18,7 +19,7 @@ def get_conn():
     return engine.connect()
 
 
-def query(query, *, dbconn=None, **params):
+def query(query, *, dbconn=None, bind_expanding=None, **params):
     """Executes a query containing :param style placeholders (regardless of the actual underlying
     database placeholder style), binding them using the given params keyword arguments.
 
@@ -33,6 +34,9 @@ def query(query, *, dbconn=None, **params):
 
     See sqlalchemy.text for details.
 
+    bind_expanding can be passed a sequence of bind names that are "expanding" to a tuple, most
+    commonly used to bind and expand the RHS of a `x IN :x` clause.
+
     Can execute on a specific connection by passing it as dbconn; if omitted, uses web.appdb.  (Note
     that dbconn *cannot* be used as a placeholder bind name).
     """
@@ -42,7 +46,12 @@ def query(query, *, dbconn=None, **params):
 
         dbconn = web.appdb
 
-    return dbconn.execute(sqlalchemy.text(query), **params)
+    q = sqlalchemy.text(query)
+
+    if bind_expanding:
+        q = q.bindparams(*(bindparam(c, expanding=True) for c in bind_expanding))
+
+    return dbconn.execute(q, **params)
 
 
 # Begins a (potentially nested) transaction.  Takes an optional connection; if omitted uses
diff --git a/sogs/model/room.py b/sogs/model/room.py
@@ -685,6 +685,7 @@ def delete_posts(self, message_ids: List[int], deleter: User):
                         """,
                         r=self.id,
                         ids=tuple(message_ids[i : i + 50]),
+                        bind_expanding=['ids'],
                     )
                 )
 
@@ -700,11 +701,16 @@ def delete_posts(self, message_ids: List[int], deleter: User):
                             """,
                             u=deleter.id,
                             ids=ids,
+                            bind_expanding=['ids'],
                         )
                         if res.first()[0]:
                             raise BadPermission()
 
-                    query("DELETE FROM message_details WHERE id IN :ids", ids=ids)
+                    query(
+                        "DELETE FROM message_details WHERE id IN :ids",
+                        ids=ids,
+                        bind_expanding=['ids'],
+                    )
 
                     deleted += ids
                 i += 50
