Working on Twig support

Author: moufmouf

README.md

@@ -14,6 +14,7 @@ It comes with 2 great features:
 
 - [**MagicParameters**: it helps you work with SQL queries that require a variable number of parameters.](#parameters)
 - [**MagicJoin**: it writes JOINs for you!](#joins)
+- [**MagicTwig**: use Twig templating in your SQL queries](#twig)
 
 Installation
 ------------
@@ -106,6 +107,34 @@ $completeSql = $magicQuery->build($sql);
 
 Want to know more? <a class="btn btn-primary btn-large" href="doc/magic_join.md">Check out the MagicJoin guide!</a>
 
+<a name="twig"></a>
+Use Twig templating in your SQL queries!
+----------------------------------------
+
+Discarding unused parameters and auto-joining keys is not enough? You have very specific needs? Say hello to 
+Twig integration!
+
+Using Twig integration, you can directly add Twig conditions right into your SQL.
+
+```php
+use Mouf\Database\MagicQuery;
+
+$sql = "SELECT users.* FROM users {% if isAdmin %} WHERE users.admin = 1 {% endif %}";
+
+$magicQuery = new MagicQuery();
+// By default, Twig integration is disabled. You need to enable it.
+$magicQuery->setEnableTwig(true);
+
+$completeSql = $magicQuery->build($sql, ['isAdmin' => true]);
+// Parameters are passed to the Twig SQL query, and the SQL query is returned.
+```
+
+<div class="alert alert-info"><strong>Heads up!</strong> The Twig integration cannot be used to insert parameters
+into the SQL query. You should use classic SQL parameters for this. This means that instead if writing 
+<code>{{ id }}</code>, you should write <code>:id</code>.</div>
+
+Want to know more? <a class="btn btn-primary" href="doc/magic_twig.md">Check out the MagicTwig guide!</a>
+
 Is it a MySQL only tool?
 ------------------------
 

doc/magic_twig.md

@@ -0,0 +1,41 @@
+Use Twig templating in your SQL queries!
+----------------------------------------
+
+Using Twig integration, you can directly add Twig conditions right into your SQL.
+
+```php
+use Mouf\Database\MagicQuery;
+
+$sql = "SELECT users.* FROM users {% if isAdmin %} WHERE users.admin = 1 {% endif %}";
+
+$magicQuery = new MagicQuery();
+// By default, Twig integration is disabled. You need to enable it.
+$magicQuery->setEnableTwig(true);
+
+$completeSql = $magicQuery->build($sql, ['isAdmin' => true]);
+// Parameters are passed to the Twig SQL query, and the SQL query is returned.
+```
+
+Limitations
+-----------
+
+<div class="alert alert-info"><strong>Heads up!</strong> The Twig integration cannot be used to insert parameters
+into the SQL query. You should use classic SQL parameters for this. This means that instead if writing 
+<code>{{ id }}</code>, you should write <code>:id</code>.</div>
+
+You cannot directly use Twig parameters because Twig transformation is applied before SQL parsing. If parameters
+where replaced by Twig before SQL is parsed, the caching of the transformation *SQL => parsed SQL* would become
+inefficient.
+
+For this reason, if you try to use `{{ parameter }}` instead of `:parameter` in your SQL query, an exception will
+be thrown.
+
+Usage
+-----
+
+For most queries, we found out that MagicJoin combined to MagicParameters is enough.
+For this reason, MagicTwig is disabled by default. If you want to enable it, you can simply call 
+`$magicQuery->setEnableTwig(true)` before calling the `build` method.
+
+MagicTwig can typically be useful when you have parts of a query that needs to be added conditionally, depending 
+on provided parameters.

phpunit.xml.dist

@@ -16,4 +16,10 @@
             <directory>./tests/</directory>
         </testsuite>
     </testsuites>
+
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">src/</directory>
+        </whitelist>
+    </filter>
 </phpunit>

src/Mouf/Database/MagicQuery.php

@@ -27,7 +27,11 @@ class MagicQuery
     private $connection;
     private $cache;
     private $schemaAnalyzer;
+    /**
+     * @var \Twig_Environment
+     */
     private $twigEnvironment;
+    private $enableTwig = false;
 
     /**
      * @param \Doctrine\DBAL\Connection $connection
@@ -45,9 +49,17 @@ public function __construct($connection = null, $cache = null, SchemaAnalyzer $s
         if ($schemaAnalyzer) {
             $this->schemaAnalyzer = $schemaAnalyzer;
         }
-        if ($this->connection) {
-            $this->twigEnvironment = SqlTwigEnvironmentFactory::getTwigEnvironment($this->connection);
-        }
+    }
+
+    /**
+     * Whether Twig parsing should be enabled or not.
+     * Defaults to false.
+     * @param bool $enableTwig
+     * @return $this
+     */
+    public function setEnableTwig($enableTwig = true) {
+        $this->enableTwig = true;
+        return $this;
     }
 
     /**
@@ -63,6 +75,9 @@ public function __construct($connection = null, $cache = null, SchemaAnalyzer $s
      */
     public function build($sql, array $parameters = array())
     {
+        if ($this->enableTwig) {
+            $sql = $this->getTwigEnvironment()->render($sql, $parameters);
+        }
         $select = $this->parse($sql);
         return $this->toSql($select, $parameters);
     }
@@ -223,4 +238,14 @@ private function getSchemaAnalyzer() {
     private function getConnectionUniqueId() {
         return hash('md4', $this->connection->getHost()."-".$this->connection->getPort()."-".$this->connection->getDatabase()."-".$this->connection->getDriver()->getName());
     }
+
+    /**
+     * @return \Twig_Environment
+     */
+    private function getTwigEnvironment() {
+        if ($this->twigEnvironment === null) {
+            $this->twigEnvironment = SqlTwigEnvironmentFactory::getTwigEnvironment($this->connection);
+        }
+        return $this->twigEnvironment;
+    }
 }

src/Mouf/Database/MagicQuery/Twig/ForbiddenTwigParameterInSqlException.php

@@ -0,0 +1,9 @@
+<?php
+namespace Mouf\Database\MagicQuery\Twig;
+
+use Mouf\Database\MagicQueryException;
+
+class ForbiddenTwigParameterInSqlException extends MagicQueryException
+{
+
+}

src/Mouf/Database/MagicQuery/Twig/SqlTwigEnvironmentFactory.php

@@ -19,38 +19,11 @@ public static function getTwigEnvironment(Connection $connection = null) {
 
         $twig = new \Twig_Environment($stringLoader, $options);
 
-        if ($connection !== null) {
-
-            $twig->getExtension('core')->setEscaper('sql', function(\Twig_Environment $env, $string, $charset) use ($connection) {
-                var_dump($string);
-                // ARGH! Escapers seems to be not called if $string is empty!
-                if ($string === null) {
-                    return "null";
-                } else {
-                    return $connection->quote($string);
-                }
-            });
-
-            // SQL identifier (table or column names....)
-            $twig->getExtension('core')->setEscaper('sqli', function(\Twig_Environment $env, $string, $charset) use ($connection) {
-                return $connection->quoteIdentifier($string);
-            });
-
-        } else {
-            $twig->getExtension('core')->setEscaper('sql', function(\Twig_Environment $env, $string, $charset) use ($connection) {
-                if ($string === null) {
-                    return "null";
-                } else {
-                    return "'".addslashes($string)."'";
-                }
-            });
-
-            $twig->getExtension('core')->setEscaper('sqli', function(\Twig_Environment $env, $string, $charset) use ($connection) {
-                // Note: we don't know how to escape backticks in a column name. In order to avoid injection,
-                // we remove any backticks.
-                return "`".str_replace('`', '', $string)."`";
-            });
-        }
+        // Default escaper will throw an exception. This is because we want to use SQL parameters instead of Twig.
+        // This ahs a number of advantages, especially in terms of caching.
+        $twig->getExtension('core')->setEscaper('sql', function(\Twig_Environment $env, $string, $charset) use ($connection) {
+            throw new ForbiddenTwigParameterInSqlException('You cannot use Twig expressions (like "{{ id }}"). Instead, you should use SQL parameters (like ":id"). Twig integration is limited to Twig statements (like "{% for .... %}"');
+        });
 
         // Default autoescape mode: sql
         $twig->addExtension(new \Twig_Extension_Escaper('sql'));
@@ -61,11 +34,14 @@ public static function getTwigEnvironment(Connection $connection = null) {
     private static function getCacheDirectory() {
         // If we are running on a Unix environment, let's prepend the cache with the user id of the PHP process.
         // This way, we can avoid rights conflicts.
+
+        // @codeCoverageIgnoreStart
         if (function_exists('posix_geteuid')) {
             $posixGetuid = '_'.posix_geteuid();
         } else {
             $posixGetuid = '';
         }
+        // @codeCoverageIgnoreEnd
         $cacheDirectory = rtrim(sys_get_temp_dir(), '/\\').'/magicquerysqltwigtemplate'.$posixGetuid.str_replace(":", "", __DIR__);
 
         return $cacheDirectory;

tests/Mouf/Database/MagicQuery/Twig/SqlTwigEnvironmentFactoryTest.php

@@ -9,7 +9,7 @@
 
 class SqlTwigEnvironmentFactoryTest extends \PHPUnit_Framework_TestCase
 {
-    public function testWithConnection()
+    public function getTwigWithConnection()
     {
         $config = new \Doctrine\DBAL\Configuration();
         // TODO: put this in conf variable
@@ -19,7 +19,7 @@ public function testWithConnection()
         $conn = \Doctrine\DBAL\DriverManager::getConnection($connectionParams, $config);
 
         $twigEnvironment = SqlTwigEnvironmentFactory::getTwigEnvironment($conn);
-        $this->doTestTwig($twigEnvironment);
+        return $twigEnvironment;
     }
 
     /**
@@ -34,13 +34,22 @@ public function testWithConnection()
         $this->doTestTwig($twigEnvironment);
     }*/
 
+    /**
+     *
+     */
+    public function testIf() {
 
-    private function doTestTwig(\Twig_Environment $twig) {
-        $result = $twig->render("SELECT * FROM toto WHERE id = {{ id }}", ["id"=>null]);
-        $this->assertEquals("SELECT * FROM toto WHERE id = null", $result);
+        $twig = $this->getTwigWithConnection();
+        $sql = $twig->render("SELECT * FROM toto {% if id %}WHERE id = :id{% endif %}", ["id"=>12]);
+        $this->assertEquals("SELECT * FROM toto WHERE id = :id", $sql);
+    }
 
-        $result = $twig->render("SELECT * FROM toto WHERE id = {{ id }}", [ "id" => "myid" ]);
-        $this->assertEquals("SELECT * FROM toto WHERE id = 'myid'", $result);
+    /**
+     * @expectedException Twig_Error_Runtime
+     */
+    public function testException() {
 
+        $twig = $this->getTwigWithConnection();
+        $twig->render("SELECT * FROM toto WHERE id = {{ id }}", ["id"=>null]);
     }
 }

tests/Mouf/Database/MagicQueryTest.php

@@ -105,6 +105,19 @@ public function testMisconfiguration() {
 
     }
 
+    /**
+     *
+     */
+    public function testTwig() {
+        $magicQuery = new MagicQuery();
+        $magicQuery->setEnableTwig(true);
+
+        $sql = "SELECT * FROM toto {% if id %}WHERE status = 'on'{% endif %}";
+        $this->assertEquals("SELECT * FROM toto WHERE status = 'on'", $this->simplifySql($magicQuery->build($sql, ["id"=>12])));
+        $this->assertEquals("SELECT * FROM toto", $this->simplifySql($magicQuery->build($sql, ['id'=>null])));
+    }
+
+
     /**
      * Removes all artifacts.
      */