Hidden Rules

[gordon-matt]

I was wondering if it was possible to create hidden rules. I came across this old issue: #156 . That doesn't seem to be very helpful though. Can you give me an example of modifying the rules after using setRulesFromSQL ? Here's my use case:

The app I am creating is a custom reporting app. We will be able to connect to any database and query and columns from any table or view. It's taken a lot of work, but it's mostly working very well so far. Now the thing is we want to let our clients see the reports as well... We want to setup the default filters beforehand and then they can modify them when running the report. So we can edit, but they cant.. and what we want is to be able to set some filter like:

WHERE ClientId = 123

And we don't want this to show up for clients when they are running it.. for obvious security reasons. Therefore, it is important to be able to have hidden filters. Please tell me how I can do this.

Thanks in advance.

[mistic100]

Are you storing the complete SQL query somewhere in your database and directly execute it ? How to you manage potential SQL injection ? You should have stored the rules as it (in JSON or relational table) and generate the queries on demand. You would have much greater flexibility for display AND maintenance (what will happen when you will have to rename a column or a table ?)

---

Anyway, this feature still does not exists, and I cannot give an ETA.

[gordon-matt]

Thanks for your response. Yes, I store the SQL in the database and load it back that way. As for SQL injection, it's going to be looked at and tested thoroughly before we release the app to our clients.

Regarding the rules, thanks.. I suppose storing the JSON may be more beneficial, but I'm not sure that will solve the issue. Even if I strip the hidden field out of the query and pass the remaining fields to querybuilder, then when I tell it to build the SQL for me, it will still be missing that hidden field in the generated SQL.

What is really needed here is a property like hidden: true/false on the filters. Then querybuilder won't display it on the UI, but will still append it to the SQL query. If you're too busy to get that done right now, perhaps you can leave this issue open and label it with "help wanted". I'm better on the server side development than frontend.. so I'm not sure if I could do it myself, but perhaps someone else in the community may be able to implement this feature for us.

[gordon-matt]

@mistic100 Hi there. A colleague of mine has implemented this feature. You can find his fork, here: https://github.com/VoTranQuan/jQuery-QueryBuilder/tree/dev. I've asked him to create a pull request.. but you may wish to just copy the important parts instead of everything. Please take a look. You can see an example of how it works on the README.

[gordon-matt]

UPDATE: There won't be a pull request, as my colleague says he doesn't have the time that would be involved in dealing with the unit tests and he mentioned something about a policy and document.. I think he was trying to say that it would be too much hassle to do cleanup, documentation, etc.

Anyway, it works perfectly. I hope you can find time to look at copying the functionality into this main repo at some point.

Additionally, we're going to look at implementing #822 as well, but it may be a while, since he is extremely busy.

[gordon-matt]

@mistic100 Any chance you could look at our solution and consider integrating it into your repo?

[mistic100]

@gordon-matt not in time frame that will suit you. You can submit the PR but I won't look at it before a while