Add public api for Doctrine QueryBuilder and ExpressionBuilder

[nickvergessen]

Replaces #17383

Related to #12502

cc @LukasReschke @DeepDiver1975 @schiesbn @Raydiation

[MorrisJobke]

Looks good so far :)

[DeepDiver1975]

Great first shot - any chance to get quoting handled within the wrapper as well?
@nickvergessen

[MorrisJobke]

Great first shot - any chance to get quoting handled within the wrapper as well?
@nickvergessen

I would say this PR is big enough. We should not add more features to this one.

[LukasReschke]

I would say this PR is big enough. We should not add more features to this one.

Mhm. If it is a new public API I'd say we should first decide if we want quoting or not. If we do then we should do it right at the first time before others rely on the behaviour.

[DeepDiver1975]

If we do then we should do it right at the first time before others rely on the behaviour.

yes

[MorrisJobke]

Ah okay ... got it :( 🙈 I completely misunderstood that thing ...

[nickvergessen]

I shall have a look after finishing the walk through my emails and other open tasks

[BernhardPosselt]

Which one is the Doctrine thing? create or get? Just for an overview

[nickvergessen]

create is doctrine, get is OC

[nickvergessen]

Okay, there are some problems which I found, while having a quick look/thought:

E.g. andX:

     *     // (u.type = ?) AND (u.role = ?)
     *     $expr->andX('u.type = ?', 'u.role = ?'));

Can be fixed by forcing the use of $expr->eq() and $expr->neq()

However, that method itself has the problem as well:

     *     // u.id = ?
     *     $expr->eq('u.id', '?');

Theory case okay, back to practise:

$expr->eq('column', 'strangestring')

Should we escape the second string?

This can be prevented by forcing the use of $expr->literal() and parameter usage.
We could therefor go ahead and force the use of literal/parameter (make it return classes in our implementation), and then quote everything that is not from our literal/parameter class.

---

Conclusion

Sounds doable, I shall go ahead and do that.

[nickvergessen]

Tests failed due to a bug in Doctrine/DBAL which is already fixed since January but has not yet been released: doctrine/dbal#782

[nickvergessen]

Conflicting PR: https://github.com/owncloud/core/pull/17381/files#diff-a089adade46153eb3f81f350e40a664f

[nickvergessen]

Jenkins passed here #17739 (comment) - https://ci.owncloud.org/job/pull-request-analyser-ng-simple/13656/

[nickvergessen]

Quoting is now included
Existing usages of the querybuilder have been adjusted to use the new one with auto-quoting ( #17381 is using the old one again, so either of them needs to be merged quickly ;) )

Ready for review and merge @DeepDiver1975 @LukasReschke @MorrisJobke

[nickvergessen]

Open question from IRC:

Should we break the existing createQueryBuilder() method that exists on the \Doctrine\DBAL\Connection we extend?
The method is not in our API, I could also rename the method getQueryBuilder() to create, so we always return the version with auto-quoting, however that might break existing usages that apps did (although it was not allowed in theory)

I don't think it's worth the troubles it may cause.

[MorrisJobke]

I don't think it's worth the troubles it may cause.

Correct. It was used by some apps ... better keep it compatible now but maybe have a future version of create... which adds a log entry and still returns the doctrine one.

Alternative: Maybe also worth to add to the app code checker. ;)

[nickvergessen]

Okay, sounds like a plan. Will make a wrapper and add a debug log entry.

Alternative: Maybe also worth to add to the app code checker. ;)

Sadly enough, this is exactly the one case that is not covered ;)

[scrutinizer-notifier]

A new inspection was created.

[ghost]

#17739 (comment)

🚀 Test PASSed.🚀

https://ci.owncloud.org/job/pull-request-analyser-ng-simple/13665/

[rullzer]

Very awesome! Also awesome that the existing code is converted (I wrote some of that).
It is huge now but I think all the stuff is covered. 👍

[MorrisJobke]

Looks good and a smoke test also just went fine 👍