diff --git a/app/controllers/admins/faqs_controller.rb b/app/controllers/admins/faqs_controller.rb index fc00f847c..250d3d60a 100644 --- a/app/controllers/admins/faqs_controller.rb +++ b/app/controllers/admins/faqs_controller.rb @@ -2,8 +2,8 @@ class Admins::FaqsController < Admins::BaseController before_action :find_faq, only: [:edit,:update, :destroy] def index - sort_by = params[:sort_by] ||= 'updated_at' - sort_direction = params[:sort_direction] ||= 'desc' + sort_by = Faq.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'updated_at' + sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' keyword = params[:keyword].to_s.strip collection = Faq.search_question(keyword).order("#{sort_by} #{sort_direction}") diff --git a/app/controllers/admins/project_categories_controller.rb b/app/controllers/admins/project_categories_controller.rb index 944a2cf04..ba83e841d 100644 --- a/app/controllers/admins/project_categories_controller.rb +++ b/app/controllers/admins/project_categories_controller.rb @@ -3,8 +3,8 @@ class Admins::ProjectCategoriesController < Admins::BaseController before_action :validate_names, only: [:create, :update] def index - sort_by = params[:sort_by] ||= 'created_at' - sort_direction = params[:sort_direction] ||= 'desc' + sort_by = ProjectCategory.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_at' + sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' q = ProjectCategory.ransack(name_cont: params[:name]) project_categories = q.result(distinct: true).order("#{sort_by} #{sort_direction}") @project_categories = paginate(project_categories) diff --git a/app/controllers/admins/project_ignores_controller.rb b/app/controllers/admins/project_ignores_controller.rb index 427ee86b8..360f189c0 100644 --- a/app/controllers/admins/project_ignores_controller.rb +++ b/app/controllers/admins/project_ignores_controller.rb @@ -3,8 +3,8 @@ class Admins::ProjectIgnoresController < Admins::BaseController before_action :validate_params, only: [:create, :update] def index - sort_by = params[:sort_by] ||= 'created_at' - sort_direction = params[:sort_direction] ||= 'desc' + sort_by = Ignore.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_at' + sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' q = Ignore.ransack(name_cont: params[:search]) project_ignores = q.result(distinct: true).order("#{sort_by} #{sort_direction}") @project_ignores = paginate(project_ignores) diff --git a/app/controllers/admins/project_languages_controller.rb b/app/controllers/admins/project_languages_controller.rb index e188b75ef..0f26f25bb 100644 --- a/app/controllers/admins/project_languages_controller.rb +++ b/app/controllers/admins/project_languages_controller.rb @@ -3,8 +3,8 @@ class Admins::ProjectLanguagesController < Admins::BaseController before_action :validate_names, only: [:create, :update] def index - sort_by = params[:sort_by] ||= 'created_at' - sort_direction = params[:sort_direction] ||= 'desc' + sort_by = ProjectLanguage.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_at' + sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' q = ProjectLanguage.ransack(name_cont: params[:search]) project_languages = q.result(distinct: true).order("#{sort_by} #{sort_direction}") @project_languages = paginate(project_languages) diff --git a/app/controllers/admins/project_licenses_controller.rb b/app/controllers/admins/project_licenses_controller.rb index bc5789026..5c16a884b 100644 --- a/app/controllers/admins/project_licenses_controller.rb +++ b/app/controllers/admins/project_licenses_controller.rb @@ -3,8 +3,8 @@ class Admins::ProjectLicensesController < Admins::BaseController before_action :validate_params, only: [:create, :update] def index - sort_by = params[:sort_by] ||= 'created_at' - sort_direction = params[:sort_direction] ||= 'desc' + sort_by = License.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_at' + sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' q = License.ransack(name_cont: params[:search]) project_licenses = q.result(distinct: true).order("#{sort_by} #{sort_direction}") @project_licenses = paginate(project_licenses) diff --git a/app/controllers/admins/projects_controller.rb b/app/controllers/admins/projects_controller.rb index 2335db6d1..9e06eb1c9 100644 --- a/app/controllers/admins/projects_controller.rb +++ b/app/controllers/admins/projects_controller.rb @@ -1,9 +1,8 @@ class Admins::ProjectsController < Admins::BaseController def index - sort_by = params[:sort_by] ||= 'created_on' - sort_direction = params[:sort_direction] ||= 'desc' - + sort_by = Project.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_on' + sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' search = params[:search].to_s.strip projects = Project.where("name like ?", "%#{search}%").order("#{sort_by} #{sort_direction}") @projects = paginate projects.includes(:owner, :members, :issues, :versions, :attachments, :project_score) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8536147ca..8b98a920b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -615,8 +615,8 @@ class ApplicationController < ActionController::Base end # 排序 - rorder = option[:order] || "updated_at" - b_order = option[:b_order] || "desc" + rorder = UserExtension.column_names.include?(option[:order]) ? option[:order] : "updated_at" + b_order = %w(desc asc).include?(option[:b_order]) ? option[:b_order] : "desc" if rorder == "created_at" || rorder == "work_score" work_list = work_list.order("graduation_works.#{rorder} #{b_order}") elsif rorder == "student_id" diff --git a/app/controllers/composes_controller.rb b/app/controllers/composes_controller.rb index c1a7f524f..006604f29 100644 --- a/app/controllers/composes_controller.rb +++ b/app/controllers/composes_controller.rb @@ -3,13 +3,12 @@ class ComposesController < ApplicationController before_action :find_compose, except: [:index, :new,:create] def index - @order_type = params[:order] || "created_at" @search_name = params[:search] composes = Compose.compose_includes if @search_name.present? composes = composes.where("title like ?", "%#{@search_name}%") end - composes = composes.order("#{@order_type} desc") + composes = composes.order("#{order_type} desc") @page = params[:page] || 1 @limit = params[:limit] || 15 @composes_size = composes.size @@ -96,4 +95,8 @@ class ComposesController < ApplicationController end end + def order_type + Compose.column_names.include?(params[:order_type]) ? params[:order_type] : 'created_at' + end + end \ No newline at end of file diff --git a/app/controllers/issue_tags_controller.rb b/app/controllers/issue_tags_controller.rb index 312de7842..d21d8ed4f 100644 --- a/app/controllers/issue_tags_controller.rb +++ b/app/controllers/issue_tags_controller.rb @@ -7,9 +7,6 @@ class IssueTagsController < ApplicationController def index - order_name = params[:order_name] || "created_at" - order_type = params[:order_type] || "desc" - issue_tags = @project.issue_tags.order("#{order_name} #{order_type}") @user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user)) @page = params[:page] || 1 @@ -138,4 +135,14 @@ class IssueTagsController < ApplicationController end end + private + + def order_name + IssueTag.column_names.include?(params[:order_name]) ? params[:order_name] : 'created_at' + end + + def order_type + %w(desc asc).include?(params[:order_type]) ? params[:order_type] : 'desc' + end + end diff --git a/app/controllers/organizations/organizations_controller.rb b/app/controllers/organizations/organizations_controller.rb index 7be9390d7..104db90ed 100644 --- a/app/controllers/organizations/organizations_controller.rb +++ b/app/controllers/organizations/organizations_controller.rb @@ -88,11 +88,11 @@ class Organizations::OrganizationsController < Organizations::BaseController end def sort_by - params.fetch(:sort_by, "created_at") + OrganizationExtension.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_at' end def sort_direction - params.fetch(:sort_direction, "desc") + %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' end end \ No newline at end of file diff --git a/app/controllers/organizations/projects_controller.rb b/app/controllers/organizations/projects_controller.rb index cc275b090..b36a76125 100644 --- a/app/controllers/organizations/projects_controller.rb +++ b/app/controllers/organizations/projects_controller.rb @@ -36,10 +36,10 @@ class Organizations::ProjectsController < Organizations::BaseController end def sort - params.fetch(:sort_by, "updated_on") + Project.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'updated_on' end def sort_direction - params.fetch(:sort_direction, "desc") + %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' end end \ No newline at end of file diff --git a/app/controllers/users/banks_controller.rb b/app/controllers/users/banks_controller.rb index 2c792151e..99a55e6c4 100644 --- a/app/controllers/users/banks_controller.rb +++ b/app/controllers/users/banks_controller.rb @@ -1,8 +1,8 @@ class Users::BanksController < Users::BaseController before_action :params_filter def index - order = params[:order] || "updated_at" - sort = params[:sort] || "desc" + order = CourseList.column_names.include?(params[:order]) ? params[:order] : "updated_at" + sort = %w(desc asc).includes?(params[:sort]) ? params[:sort] : "desc" @banks = @object_type.classify.constantize.where(@object_filter) @course_lists = CourseList.where(id: @banks.pluck(:course_list_id)) @banks = @banks.where(course_list_id: params[:tag_id]) unless params[:tag_id].blank? diff --git a/app/controllers/users/organizations_controller.rb b/app/controllers/users/organizations_controller.rb index 721339e84..2d949da7d 100644 --- a/app/controllers/users/organizations_controller.rb +++ b/app/controllers/users/organizations_controller.rb @@ -16,10 +16,10 @@ class Users::OrganizationsController < Users::BaseController private def sort_by - params.fetch(:sort_by, "created_at") + OrganizationExtension.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_at' end def sort_direction - params.fetch(:sort_direction, "desc") + %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc' end end \ No newline at end of file diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 02700fdf5..f5d09ed3b 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -7,8 +7,6 @@ class VersionsController < ApplicationController def index return render_not_found unless @project.has_menu_permission("versions") @user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user)) - order_name = params[:order_name] || "created_on" - order_type = params[:order_type] || "desc" status = params[:status] versions = @project.versions.version_includes @open_versions_size = versions.where(status: "open")&.size @@ -27,9 +25,6 @@ class VersionsController < ApplicationController end def show - order_name = params[:order_name] || "created_on" - order_type = params[:order_type] || "desc" - version_issues = @version.issues.issue_includes status_type = params[:status_type] || "1" @@ -167,4 +162,12 @@ class VersionsController < ApplicationController end end + def order_name + Version.column_names.include?(params[:order_name]) ? params[:order_name] : 'created_on' + end + + def order_type + %w(desc asc).include?(params[:order_type]) ? params[:order_type] : 'desc' + end + end diff --git a/app/queries/projects/list_my_query.rb b/app/queries/projects/list_my_query.rb index c9f4544df..f275d63a5 100644 --- a/app/queries/projects/list_my_query.rb +++ b/app/queries/projects/list_my_query.rb @@ -55,8 +55,8 @@ class Projects::ListMyQuery < ApplicationQuery scope = q.result.includes(:project_category, :project_language,:owner, :repository, :has_pinned_users) - sort = params[:sort_by] || "updated_on" - sort_direction = params[:sort_direction] || "desc" + sort = Project.column_names.include?(params[:sort_by]) ? params[:sort_by] : "updated_on" + sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : "desc" if params[:choosed].present? && params[:choosed].is_a?(Array) scope.order("FIELD(id, #{params[:choosed].reverse.join(",")}) desc") diff --git a/app/queries/weapps/subject_query.rb b/app/queries/weapps/subject_query.rb index e2f5625e1..73e70160a 100644 --- a/app/queries/weapps/subject_query.rb +++ b/app/queries/weapps/subject_query.rb @@ -28,10 +28,10 @@ class Weapps::SubjectQuery < ApplicationQuery private def order_type - params[:order] || "updated_at" + Subject.column_names.include?(params[:order]) ? params[:order] : 'updated_at' end def sort_type - params[:sort] || "desc" + %w(desc asc).include?(params[:sort]) ? params[:sort] : "desc" end end \ No newline at end of file diff --git a/app/services/issues/list_query_service.rb b/app/services/issues/list_query_service.rb index 1718db97d..f85e2cb9d 100644 --- a/app/services/issues/list_query_service.rb +++ b/app/services/issues/list_query_service.rb @@ -45,9 +45,17 @@ class Issues::ListQueryService < ApplicationService issues = issues.where(issue_type: params[:issue_type].to_s) if params[:issue_type].present? && params[:issue_type].to_s != "all" issues = issues.joins(:issue_tags).where(issue_tags: {id: params[:issue_tag_id].to_i}) if params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all" - order_type = params[:order_type] || "desc" #或者"asc" - order_name = params[:order_name] || "updated_on" #或者"updated_on" issues.reorder("issues.#{order_name} #{order_type}") end + private + + def order_name + Issue.column_names.include?(params[:order_name]) ? params[:order_name] : 'updated_on' + end + + def order_type + %w(desc asc).include?(params[:order_type]) ? params[:order_type] : 'desc' + end + end \ No newline at end of file