scoped_search
scoped_search copied to clipboard
wvanbergen
has_rich_text relation is not supported
We are using ActionText::RichText, which is using the has_rich_text relation, but scoped_search doesn't seem to have support for it so we can't search in the content of the rich_text field. Is there any workaround?
If anyone else needs a workaround, I have ended up using this code:
class Snippet < ApplicationRecord
has_rich_text :content
scoped_search on: :title
scoped_search relation: :content, on: :body, ext_method: :find_by_content
def self.find_by_content(key, operator, value)
{ :conditions => sanitize_sql_for_conditions(["snippets.id IN (SELECT record_id FROM action_text_rich_texts WHERE record_type='Snippet' AND body ILIKE ?)", "%#{value}%"]) }
end
end
I am leaving this open as it would be great if the gem would have built-in support for has_rich_text relations.
~~I think this workaround has an SQL injection vulnerability.~~ Can anyone suggest a better way to do this or rewrite this to use a parameter? I had no luck with that.
You should be able to use ? placeholders and sanitize_sql_for_conditions to prevent sql injection. See here
Something along the lines of this could work
class Snippet < ApplicationRecord
has_rich_text :content
scoped_search on: :title
scoped_search relation: :content, on: :body, ext_method: :find_by_content
def self.find_by_content(key, operator, value)
value = "%#{value}%"
sql = "id IN (SELECT record_id FROM action_text_rich_texts WHERE record_type='Snippet' AND body ILIKE ?)"
{ :conditions => sanitize_sql_for_conditions([sql, value]) }
end
end
Thanks, @adamruzicka, I just couldn't find the sanitizer methods on my own, sanitize_sql_for_conditions seems to work well here, and it is good to know that such methods exist!