Is it possible to do something like the following with SQL, not PL/pgSQL (note if it's only possible with PL/pgSQL, then how)?
IF password = 'swordfish' THEN
SELECT a, b, c FROM users;
ELSE
SELECT -1; -- unauthorized error code
END IF;
Ideally, could I wrap the above in a function with TRUE being an argument?
Rather, is it possible to set the command status string to -1?
我之所以这样问是因为,如果有人试图使用错误的密码获取所有用户列表,我希望查询返回一个错误代码(如-1)。这是一个具有用户账户和密码的Web应用程序。因此,这不是我想要使用数据库角色/权限来管理的内容。
算法
user_id_1-session_id匹配项,则将1选择为a(已授权)。0,NULL,NULL选择为u(未授权)。user_id,body,sent选择为s(选择)。u和s。代码
-- List messages between two users with `user_id_1`, `session_id`, `user_id_2`
CREATE FUNCTION messages(bigint, uuid, bigint) RETURNS TABLE(i bigint, b text, s double precision) AS
$$
WITH a AS (
SELECT 1
FROM sessions
WHERE user_id = $1
AND id = $2
), u AS (
SELECT 0, NULL::text, NULL::double precision
WHERE NOT EXISTS (SELECT 1 FROM a)
), s AS (
SELECT user_id, body, trunc(EXTRACT(EPOCH FROM sent))
FROM messages
WHERE EXISTS (SELECT 1 FROM a)
AND chat_id = pair($1, $3)
LIMIT 20
)
SELECT * FROM u UNION ALL SELECT * FROM s;
$$
LANGUAGE SQL STABLE;
user_id:key配对被用户自定义函数(UDF)user_auth确定为授权时,user_id和with_user_id之间发送的messages。否则,它将返回一行from = -1。另一个UDF pair 是一个唯一无序配对函数,给定两个用户ID,返回消息所属的chat_id。请保留HTML标签。--- Arguments: user_id, key, with_user_id
CREATE FUNCTION messages(bigint, uuid, bigint)
RETURNS TABLE(from bigint, body text, sent double precision) AS $$
BEGIN
IF user_auth($1, $2) THEN
RETURN QUERY SELECT from, body, trunc(EXTRACT(EPOCH FROM sent))
FROM messages WHERE chat_id = pair($1, $3);
ELSE
i := -1;
RETURN NEXT;
END IF;
END;
$$ LANGUAGE plpgsql STABLE;
i在该范围内未定义,而RETURN NEXT;没有返回任何内容(在ELSE分支中将得到一个空结果集)- 使用类似于RETURN NEXT ROW(-1,'auth error',EXTRACT(EPOCH FROM CURRENT_TIMESTAMP));的语句。 - pozs这种方法可以运行,但不够优雅:
WITH
u AS (SELECT * FROM user WHERE mail = '..'),
code AS (
SELECT
CASE (SELECT count(*) FROM u)
WHEN 0 THEN
'not found'
ELSE
CASE (SELECT count(*) FROM u WHERE password = '..')
WHEN 1 THEN
'right password'
ELSE
'wrong password'
END
END)
SELECT
code.*,
u.*
FROM code NATURAL LEFT OUTER JOIN u
我认为你可能想要考虑创建一个返回结果集的函数。
除了 (pl/pgsql only) CASE 控制结构 之外,还有一个 CASE 表达式。
编辑: sql 上下文中的 CASE 表达式:
SELECT CASE
WHEN my_conditions_are_met THEN a
ELSE NULL
END AS a_or_null,
b,
c
FROM users;
编辑2:假设你的例子,这是如何在纯SQL中实现的:
WITH params AS (
SELECT user_auth(:user_id, :key) AS user_auth,
pair(:user_id, :with_user_id) AS chat_id
), error_message AS (
SELECT -1 AS "from",
'auth error' AS "body",
EXTRACT(EPOCH FROM CURRENT_TIMESTAMP) AS "sent"
)
SELECT from, body, trunc(EXTRACT(EPOCH FROM sent))
FROM messages
JOIN params ON messages.chat_id = params.chat_id AND params.user_auth
UNION ALL
SELECT error_message.*
FROM error_message
JOIN params ON NOT params.user_auth
my_conditions_are_met,如果是,则客户端再进行实际的查询。我只是想一次性完成所有操作并避免在数据库服务器上进行不必要的往返查询。 - ma11hew28IF? - pozs
SELECT改为-1,NULL,NULL? - ma11hew28SELECT不会返回任何东西。提供的示例是有效的 pl/pgsql,只是什么也不做。 - pozsSELECT ... WHERE password =,但我需要能够区分这两种情况:1.密码错误,2.表中实际上没有用户。而且,那个解决方案并不能做到这一点。 - ma11hew28id = -1的行来初始化users(其中id是serial),然后只需使用类似... WHERE CASE WHEN FALSE id = -1的东西。但是,那似乎有点奇怪。 - ma11hew28