Package com.onec.ui

Class ListFilter

java.lang.Object

com.onec.ui.ListFilter

public final class ListFilter
extends Object

Compiles the onec-list grid's declarative filter values (sent by the React island as eq/in/like/prefix/ge/le query params) into a safe SQL fragment with bound parameters. It is the list-query counterpart of WidgetFilter: a SELECT-options filter sends one eq, a multi-select sends one in per picked value, a contains/starts-with typeahead sends a like/prefix, and a date-range sends a ge and/or le.

Each param is a "column,value" pair. Injection safety rests on the same two rules as WidgetFilter: the column (left of the first comma) must be a known column — validated against the entity's columns plus a small system allowlist and a strict identifier pattern — and the value (everything after it) is always a bound parameter, never interpolated. An unrecognised column is skipped with a warning rather than failing the whole list, so a stale filter degrades to "no filter" instead of an error surface.

Fragments combine with AND, so several declared filters narrow the list jointly. A multi-select is the one exception that is internally OR: its values fold into a single column IN (…) that the row matches if any value hits; across different filters it is still AND-ed with the rest.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final record	ListFilter.Result	A compiled predicate: a WHERE-ready fragment (no leading AND) and its bindings.

Method Summary

Modifier and Type	Method	Description
static ListFilter.Result	parse(List<String> eq, List<String> in, List<String> like, List<String> prefix, List<String> ge, List<String> le, Set<String> allowedColumns)
static ListFilter.Result	parse(List<String> eq, List<String> ge, List<String> le, Set<String> allowedColumns)	Back-compat overload for callers that only use the equality + date-range channels.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

parse

public static ListFilter.Result parse(List<String> eq,
 List<String> ge,
 List<String> le,
 Set<String> allowedColumns)

Back-compat overload for callers that only use the equality + date-range channels.

parse

public static ListFilter.Result parse(List<String> eq,
 List<String> in,
 List<String> like,
 List<String> prefix,
 List<String> ge,
 List<String> le,
 Set<String> allowedColumns)

Parameters:

eq - equality pairs "column,value" → CAST(column AS VARCHAR) = value

in - multi-select pairs "column,value" → folded per column into CAST(column AS VARCHAR) IN (value, …)

like - contains pairs "column,value" → LOWER(CAST(column AS VARCHAR)) LIKE %value%

prefix - starts-with pairs "column,value" → LOWER(CAST(column AS VARCHAR)) LIKE value%

ge - lower-bound pairs "column,value" → column >= value

le - upper-bound pairs "column,value" → column <= value

allowedColumns - the entity's column names; the system allowlist is added automatically