Esperando que puedas ayudarme.
Estoy tratando de ejecutar lo siguiente, SOLO para el usuario solicitante actual. Pero retira los datos de todos los usuarios.
¿Me pueden ayudar a averiguar por qué es eso?
open_tasks = skills.objects.filter(creator=request.user).raw(''' SELECT *, round(((closed_points)/(open_points+closed_points)*100),2) as points_pct, round(((closed_count)/(open_count+closed_count)*100),2) as closed_pct from ( SELECT id, sum(open_points) as open_points, sum(closed_points) as closed_points, sum(open_count) as open_count, sum(closed_count) as closed_count from ( SELECT id, case when status = 'open' then sum(points) end as open_points, case when status <> 'open' then sum(points) end as closed_points, case when status = 'open' then sum(count) end as open_count, case when status <> 'open' then sum(count) end as closed_count from ( SELECT category as id, status, sum(cast(points as int)) as points, count(*) as count FROM voximisa_skills group by category, status)s group by id, status)p group by id)j ''')
Como dice la documentación de Django enraw(…)
[Django-doc] :
raw()
siempre activa una nueva consulta y no tiene en cuenta el filtrado anterior. Como tal, generalmente debe llamarse desde elManager
o desde una instancia nueva deQuerySet
.
Por lo tanto, debe incluir el filtrado de usuarios en la consulta sin formato con:
open_tasks = skills.objects.filter(creator=request.user).raw(''' SELECT *, round(((closed_points)/(open_points+closed_points)*100),2) as points_pct, round(((closed_count)/(open_count+closed_count)*100),2) as closed_pct from ( SELECT id, sum(open_points) as open_points, sum(closed_points) as closed_points, sum(open_count) as open_count, sum(closed_count) as closed_count from ( SELECT id, case when status = 'open' then sum(points) end as open_points, case when status <> 'open' then sum(points) end as closed_points, case when status = 'open' then sum(count) end as open_count, case when status <> 'open' then sum(count) end as closed_count from ( SELECT category as id, status, sum(cast(points as int)) as points, count(*) as count FROM voximisa_skills WHERE creator_id=%s GROUP BY category, status)s group by id, status)p group by id)j''', [ request.user.pk ] )
Aquí hacemos uso de los parámetros que podemos pasar a la consulta [Django-doc] . No se debe formatear la cadena SQL con los datos, ya que eso puede resultar en una inyección SQL [wiki] .