|
10 | 10 | from typing import Any, Literal, cast, get_args |
11 | 11 | from uuid import uuid4 |
12 | 12 |
|
| 13 | +from psycopg import sql |
13 | 14 | from pydantic import BaseModel, ConfigDict, Field |
14 | 15 |
|
15 | 16 | from sentinel_api.logging import get_logger |
@@ -461,53 +462,59 @@ def list_appeals( |
461 | 462 | request_id: str | None, |
462 | 463 | limit: int, |
463 | 464 | ) -> AdminAppealListResponse: |
464 | | - where_conditions: list[str] = [] |
| 465 | + where_conditions: list[sql.Composable] = [] |
465 | 466 | where_params: list[object] = [] |
466 | 467 | if status is not None: |
467 | | - where_conditions.append("status = %s") |
| 468 | + where_conditions.append(sql.SQL("status = %s")) |
468 | 469 | where_params.append(status) |
469 | 470 | if request_id is not None: |
470 | | - where_conditions.append("request_id = %s") |
| 471 | + where_conditions.append(sql.SQL("request_id = %s")) |
471 | 472 | where_params.append(request_id) |
472 | | - where_clause = "" |
| 473 | + where_clause = sql.SQL("") |
473 | 474 | if where_conditions: |
474 | | - where_clause = "WHERE " + " AND ".join(where_conditions) |
| 475 | + where_clause = sql.SQL(" WHERE ") + sql.SQL(" AND ").join(where_conditions) |
475 | 476 |
|
476 | 477 | with self._connection() as conn: |
477 | 478 | with conn.cursor() as cur: |
478 | 479 | cur.execute( |
479 | | - f"SELECT COUNT(1) FROM appeals {where_clause}", |
| 480 | + sql.SQL("SELECT COUNT(1) FROM appeals") + where_clause, |
480 | 481 | tuple(where_params), |
481 | 482 | ) |
482 | 483 | total_row = cur.fetchone() |
483 | 484 | total_count = int(total_row[0]) if total_row is not None else 0 |
484 | 485 | query_params = list(where_params) |
485 | 486 | query_params.append(limit) |
486 | 487 | cur.execute( |
487 | | - f""" |
488 | | - SELECT |
489 | | - id, |
490 | | - status, |
491 | | - request_id, |
492 | | - original_decision_id, |
493 | | - original_action, |
494 | | - original_reason_codes, |
495 | | - original_model_version, |
496 | | - original_lexicon_version, |
497 | | - original_policy_version, |
498 | | - original_pack_versions, |
499 | | - submitted_by, |
500 | | - reviewer_actor, |
501 | | - resolution_code, |
502 | | - resolution_reason_codes, |
503 | | - created_at, |
504 | | - updated_at, |
505 | | - resolved_at |
506 | | - FROM appeals |
507 | | - {where_clause} |
508 | | - ORDER BY created_at DESC, id DESC |
509 | | - LIMIT %s |
510 | | - """, |
| 488 | + sql.SQL( |
| 489 | + """ |
| 490 | + SELECT |
| 491 | + id, |
| 492 | + status, |
| 493 | + request_id, |
| 494 | + original_decision_id, |
| 495 | + original_action, |
| 496 | + original_reason_codes, |
| 497 | + original_model_version, |
| 498 | + original_lexicon_version, |
| 499 | + original_policy_version, |
| 500 | + original_pack_versions, |
| 501 | + submitted_by, |
| 502 | + reviewer_actor, |
| 503 | + resolution_code, |
| 504 | + resolution_reason_codes, |
| 505 | + created_at, |
| 506 | + updated_at, |
| 507 | + resolved_at |
| 508 | + FROM appeals |
| 509 | + """ |
| 510 | + ) |
| 511 | + + where_clause |
| 512 | + + sql.SQL( |
| 513 | + """ |
| 514 | + ORDER BY created_at DESC, id DESC |
| 515 | + LIMIT %s |
| 516 | + """ |
| 517 | + ), |
511 | 518 | tuple(query_params), |
512 | 519 | ) |
513 | 520 | items = [_appeal_from_row(row) for row in cur.fetchall()] |
|
0 commit comments