🏠 Overview 🧩 Components 🧩 Report Query Builder Service

Report Query Builder Service

Component Detail

Service Layer high complexity backend
1
Dependencies
1
Dependents
0
Entities
0
Integrations

Description

Translates a validated declarative report specification into a parameterized PostgreSQL query. Maintains a server-side whitelist of permitted fields, operators, and join paths. Never interpolates raw user input into SQL strings; all values are passed as bound parameters. Supports multi-dimensional grouping and aggregation.

Feature: Custom Reports

report-query-builder-service

Responsibilities

  • Map field identifiers to their database column and join paths
  • Construct parameterized SELECT, JOIN, WHERE, GROUP BY, ORDER BY, and LIMIT clauses
  • Enforce the allowed-fields whitelist to prevent injection and schema leakage
  • Return a query object with SQL string and bound parameter array

Interfaces

buildQuery(spec, orgId)
buildCountQuery(spec, orgId)
getJoinPlan(fields[])
buildWhereClause(filters[])
buildGroupByClause(groupings[])
resolveFieldToColumn(fieldId)
isFieldAllowed(fieldId, role)

Relationships

Dependencies (1)

Components this component depends on

infrastructure Query Complexity Guard

Dependents (1)

Components that depend on this component

service Custom Report Service