JcrUtils.java

package play.modules.cream.helpers;

import org.apache.commons.lang.StringUtils;

public class JcrUtils {
    public static String buildSelect(final String path, final String where, String nodeType) {
        StringBuilder queryString = new StringBuilder("select * from ");
        queryString.append('[');
        queryString.append(nodeType);
        queryString.append(']');
        boolean hasPath = StringUtils.isNotBlank(path);
        boolean hasWhere = StringUtils.isNotBlank(where);
        if (hasPath || hasWhere) {
            queryString.append(" where ");
            if (hasPath) {
                queryString.append("ISCHILDNODE('");
                queryString.append(JcrUtils.escapeSingleQuote(path));
                queryString.append("')");
            }
            if (hasPath && hasWhere && !where.toLowerCase().startsWith("order by")) {
                queryString.append(" and ");
            }
            queryString.append(where);
        }
        return queryString.toString();
    }

    /**
     * Escapes characters that expects to be escaped by a preceding '{@code \}'
     * or for quote like characters by the character itself.
     * <p/>
     * According to 6.6.4.9 of the * JCR-170 specification, the apostrophe (')
     * and quotation mark(") must be escaped according to the standard rules of
     * XPath with regard to string literals: If the literal is delimited by
     * apostrophes, two adjacent apostrophes within the literal are interpreted
     * as a single apostrophe. Similarly, if the literal is delimited by
     * quotation marks, two adjacent quotation marks within the literal are
     * interpreted as one quotation mark.
     * 
     * @param keywords
     *            the string to escape
     * @return a String where characters that QueryParser expects to be escaped,
     *         are escaped by a preceding ' {@code \}' or for quote like
     *         characters by itself
     */
    public static String escapeSingleQuote(String keywords) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < keywords.length(); i++) {
            char c = keywords.charAt(i);
            if (c == '\'') {
                sb.append('\\');
                sb.append(c);
            }
            sb.append(c);
        }
        return sb.toString();
    }

    public static String queryFormat(String queryString, Object[] params) {
        for (int i = 0; i < params.length; i++) {
            if (params[i] instanceof String) {
                params[i] = "'" + escapeSingleQuote((String) params[i]) + "'";
            }
        }
        return String.format(queryString, params);
    }
}