I've custom find type method in User model:
protected function _findStats($state, $query, $results = array()) {
if ($state === 'before') {
debug($query);
$query['fields'] = array('User.id', 'User.username', 'Click.clicks', 'Click.unique', 'Sale.sales_1', 'Sale.sales_2');
$query['joins'] = array(
array(
'table' => '(' . $this->__buildSubQueryClicks() . ')',
'alias' => 'Click',
'type' => 'LEFT',
'conditions' => array('User.id = Click.id')
),
array(
'table' => '(' . $this->__buildSubQuerySales() . ')',
'alias' => 'Sale',
'type' => 'LEFT',
'conditions' => array('User.id = Sale.id')
)
);
return $query;
}
return $results;
}
Now from other Controller (named ReportsController
) I would like to paginate results of this find. I'm doing it like this:
public function admin_index() {
list($from, $to) = $this->_prepareCommonVariables();
$this->paginate = array('stats');
$this->User->recursive = 0;
$this->set('users', $this->paginate('User',
array(
'Click.created BETWEEN ? AND ?' => array($from, $to),
'Sale.sold BETWEEN ? AND ?' => array($from, $to)
),
array('User.username', 'Click.unique', 'Click.clicks', 'Sale.sales_1', 'Sale.sales_2')
));
}
The problem is that I can only order by User.id
and User.username
fields (generally User-fields). Even if I specified the allowed fields by third parameter of Controller::paginate()
it doesn't work. The Paginator Helper
links generate proper URLs (eg. /admin/reports/index/sort:Click.clicks/direction:asc
) but I don't see ORDER BY part in SQL query. I've put debug($query)
in _findStats()
and when the field is for example Click.clicks
the $query['order']
is empty.
Sorting by fields that don't exist
From the code in the question - it looks like you're already doing the right thing.
The paginator component validates the sort order if it came from the request:
Passing a whitelist, as shown in the question, should permit skipping this logic but if it doesn't debugging the paginator component will probably identify some kind of mismatch between the name of the
$field
, and the values in the$whitelist
.Being explicit works
Bearing in mind that the call in the question is an admin route - you can forego the "security" of validating the sort parameters and just set the sort order explicitly from the request:
Ok, I've found that $query also recive 'sort' and 'direction' keys. So, here goes the solution:
Of course this is not safe solution, because it omits
PaginatorComponent::validateSort()
.