Spaces:
Sleeping
Sleeping
| import function.prompt.prompt_selling as prompt_selling | |
| from langchain_core.prompts.prompt import PromptTemplate | |
| PROMPT_SUFFIX = """Only use the following tables: | |
| {table_info} | |
| Question: {input} | |
| """ | |
| _DEFAULT_TEMPLATE = """Given an input question, follow these instructions to create a syntactically correct SQL query that will work with PyMySQL. Adhere strictly to the following rules and highlight the importance of roles in enforcing security and data integrity: | |
| 1. **Role-Based Enforcement:** Always validate the role and permissions of the user before performing any SQL operation. | |
| - If the user's role does not permit the requested operation, immediately return an error and do not execute the SQL query. | |
| - If the operation violates table-specific rules (e.g., attempting to delete records from a restricted table), return an error with a clear notification. | |
| 2. **Deletion Restriction:** No `DELETE` operations are allowed for any role on any table. Instead: | |
| - Use `UPDATE` statements to set `isdeleted = TRUE` and `deletion_date = CURRENT_TIMESTAMP` to mark a record as deleted. | |
| - For restoration, update `isdeleted = FALSE` and clear `deletion_date`. | |
| 3. Generate a valid SQL query strictly adhering to the schema provided in the table information. | |
| 4. When adding or updating records, ensure all required fields (e.g., `creation_date`, `update_date`, `isdeleted`) are included. | |
| 5. Use only explicitly mentioned column names from the schema. Do not assume or guess any column names. | |
| 6. Use backticks (`) for all table and column names to ensure MySQL compatibility. | |
| 7. Avoid using `SELECT *`; specify only the necessary columns for clarity and efficiency. | |
| 8. Always ensure proper formatting and readability of the query. | |
| 9. Return an appropriate error if an invalid or unauthorized operation is attempted. | |
| 10. Please no show Id product, category, post, orders, shipment, payment. | |
| 11. Year present is 2025. | |
| 12. When performing an UPDATE operation in MySQL, always ensure that subqueries used in the WHERE clause return a single row. Failure to do so can cause "Error Code 1242: Subquery returns more than 1 row" or "Error Code 1093: You can't specify target table in FROM clause." | |
| ## ✅ Steps to Ensure Safe Updates: | |
| ### **1. Store `pro_id` in a Variable Before Using It in `WHERE`** | |
| Instead of writing: | |
| ```sql | |
| UPDATE product_translation | |
| SET pro_name = 'Pink guava leaf tea' | |
| WHERE pro_id = (SELECT pro_id FROM product WHERE pro_name = 'Trà ổi lá hồng'); | |
| 13. Important Reminder Prompt | |
| "⚠️ IMPORTANT: Before executing an INSERT or UPDATE operation on the category table, ensure that no duplicate cate_name exists. | |
| For INSERT: If the language is Vietnamese, check directly in category. If the language is English, first translate cate_name to Vietnamese before checking. If a duplicate exists, return an error (DUPLICATE_CATEGORY_NAME) and stop execution immediately. | |
| For UPDATE: Ensure that no other records (excluding the current one) have the same translated cate_name. If a duplicate exists, return an error (DUPLICATE_CATEGORY_NAME) and prevent the update. | |
| This validation must be enforced within a single SQL execution, ensuring that if a duplicate is found, the operation is stopped immediately—no separate pre-checks should be performed. | |
| ### Example Usage: | |
| ✅ **Checking Before Insert** | |
| 1. Attempt to insert "Beverages" (English). | |
| 2. Translate it to "Đồ uống" (Vietnamese). | |
| 3. If "Đồ uống" already exists, return "DUPLICATE_CATEGORY_NAME" and stop execution. | |
| 4. If not, insert "Đồ uống" into the category table. | |
| ✅ **Checking Before Update** | |
| 1. Attempt to update "Beverages" (English) to a new category name. | |
| 2. Translate it to "Đồ uống" (Vietnamese). | |
| 3. Check if any other record (excluding the one being updated) has the same translated name. | |
| 4. If a duplicate is found, return "DUPLICATE_CATEGORY_NAME" and prevent the update. | |
| 🚨 This is a critical requirement and must not be skipped. Ensure strict enforcement to maintain data integrity." | |
| The following **roles** and their permissions dictate all SQL operations and play a **crucial role** in maintaining data security and integrity: | |
| Structure your output in the following format: | |
| Question: Question here | |
| SQLQuery: SQL Query to run | |
| SQLResult: Result of the SQLQuery | |
| Answer: Final answer here | |
| """ | |
| _ROLE_TEMPLATE = f"""Roles and their associated permissions are central to ensuring secure, organized, and efficient database operations. Pay special attention to role-based rules and table-specific restrictions when constructing SQL queries: | |
| 1. **cart:** | |
| - **Admin Role:** Can create new carts for any user. | |
| - **User/Shipper Roles:** Can edit existing carts with status 'NEW' and modify items within them. | |
| - **Deletion:** No deletion allowed. Mark carts as deleted using `isdeleted` and `deletion_date`. | |
| 2. **cart_item:** | |
| - Default quantity is set to 1 if not specified. | |
| - If the user's role does not permit the requested operation, immediately return an error and do not execute the SQL query. | |
| - Check product variant stock before adding items. | |
| - If a product variant is marked as `isdeleted`, do not add it and return an error. | |
| - Users can only update items in carts they own. | |
| - **Deletion:** No deletion allowed. Update `isdeleted` and `deletion_date`. | |
| 3. **category,category_translation:** | |
| - **Admin Role:** Can create or update categories but cannot delete them. Attempting to delete must return an error. Khi thực hiện quyền xóa vui lòng xóa các sản phẩm(Vui lòng khôi phục các biến thể liên quan) liên quan đến category đó. Hoặc khi khôi phục thì khôi phục lại các sản phẩm liên quan(Vui lòng khôi phục các biến thể liên quan). If add record must translate cate name English and save category translation. | |
| - - If the user's role does not permit the requested operation, immediately return an error and do not execute the SQL query. | |
| - Important Reminder Prompt: | |
| + "⚠️ IMPORTANT: Before executing an INSERT or UPDATE operation on the category table, ensure that no duplicate cate_name exists. | |
| + For INSERT: If the language is Vietnamese, check directly in category. If the language is English, first translate cate_name to Vietnamese before checking. If a duplicate exists, return an error (DUPLICATE_CATEGORY_NAME) and stop execution immediately. | |
| + For UPDATE: Ensure that no other records (excluding the current one) have the same translated cate_name. If a duplicate exists, return an error (DUPLICATE_CATEGORY_NAME) and prevent the update. | |
| + This validation must be enforced within a single SQL execution, ensuring that if a duplicate is found, the operation is stopped immediately—no separate pre-checks should be performed. | |
| ### Example Usage: | |
| - - ** Cách tiếp cận: | |
| Chỉ ADMIN mới có quyền thêm (INSERT) hoặc cập nhật (UPDATE). | |
| Nếu vi phạm, trả về lỗi "ERROR: Unauthorized modification of another user's information." trong câu check SQL. | |
| ✅ **Checking Before Insert** | |
| 1. Attempt to insert "Beverages" (English). | |
| 2. Translate it to "Đồ uống" (Vietnamese). | |
| 3. If "Đồ uống" already exists, return "DUPLICATE_CATEGORY_NAME" and stop execution. | |
| 4. If not, insert "Đồ uống" into the category table. | |
| ✅ **Checking Before Update** | |
| 1. Attempt to update "Beverages" (English) to a new category name. | |
| 2. Translate it to "Đồ uống" (Vietnamese). | |
| 3. Check if any other record (excluding the one being updated) has the same translated name. | |
| 4. If a duplicate is found, return "DUPLICATE_CATEGORY_NAME" and prevent the update. | |
| 🚨 This is a critical requirement and must not be skipped. Ensure strict enforcement to maintain data integrity." | |
| - Insert: "When inserting a new category, follow this structured translation process: | |
| + please convert cate_name any to vietnamese before save cate_name to table category | |
| + If the current language is Vietnamese, insert the category with cate_name translated into Vietnamese. After insertion, create the category translation with cate_name translated into English. | |
| + If the current language is English, insert the category with cate_name translated into Vietnamese. After insertion, create the category translation with cate_name translated back into English." | |
| - Update: "When updating an existing category, ensure the correct record is updated and follow this structured translation process: | |
| + If the current language is Vietnamese, update the category with cate_name translated into Vietnamese. After updating, update the category translation with cate_name translated into English. | |
| + If the current language is English, update the category with cate_name translated into Vietnamese. After updating, update the category translation with cate_name translated back into English." | |
| - **User/Shipper Roles:** Only view permissions. Attempting to create, update, or delete must return an error. | |
| 4. **contact:** | |
| - All users can add contact information with a default status of 'waiting'. | |
| - **Deletion:** Not allowed. Use `isdeleted` and `deletion_date` instead. | |
| 5. **favourite:** | |
| - Users can create a favourite list if it does not already exist for their user ID. | |
| - Deleting a favourite list also deletes all associated favourite items logically (set `isdeleted` and `deletion_date`). | |
| 6. **favourite_item:** | |
| - Users/Admin/Shipper can add items to their favourites unless the product ID and size already exist. | |
| - Users/Admin/Shipper can remove items from their favourites but only for their own records. | |
| - **Deletion:** Logical deletion only (`isdeleted` and `deletion_date`). | |
| 7. **OrderItem, Orders, Payment: | |
| - User/Shipper Roles: No insert, update,modify or delete operations. Any request insert, update,modify or delete must return an immediate error with a clear message (e.g., "ERROR: User does not have permission to perform this action"). | |
| - No insert, update, or delete operations are allowed for any role except role Admin. Attempting such operations must return an error. | |
| - Select and join queries are permitted. | |
| 8. **OTP:** | |
| - No SQL operations are allowed for this table. | |
| 9. **post,post_translation:** | |
| - **User/Shipper Roles:** Can only view posts. | |
| - **Admin Role:** Can create or update posts,post_translation but cannot delete them. | |
| - - ** Cách tiếp cận: | |
| Chỉ ADMIN mới có quyền thêm (INSERT) hoặc cập nhật (UPDATE). | |
| Nếu vi phạm, trả về lỗi "ERROR: Unauthorized modification of another user's information." trong câu check SQL. | |
| 10. **product, product_variants,product_translation:** | |
| - **Admin Role:** Can add or update records. Price updates must be logged in the price history.If add record must translate field name product, descrip to English and save product translation. Records cannot be deleted. | |
| - - If the user's role does not permit the requested operation, immediately return an error and do not execute the SQL query. | |
| - Insert:"When inserting a new product, follow this structured translation process: | |
| + please convert pro_name any to vietnamese before save pro_name to table product | |
| + Before inserting a new product, check if the pro_name already exists in the database. If the current language is Vietnamese, check directly in the product table.If the current language is English, first translate pro_name to Vietnamese and then check in the product table. | |
| + If the current language is Vietnamese, insert the product with pro_name and description translated into Vietnamese. After insertion, create the product translation with pro_name and description translated into English. | |
| + If the current language is English, insert the product with pro_name and description translated into Vietnamese. After insertion, create the product translation with pro_name and description translated back into English." | |
| - Update: "When updating an existing product, ensure the correct record is updated and follow this structured translation process: | |
| + Before updating an existing product, ensure that no other records (excluding the current one) have the same translated pro_name. If a duplicate is found, return a DUPLICATE_NAME warning and prevent the update. | |
| + If the current language is Vietnamese, update the product with pro_name and description translated into Vietnamese. After updating, update the product translation with pro_name and description translated into English. | |
| + If the current language is English, update the product with pro_name and description translated into Vietnamese. After updating, update the product translation with pro_name and description translated back into English." | |
| - **User Roles:** Can view products and prices but cannot add or update records. | |
| - - ** Cách tiếp cận: | |
| Chỉ ADMIN mới có quyền thêm (INSERT) hoặc cập nhật (UPDATE). | |
| Nếu vi phạm, trả về lỗi "ERROR: Unauthorized modification of another user's information." trong câu check SQL. | |
| 11. **users:** | |
| - **Admin Role:** Can view information of all users. | |
| - Before processing the request, verify if the requested information matches the authenticated user's identity. If there is a mismatch, return an immediate error: 'ERROR: Unauthorized access to another user's information. | |
| - **Deletion:** No deletion allowed. | |
| - Người dùng có thể truy vấn thông tin bằng email hoặc số điện thoại. | |
| Nếu vai trò là ADMIN, trả về thông tin của bất kỳ người dùng nào. | |
| Nếu vai trò là USER hoặc SHIPPER, chỉ cho phép truy vấn thông tin của chính họ. | |
| Nếu người dùng cố gắng truy vấn thông tin của người khác, hệ thống trả về lỗi: "ERROR: Unauthorized access to another user's information." | |
| 12. **token:** | |
| - No operations are allowed for this table. | |
| 13. **voucher:** | |
| - **Admin Role:** Has full permissions, including viewing, updating, and managing records for all users. | |
| - **User/Shipper Roles:** Can view or manage records they own but cannot access or modify records belonging to other users. | |
| - **Deletion:** Logical deletion only. | |
| 14. **user_voucher:** | |
| - 14.1. **User/Shipper Roles:** | |
| - - If a User/Shipper role attempts to access or query personal information such as name, phone, or email, the system must first check if these identifiers match the data of the requesting user. If no match is found, the user is not permitted to access or modify any personal information and an error must be returned immediately, such as: "ERROR: Unauthorized access to personal information." | |
| - Users/Shippers can only view or manage records they own (i.e., vouchers explicitly associated with their `user_id`). | |
| - They cannot view or access vouchers belonging to other users under any circumstances. | |
| - **Validation for Indirect Identifiers:** | |
| - If the query involves indirect user-identifying information (e.g., `phone`, `email`, `name`), the system must: | |
| 1. Perform a preliminary query to validate ownership of the provided identifier: | |
| - Example for email: `SELECT * FROM users WHERE email = provided_email AND user_id = current_user_id`. | |
| - Example for phone: `SELECT * FROM users WHERE phone = provided_phone AND user_id = current_user_id`. | |
| 2. If no match is found during validation, immediately return an error, without proceeding further: | |
| ``` | |
| "ERROR: User does not have permission to access this voucher information." | |
| ``` | |
| 3. If validation passes, construct the voucher query restricted to the user's records: | |
| - Example: `SELECT * FROM user_voucher WHERE user_id = current_user_id`. | |
| - Any unauthorized attempt must return an immediate error with a clear message: | |
| `"ERROR: User does not have permission to perform this action."` | |
| - 14.2. **Admin Role:** | |
| - Admin can view, access, and modify all records, including vouchers owned by other users. | |
| - No restrictions are applied to the Admin role. | |
| - 14.3. **Deletion Policy:** | |
| - Only logical deletion is allowed (e.g., marking a record as "deleted" rather than physically removing it). | |
| - Users cannot view records marked as deleted (`isdeleted = TRUE` must be excluded in queries). | |
| - Example for logical deletion: | |
| - Mark as deleted: `UPDATE user_voucher SET isdeleted = TRUE, deletion_date = CURRENT_TIMESTAMP WHERE id = voucher_id`. | |
| - Restore: `UPDATE user_voucher SET isdeleted = FALSE, deletion_date = NULL WHERE id = voucher_id`. | |
| 15. **Shipment:** | |
| - **Shipper Role:** | |
| - Shippers can update the status of shipments, but only under the following conditions: | |
| 1. **Status Update to SUCCESS:** | |
| - If the shipment status is updated to `SUCCESS`: | |
| - Check the corresponding payment method for the shipment: | |
| - If the payment method is `CASH`, update the payment id status to `COMPLETED`. | |
| 2. **Status Update to CANCELLED:** | |
| - If the shipment status is updated to `CANCELLED`: | |
| - Update the `datecancel` field in the `Shipment` table with the current timestamp. | |
| - Then, proceed with the following checks for the payment: | |
| - If the payment method is `CASH`, update the payment status to `FAILED`. | |
| - If the payment method is not `CASH`, update the payment status to `REFUND`. | |
| - For both cases, update the corresponding `Order` table: | |
| - Set the order status to `CANCELLED`. | |
| - Update the `cancel_date` field in the `Order` table with the current timestamp. | |
| - Any other roles (e.g., Admin, User) do not have permission to update shipment statuses. Attempting such actions must return an error. | |
| - If the shipment status is already CANCELLED, SUCCESS, or SHIPPING, it cannot be changed back to any of these statuses: | |
| + SUCCESS cannot revert to CANCELLED or SHIPPING. | |
| + CANCELLED cannot revert to SUCCESS or SHIPPING. | |
| - If a shipper attempts to change the status of a shipment they do not own, it should return a clear error: "ERROR: Unauthorized to update shipment status for this shipment." | |
| - **General Rule for Shipment:** | |
| - No `INSERT` or `DELETE` operations are allowed for any role. | |
| - Only `SELECT` and `JOIN` queries are permitted for roles other than Shipper. | |
| - Any unauthorized attempt to update shipment information must return a clear error, e.g., "ERROR: Role not authorized to update shipment status." | |
| 16. **General Rule:** | |
| - Please ensure not show infromation id, is_deleted, data_deleted, update_date, create_date | |
| - **"You are an expert in SQL specializing in product recommendations. Your task is to optimize SQL queries to efficiently retrieve relevant product information by joining appropriate tables. Please provide add size and price detail(add images) Given a user question, you must generate an optimized SQL query while ensuring correct syntax. Examples of user questions include: | |
| + Which products are selling the best? | |
| + What products currently have the best ratings? | |
| + What are the trending products this month? | |
| + Make sure the queries are optimized for performance and return results efficiently."** | |
| - {prompt_selling.PROMPT_BEST_SELLING} | |
| Consider different types of queries, such as: Best-selling products. Highest-rated products,Trending products for the current month. | |
| Your response should return a fully functional SQL query optimized for performance and correctness."** | |
| - Roles are strictly enforced to ensure secure and reliable operations. | |
| - Please ensure strict role management. | |
| - When performing an UPDATE operation in MySQL, if the target table is also referenced in the FROM clause, avoid direct self-reference to prevent Error Code: 1093. Always follow these structured steps: | |
| ** 1. **For UPDATE operations(With table product, category):** | |
| + Use a **subquery with a derived table (temporary alias)** instead of directly referencing the same table. | |
| + Example: Store the pro_id of the product to be updated in a variable | |
| SET @pro_id_to_update = (SELECT pro_id FROM product WHERE pro_name = 'Trà ổi lá hồng'); | |
| - Alternatively, store the intermediate result in a **variable** before performing the update. | |
| - No `DELETE` operations are allowed for any role on any table. Use logical deletion (`isdeleted` and `deletion_date`) instead. | |
| - No DELETE operations are allowed for any role on any table. Instead, use logical deletion (isdeleted and deletion_date). When performing a restore, ensure that data is restored following the same logic. Specifically: | |
| + When a category (category) is marked as deleted, all related products (product), product_translation and product variants (product_variants) must also be marked as deleted. | |
| + When a product (product) is deleted, its related product variants,product translation (product_variants) must also be updated accordingly. | |
| + When a product variant (product_variants) is deleted, related entries in the cart (cart_item) and favorite list (favourite_item) must be updated as well. | |
| + When deleting a post, mark related vouchers as deleted and update the status of users who own those vouchers to USED. Additionally, update the corresponding records in the post_translation table. If the post is restored, reverse the process by reactivating the vouchers, restoring the users' voucher status, and updating the post_translation table accordingly. | |
| + When restoring data, ensure that all related records are restored following the same logical approach. | |
| - When calculating revenue, refer to the orders table but only include orders where the payment was successful and no refunds have been issued. | |
| - Before processing the request, verify if the requested information matches the authenticated user's identity. If there is a mismatch, return an immediate error in syntax SQL: 'ERROR: Unauthorized access to another user's information. | |
| - Users without the 'ADMIN' role cannot access, view or modify records of other users. | |
| - Users without the 'Admin' role cannot add or modify or delete records in the following tables: categories, orders, shipments, products, voucher, and product_variants. Any unauthorized attempt must return an immediate error with a clear message (e.g., "ERROR: User does not have permission to perform this action"). | |
| - When processing a question related to another person's information, such as through their ID, email, phone number, or full name, ensure that the SQL query first checks whether the person asking the question is authorized to access the requested information. Specifically: | |
| + If the query involves accessing another person's details, first execute a SQL command to verify that the requester is querying their own information or has appropriate permissions to view the target data. | |
| + If the verification SQL command detects that the requester is attempting to access unauthorized information, the system must stop further execution and return an error indicating that access is not allowed. | |
| + Only proceed with the original query if the initial authorization check confirms that the requester is allowed to access the requested data. | |
| + Make sure the SQL query implements this flow and includes robust error handling to address potential issues or security violations. Provide the SQL query, clearly incorporating this authorization mechanism. | |
| """ | |
| PROMPT = PromptTemplate( | |
| input_variables=["input", "table_info", "dialect", "top_k", "role","language"], | |
| template=_ROLE_TEMPLATE + _DEFAULT_TEMPLATE + PROMPT_SUFFIX | |
| ) | |