2019-05-12 22:42:48 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-04-11 17:13:51 -04:00
|
|
|
require 'rails_helper'
|
2015-07-15 16:20:42 -04:00
|
|
|
|
|
|
|
describe DataExplorer::QueryController do
|
|
|
|
def response_json
|
|
|
|
MultiJson.load(response.body)
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
SiteSetting.data_explorer_enabled = true
|
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
def make_query(sql, opts = {}, group_ids = [])
|
2020-08-26 20:29:57 -04:00
|
|
|
query = DataExplorer::Query.create!(name: opts[:name] || "Query number", description: "A description for query number", sql: sql, hidden: opts[:hidden] || false)
|
|
|
|
group_ids.each do |group_id|
|
|
|
|
query.query_groups.create!(group_id: group_id)
|
|
|
|
end
|
|
|
|
query
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "Admin" do
|
|
|
|
routes { ::DataExplorer::Engine.routes }
|
2016-08-19 04:46:03 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
let!(:admin) { log_in_user(Fabricate(:admin)) }
|
2016-08-19 04:46:03 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "when disabled" do
|
|
|
|
before do
|
|
|
|
SiteSetting.data_explorer_enabled = false
|
|
|
|
end
|
|
|
|
it 'denies every request' do
|
|
|
|
get :index
|
|
|
|
expect(response.body).to be_empty
|
2016-08-19 04:46:03 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
get :index, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
2016-08-19 04:46:03 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
get :schema, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
2016-08-19 04:46:03 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
get :show, params: { id: 3 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
2016-08-19 04:46:03 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
post :create, params: { id: 3 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
2016-08-19 04:46:03 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
post :run, params: { id: 3 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
2015-07-15 16:20:42 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
put :update, params: { id: 3 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
|
|
|
|
delete :destroy, params: { id: 3 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
2018-10-10 07:29:13 -04:00
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "#index" do
|
|
|
|
before do
|
|
|
|
require_dependency File.expand_path('../../../lib/queries.rb', __FILE__)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "behaves nicely with no user created queries" do
|
|
|
|
DataExplorer::Query.destroy_all
|
|
|
|
get :index, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['queries'].count).to eq(Queries.default.count)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "shows all available queries in alphabetical order" do
|
|
|
|
DataExplorer::Query.destroy_all
|
|
|
|
make_query('SELECT 1 as value', name: 'B')
|
|
|
|
make_query('SELECT 1 as value', name: 'A')
|
|
|
|
get :index, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['queries'].length).to eq(Queries.default.count + 2)
|
|
|
|
expect(response_json['queries'][0]['name']).to eq('A')
|
|
|
|
expect(response_json['queries'][1]['name']).to eq('B')
|
|
|
|
end
|
FEATURE: Add ability to soft delete (hide) queries and revert deletion with rake tasks (#54)
* FEATURE: Add hide button (toggleable) for all queries (frontend only)
* Switches between hide/unhide on click
* Works almost like the delete button, but toggles between the query's
hidden attribute instead
* So far this is only a frontend feature, the backend implementation
still needs work
* Revert "FEATURE: Add hide button (toggleable) for all queries (frontend only)"
This reverts commit a8771d2ad57083a91b7130df807fa54c26205d11.
REVERT: Remove button that hides queries (frontend)
* Prepare for migration of old frontend logic to backend
* We are going to reuse the existing delete button, but change its
backend logic to enable soft deletion. From the user's perspective
nothing will change, but any deletion mistakes can be reverted.
* DEV: Hide user queries upon deletion, but keep them in store
* Creating a new query will set its hidden attribute to false by
default
* Deleting a user-made query will not delete it from the store, but
set its hidden attribute to true
* User queries will not be indexed if they are hidden
* Undeleting a query will unhide it, and will be indexed
* Updating a hidden query will unhide it, and will be indexed
* SPEC: Add spec for hidden/deleted queries
* Hidden queries should not be shown
* FEATURE: Add ability to delete/hide system queries
* System queries are now able to be deleted from view, but will remain
in the backend for retrieval, if necessary
* FEATURE/DEV: Add rake commands for query soft deletion
* query:list_hidden - Shows a list of hidden queries
* query:hide_all[only_default] - Hides all queries, w/ boolean arg to
hide only default ones
* query:unhide[id] - Unhides a query by id
* query:unhide_all[exclude_default] - Unhides all hidden queries,
w/ boolean arg to exclude default ones
* Remove rails loggers
* UX/DEV: Update query rake tasks to be more user friendly
* Split query:hide_all[only_default] into two tasks:
* query:hide_all - Hides all queries
* query:hide_all:only_default - Hide only default queries
* Split query:unhide_all[exclude_default] into two tasks:
* query:unhide_all - Unhides all hidden queries
* query:unhide_all:exclude_default - Unhides all non-default
queries
* Rename file to match task name
* UX: query:unhide can accept multiple arguments
* Example: rake query:unhide[-5,-6,-7,3,5,6,-13,-14,-10]
* UX: Update query rake tasks to output cleaner messages
* Remove unneeded comment
* DEV: Keep only necessary rake tasks, use more specific naming
* UX/DEV: Add rake task for hard deletion, better console logs
* User is able to hard delete a query only if it is hidden, otherwise
output a message stating so
* Add commented examples above each task
* Add rainbow support for more readable console logs
* Successful messages will display green, failures display red,
additional info displays yellow
* Separate multiple queries with spaces instead of lines
* DEV: Remove rainbow colorizing in console logs
* Rainbow is a dependency of rubocop and it may go away in the future
* Rainbow is only used for dev and test environments
* DEV: Add Rails engine to enable rake tasks to be loaded at runtime
* DEV: Favor require - load files only if they are not already loaded
* SPEC: Add tests for data_explorer[id] rake command
* Test if a single query is hidden correctly
* Expect length of query list to not be modified
* Expect array of hidden queries to have exactly 1 element
* Expect that one element to have the same ID as the one invoked to
be hidden
* Test if multiple queries are hidden correctly
* Expect length of query list to not be modified
* Expect array of hidden queries to have the number of elements
equal to the number invoked to be hidden
* Expect the elements to have the same ID as the ones invoked to be
hidden
* Test if a query exists in PluginStore
* Expect query list to be empty
* DEV: Clear pre-existing tasks before redefining
* This prevents double invocation when user invokes the task once
* SPEC: Add tests for unhide_query rake task
* Test if a single query unhides correctly
* Expect length of query list to not be modified
* Expect array of hidden queries to have exactly 1 element after
unhiding 1 of 2 queries
* Expect remaining element to be hidden
* Test if multiple queries unhide correctly
* Expect length of query list to not be modified
* Expect array of hidden queries to have exactly 1 element after
unhiding 3 of 4 queries
* Expect remaining element to be hidden
* Test if a query exists in PluginStore
* Expect query list to not be modified
* SPEC: Add tests for hard_delete rake task
* Test if a single query hard deletes correctly
* Expect length of query list to be shorter by 1
* Expect array of hidden queries to have exactly 1 element after
hard deleting 1 of 2 queries
* Expect 1 remaining hidden element
* Test if multiple queries hard delete correctly
* Expect length of query list to be shorter by 3 after hard deleting
3 of 4 queries
* Expect array of hidden queries to have exactly 1 element after
hard deleting 3 of 4 queries
* Expect 1 remaining hidden element
* Test if a query exists in PluginStore
* Expect hidden query list to not be modified
* Test if a query is not hidden
* Expect query list to not be modified
* UX: Favor newline char in place of puts for logs
* Condensed console logs to output newline char instead of another puts
statement (reduces number of lines used significantly)
2020-07-29 02:50:24 -04:00
|
|
|
|
|
|
|
it "doesn't show hidden/deleted queries" do
|
|
|
|
DataExplorer::Query.destroy_all
|
|
|
|
make_query('SELECT 1 as value', name: 'A', hidden: false)
|
|
|
|
make_query('SELECT 1 as value', name: 'B', hidden: true)
|
|
|
|
make_query('SELECT 1 as value', name: 'C', hidden: true)
|
|
|
|
get :index, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['queries'].length).to eq(Queries.default.count + 1)
|
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "#run" do
|
|
|
|
let!(:admin) { log_in(:admin) }
|
|
|
|
|
|
|
|
def run_query(id, params = {})
|
|
|
|
params = Hash[params.map { |a| [a[0], a[1].to_s] }]
|
|
|
|
post :run, params: { id: id, _params: MultiJson.dump(params) }, format: :json
|
|
|
|
end
|
|
|
|
it "can run queries" do
|
|
|
|
q = make_query('SELECT 23 as my_value')
|
|
|
|
run_query q.id
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['success']).to eq(true)
|
|
|
|
expect(response_json['errors']).to eq([])
|
|
|
|
expect(response_json['columns']).to eq(['my_value'])
|
|
|
|
expect(response_json['rows']).to eq([[23]])
|
|
|
|
end
|
|
|
|
|
|
|
|
it "can process parameters" do
|
|
|
|
q = make_query <<~SQL
|
|
|
|
-- [params]
|
|
|
|
-- int :foo = 34
|
|
|
|
SELECT :foo as my_value
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id, foo: 23
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['errors']).to eq([])
|
|
|
|
expect(response_json['success']).to eq(true)
|
|
|
|
expect(response_json['columns']).to eq(['my_value'])
|
|
|
|
expect(response_json['rows']).to eq([[23]])
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['errors']).to eq([])
|
|
|
|
expect(response_json['success']).to eq(true)
|
|
|
|
expect(response_json['columns']).to eq(['my_value'])
|
|
|
|
expect(response_json['rows']).to eq([[34]])
|
|
|
|
|
|
|
|
# 2.3 is not an integer
|
|
|
|
run_query q.id, foo: '2.3'
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/ValidationError/)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't allow you to modify the database #1" do
|
|
|
|
p = create_post
|
|
|
|
|
|
|
|
q = make_query <<~SQL
|
|
|
|
UPDATE posts SET cooked = '<p>you may already be a winner!</p>' WHERE id = #{p.id}
|
|
|
|
RETURNING id
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
p.reload
|
|
|
|
|
|
|
|
# Manual Test - comment out the following lines:
|
|
|
|
# DB.exec "SET TRANSACTION READ ONLY"
|
|
|
|
# raise ActiveRecord::Rollback
|
|
|
|
# This test should fail on the below check.
|
|
|
|
expect(p.cooked).to_not match(/winner/)
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/read-only transaction/)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't allow you to modify the database #2" do
|
|
|
|
p = create_post
|
|
|
|
|
|
|
|
q = make_query <<~SQL
|
|
|
|
SELECT 1
|
|
|
|
)
|
|
|
|
SELECT * FROM query;
|
|
|
|
RELEASE SAVEPOINT active_record_1;
|
|
|
|
SET TRANSACTION READ WRITE;
|
|
|
|
UPDATE posts SET cooked = '<p>you may already be a winner!</p>' WHERE id = #{p.id};
|
|
|
|
SAVEPOINT active_record_1;
|
|
|
|
SET TRANSACTION READ ONLY;
|
|
|
|
WITH query AS (
|
|
|
|
SELECT 1
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
p.reload
|
|
|
|
|
|
|
|
# Manual Test - change out the following line:
|
|
|
|
#
|
|
|
|
# module ::DataExplorer
|
|
|
|
# def self.run_query(...)
|
|
|
|
# if query.sql =~ /;/
|
|
|
|
#
|
|
|
|
# to
|
|
|
|
#
|
|
|
|
# if false && query.sql =~ /;/
|
|
|
|
#
|
|
|
|
# Afterwards, this test should fail on the below check.
|
|
|
|
expect(p.cooked).to_not match(/winner/)
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/semicolon/)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't allow you to lock rows" do
|
|
|
|
q = make_query <<~SQL
|
|
|
|
SELECT id FROM posts FOR UPDATE
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/read-only transaction/)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't allow you to create a table" do
|
|
|
|
q = make_query <<~SQL
|
|
|
|
CREATE TABLE mytable (id serial)
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/read-only transaction|syntax error/)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "doesn't allow you to break the transaction" do
|
|
|
|
q = make_query <<~SQL
|
|
|
|
COMMIT
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/syntax error/)
|
|
|
|
|
|
|
|
q.sql = <<~SQL
|
|
|
|
)
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/syntax error/)
|
|
|
|
|
|
|
|
q.sql = <<~SQL
|
|
|
|
RELEASE SAVEPOINT active_record_1
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
expect(response.status).to eq(422)
|
|
|
|
expect(response_json['errors']).to_not eq([])
|
|
|
|
expect(response_json['success']).to eq(false)
|
|
|
|
expect(response_json['errors'].first).to match(/syntax error/)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "can export data in CSV format" do
|
|
|
|
q = make_query('SELECT 23 as my_value')
|
|
|
|
post :run, params: { id: q.id, download: 1 }, format: :csv
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
2020-02-26 05:30:15 -05:00
|
|
|
|
|
|
|
context "`limit` parameter" do
|
|
|
|
before do
|
|
|
|
create_post
|
|
|
|
create_post
|
|
|
|
create_post
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should limit the results in JSON response" do
|
|
|
|
begin
|
|
|
|
original_const = DataExplorer::QUERY_RESULT_DEFAULT_LIMIT
|
|
|
|
DataExplorer.send(:remove_const, "QUERY_RESULT_DEFAULT_LIMIT")
|
|
|
|
DataExplorer.const_set("QUERY_RESULT_DEFAULT_LIMIT", 2)
|
|
|
|
|
|
|
|
q = make_query <<~SQL
|
|
|
|
SELECT id FROM posts
|
|
|
|
SQL
|
|
|
|
|
|
|
|
run_query q.id
|
|
|
|
expect(response_json['rows'].count).to eq(2)
|
|
|
|
|
|
|
|
post :run, params: { id: q.id, limit: 1 }, format: :json
|
|
|
|
expect(response_json['rows'].count).to eq(1)
|
|
|
|
|
|
|
|
post :run, params: { id: q.id, limit: "ALL" }, format: :json
|
|
|
|
expect(response_json['rows'].count).to eq(3)
|
|
|
|
ensure
|
|
|
|
DataExplorer.send(:remove_const, "QUERY_RESULT_DEFAULT_LIMIT")
|
|
|
|
DataExplorer.const_set("QUERY_RESULT_DEFAULT_LIMIT", original_const)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should limit the results in CSV download" do
|
|
|
|
begin
|
|
|
|
original_const = DataExplorer::QUERY_RESULT_MAX_LIMIT
|
|
|
|
DataExplorer.send(:remove_const, "QUERY_RESULT_MAX_LIMIT")
|
|
|
|
DataExplorer.const_set("QUERY_RESULT_MAX_LIMIT", 2)
|
|
|
|
|
|
|
|
ids = Post.order(:id).pluck(:id)
|
|
|
|
|
|
|
|
q = make_query <<~SQL
|
|
|
|
SELECT id FROM posts
|
|
|
|
SQL
|
|
|
|
|
|
|
|
post :run, params: { id: q.id, download: 1 }, format: :csv
|
|
|
|
expect(response.body.split("\n").count).to eq(3)
|
|
|
|
|
|
|
|
post :run, params: { id: q.id, download: 1, limit: 1 }, format: :csv
|
|
|
|
expect(response.body.split("\n").count).to eq(2)
|
|
|
|
|
|
|
|
# The value `ALL` is not supported in csv exports.
|
|
|
|
post :run, params: { id: q.id, download: 1, limit: "ALL" }, format: :csv
|
|
|
|
expect(response.body.split("\n").count).to eq(1)
|
|
|
|
ensure
|
|
|
|
DataExplorer.send(:remove_const, "QUERY_RESULT_MAX_LIMIT")
|
|
|
|
DataExplorer.const_set("QUERY_RESULT_MAX_LIMIT", original_const)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "Non-Admin" do
|
|
|
|
routes { Discourse::Application.routes }
|
2015-07-15 16:20:42 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
let(:user) { Fabricate(:user) }
|
|
|
|
let(:group) { Fabricate(:group, users: [user]) }
|
2019-09-11 10:52:06 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
before do
|
|
|
|
log_in_user(user)
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "when disabled" do
|
|
|
|
before do
|
|
|
|
SiteSetting.data_explorer_enabled = false
|
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
it 'denies every request' do
|
|
|
|
get :group_reports_index, params: { group_name: 1 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
|
|
|
|
get :group_reports_show, params: { group_name: 1, id: 1 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
2015-07-15 16:20:42 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
post :group_reports_run, params: { group_name: 1, id: 1 }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "#group_reports_index" do
|
2015-07-15 16:20:42 -04:00
|
|
|
|
2019-09-11 10:52:06 -04:00
|
|
|
it "only returns queries that the group has access to" do
|
|
|
|
group.add(user)
|
|
|
|
make_query('SELECT 1 as value', { name: 'A' }, ["#{group.id}"])
|
2019-09-11 10:09:41 -04:00
|
|
|
|
|
|
|
get :group_reports_index, params: { group_name: group.name }, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['queries'].length).to eq(1)
|
|
|
|
expect(response_json['queries'][0]['name']).to eq('A')
|
2019-09-11 10:52:06 -04:00
|
|
|
end
|
2019-09-11 10:09:41 -04:00
|
|
|
|
|
|
|
it "returns a 404 when the user should not have access to the query " do
|
2020-08-10 16:12:06 -04:00
|
|
|
other_user = Fabricate(:user)
|
|
|
|
log_in_user(other_user)
|
2019-09-11 10:09:41 -04:00
|
|
|
|
|
|
|
get :group_reports_index, params: { group_name: group.name }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
it "return a 200 when the user has access the the query" do
|
|
|
|
group.add(user)
|
2017-09-04 02:07:22 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
get :group_reports_index, params: { group_name: group.name }, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
2020-08-10 16:12:06 -04:00
|
|
|
|
|
|
|
it "does not return hidden queries" do
|
|
|
|
|
|
|
|
group.add(user)
|
|
|
|
make_query('SELECT 1 as value', { name: 'A', hidden: true }, ["#{group.id}"])
|
|
|
|
make_query('SELECT 1 as value', { name: 'B' }, ["#{group.id}"])
|
|
|
|
|
|
|
|
get :group_reports_index, params: { group_name: group.name }, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(response_json['queries'].length).to eq(1)
|
|
|
|
expect(response_json['queries'][0]['name']).to eq('B')
|
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "#group_reports_run" do
|
|
|
|
it "calls run on QueryController" do
|
2019-09-11 10:52:06 -04:00
|
|
|
query = make_query('SELECT 1 as value', { name: 'B' }, ["#{group.id}"])
|
2019-09-11 10:09:41 -04:00
|
|
|
controller.expects(:run).at_least_once
|
|
|
|
|
2019-09-11 10:52:06 -04:00
|
|
|
get :group_reports_run, params: { group_name: group.name, id: query.id }, format: :json
|
2019-09-11 10:09:41 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns a 404 when the user should not have access to the query " do
|
|
|
|
group.add(user)
|
|
|
|
query = make_query('SELECT 1 as value', {}, [])
|
|
|
|
|
|
|
|
get :group_reports_run, params: { group_name: group.name, id: query.id }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "return a 200 when the user has access the the query" do
|
|
|
|
group.add(user)
|
|
|
|
query = make_query('SELECT 1 as value', {}, [group.id.to_s])
|
|
|
|
|
|
|
|
get :group_reports_run, params: { group_name: group.name, id: query.id }, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
2020-08-10 16:12:06 -04:00
|
|
|
|
|
|
|
it "return a 404 when the query is hidden" do
|
|
|
|
group.add(user)
|
|
|
|
query = make_query('SELECT 1 as value', { hidden: true }, [group.id.to_s])
|
|
|
|
|
|
|
|
get :group_reports_run, params: { group_name: group.name, id: query.id }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
2017-10-03 14:58:28 -04:00
|
|
|
|
2019-09-11 10:09:41 -04:00
|
|
|
describe "#group_reports_show" do
|
|
|
|
let(:group) { Fabricate(:group) }
|
|
|
|
|
|
|
|
it "returns a 404 when the user should not have access to the query " do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
log_in_user(user)
|
|
|
|
group.add(user)
|
|
|
|
query = make_query('SELECT 1 as value', {}, [])
|
|
|
|
|
|
|
|
get :group_reports_show, params: { group_name: group.name, id: query.id }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "return a 200 when the user has access the the query" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
log_in_user(user)
|
|
|
|
group.add(user)
|
|
|
|
query = make_query('SELECT 1 as value', {}, [group.id.to_s])
|
|
|
|
|
|
|
|
get :group_reports_show, params: { group_name: group.name, id: query.id }, format: :json
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
2020-08-10 16:12:06 -04:00
|
|
|
|
|
|
|
it "return a 404 when the query is hidden" do
|
|
|
|
user = Fabricate(:user)
|
|
|
|
log_in_user(user)
|
|
|
|
group.add(user)
|
|
|
|
query = make_query('SELECT 1 as value', { hidden: true }, [group.id.to_s])
|
|
|
|
|
|
|
|
get :group_reports_show, params: { group_name: group.name, id: query.id }, format: :json
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
end
|
2017-10-03 14:58:28 -04:00
|
|
|
end
|
2015-07-15 16:20:42 -04:00
|
|
|
end
|
|
|
|
end
|