Discource-C
/
discourse-data-explorer
mirror of https://github.com/discourse/discourse-data-explorer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Allow groups to access system queries (#185) 

* FIX: allow groups to access system queries (without having to run the query once first)

Bug is: Trying to allow a group to access a system query results in a Discourse::NotFound unless the query is run first.

Cause:

 - System queries don't exist in the database by default
 - update calls set_query before action
 - set_query searches the database for the system query with Query.find_by(:id), which will not exist by default.
 - running system queries first fixes this because Query.find is overridden to include system queries (Queries.default) in its results, avoiding the Discourse::NotFound.

Solution: use the overridden Query.find in set_query to include system queries in the search, instead of Query.find_by(:id)

* Added test for fixing allowing groups to access system query.

* Fixed test formatting.
This commit is contained in:
Frank 2022-08-19 00:14:07 +08:00 committed by GitHub
parent 82ec10d844
commit 16bb6a946c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/data_explorer/query_controller.rb
View File

@ -232,7 +232,7 @@ class DataExplorer::QueryController < ::ApplicationController
end end
def set_query def set_query
@query = DataExplorer::Query.find_by(id: params[:id]) @query = DataExplorer::Query.find(params[:id])
raise Discourse::NotFound unless @query raise Discourse::NotFound unless @query
end end
end end

22
spec/requests/query_controller_spec.rb
View File

@ -87,6 +87,28 @@ describe DataExplorer::QueryController do
end end
end end
describe "#update" do
fab!(:user2) { Fabricate(:user) }
fab!(:group2) { Fabricate(:group, users: [user2]) }
it "allows group to access system query" do
query = DataExplorer::Query.find(-4)
put "/admin/plugins/explorer/queries/#{query.id}.json", params: {
"query" => {
"name" => query.name,
"description" => query.description,
"sql" => query.sql,
"user_id" => query.user_id,
"created_at" => query.created_at,
"group_ids" => [group2.id],
"last_run_at" => query.last_run_at
},
"id" => query.id }
expect(response.status).to eq(200)
end
end
describe "#run" do describe "#run" do
def run_query(id, params = {}) def run_query(id, params = {})
params = Hash[params.map { |a| [a[0], a[1].to_s] }] params = Hash[params.map { |a| [a[0], a[1].to_s] }]