FIX: Do not show hidden queries in group reports (#57)
This commit is contained in:
parent
e7cc6310d7
commit
5bf875a1ac
11
plugin.rb
11
plugin.rb
|
@ -1080,15 +1080,16 @@ SQL
|
|||
respond_to do |format|
|
||||
format.html { render 'groups/show' }
|
||||
format.json do
|
||||
queries = DataExplorer::Query.all
|
||||
queries.select! { |query| query.group_ids&.include?(group.id.to_s) }
|
||||
render_serialized queries, DataExplorer::QuerySerializer, root: 'queries'
|
||||
queries = DataExplorer::Query.all.select do |query|
|
||||
!query.hidden && query.group_ids&.include?(group.id.to_s)
|
||||
end
|
||||
render_serialized(queries, DataExplorer::QuerySerializer, root: 'queries')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def group_reports_show
|
||||
return raise Discourse::NotFound unless guardian.user_can_access_query?(group, query)
|
||||
return raise Discourse::NotFound if !guardian.user_can_access_query?(group, query) || query.hidden
|
||||
|
||||
respond_to do |format|
|
||||
format.html { render 'groups/show' }
|
||||
|
@ -1100,7 +1101,7 @@ SQL
|
|||
|
||||
skip_before_action :check_xhr, only: [:group_reports_run]
|
||||
def group_reports_run
|
||||
return raise Discourse::NotFound unless guardian.user_can_access_query?(group, query)
|
||||
return raise Discourse::NotFound if !guardian.user_can_access_query?(group, query) || query.hidden
|
||||
|
||||
run
|
||||
end
|
||||
|
|
|
@ -361,21 +361,31 @@ describe DataExplorer::QueryController do
|
|||
end
|
||||
|
||||
it "returns a 404 when the user should not have access to the query " do
|
||||
user = Fabricate(:user)
|
||||
log_in_user(user)
|
||||
other_user = Fabricate(:user)
|
||||
log_in_user(other_user)
|
||||
|
||||
get :group_reports_index, params: { group_name: group.name }, format: :json
|
||||
expect(response.status).to eq(404)
|
||||
end
|
||||
|
||||
it "return a 200 when the user has access the the query" do
|
||||
user = Fabricate(:user)
|
||||
log_in_user(user)
|
||||
group.add(user)
|
||||
|
||||
get :group_reports_index, params: { group_name: group.name }, format: :json
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it "does not return hidden queries" do
|
||||
|
||||
group.add(user)
|
||||
make_query('SELECT 1 as value', { name: 'A', hidden: true }, ["#{group.id}"])
|
||||
make_query('SELECT 1 as value', { name: 'B' }, ["#{group.id}"])
|
||||
|
||||
get :group_reports_index, params: { group_name: group.name }, format: :json
|
||||
expect(response.status).to eq(200)
|
||||
expect(response_json['queries'].length).to eq(1)
|
||||
expect(response_json['queries'][0]['name']).to eq('B')
|
||||
end
|
||||
end
|
||||
|
||||
describe "#group_reports_run" do
|
||||
|
@ -387,8 +397,6 @@ describe DataExplorer::QueryController do
|
|||
end
|
||||
|
||||
it "returns a 404 when the user should not have access to the query " do
|
||||
user = Fabricate(:user)
|
||||
log_in_user(user)
|
||||
group.add(user)
|
||||
query = make_query('SELECT 1 as value', {}, [])
|
||||
|
||||
|
@ -397,14 +405,20 @@ describe DataExplorer::QueryController do
|
|||
end
|
||||
|
||||
it "return a 200 when the user has access the the query" do
|
||||
user = Fabricate(:user)
|
||||
log_in_user(user)
|
||||
group.add(user)
|
||||
query = make_query('SELECT 1 as value', {}, [group.id.to_s])
|
||||
|
||||
get :group_reports_run, params: { group_name: group.name, id: query.id }, format: :json
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it "return a 404 when the query is hidden" do
|
||||
group.add(user)
|
||||
query = make_query('SELECT 1 as value', { hidden: true }, [group.id.to_s])
|
||||
|
||||
get :group_reports_run, params: { group_name: group.name, id: query.id }, format: :json
|
||||
expect(response.status).to eq(404)
|
||||
end
|
||||
end
|
||||
|
||||
describe "#group_reports_show" do
|
||||
|
@ -429,6 +443,16 @@ describe DataExplorer::QueryController do
|
|||
get :group_reports_show, params: { group_name: group.name, id: query.id }, format: :json
|
||||
expect(response.status).to eq(200)
|
||||
end
|
||||
|
||||
it "return a 404 when the query is hidden" do
|
||||
user = Fabricate(:user)
|
||||
log_in_user(user)
|
||||
group.add(user)
|
||||
query = make_query('SELECT 1 as value', { hidden: true }, [group.id.to_s])
|
||||
|
||||
get :group_reports_show, params: { group_name: group.name, id: query.id }, format: :json
|
||||
expect(response.status).to eq(404)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue