Data Explorer can run arbitrary SQL queries which can be costly for us if over-used. Because of that we want to add the ability to rate limit the query run endpoint, in particular when requested programmatically using API.
This commit introduces a rate limit to the `QueryController#run` endpoint. It heavily leans on the existing `RateLimiter` implementation, and the ability of `ApplicationController` to turn rate limit exceptions into nicely formatted JSON responses.
The rate limit (per 10 seconds) can be configured through the global setting `max_data_explorer_api_reqs_per_10_seconds`, and defaults to 2.
Handling can be configured through `max_data_explorer_api_req_mode`, and can be set to warn, block, or both warn and block. We will default to warn for now and monitor the logs for a while.
This commit updates the plugin to the latest guidelines, as shown in
discourse-plugin-skeleton, which involves moving a lot of the code to
dedicated files, use proper namespaces, use the autoloader as much as
possible, etc.
- Require query name is present
- Ensure all routes are treated by default as .json, so errors flow correctly
- Remove superflous save/cancel controls from group settings
- Remove group control when item is destroyed
- Disable editing of query when it is deleted
Co-authored-by: Osama Sayegh <asooomaasoooma90@gmail.com>
* FIX: allow groups to access system queries (without having to run the query once first)
Bug is: Trying to allow a group to access a system query results in a Discourse::NotFound unless the query is run first.
Cause:
- System queries don't exist in the database by default
- update calls set_query before action
- set_query searches the database for the system query with Query.find_by(:id), which will not exist by default.
- running system queries first fixes this because Query.find is overridden to include system queries (Queries.default) in its results, avoiding the Discourse::NotFound.
Solution: use the overridden Query.find in set_query to include system queries in the search, instead of Query.find_by(:id)
* Added test for fixing allowing groups to access system query.
* Fixed test formatting.
Jarek Radosz
Loïc Guitaut
Martin Brennan
Ted Johansson
Bianca Nenciu
David Taylor
Sam
Frank
Osama Sayegh