Skip to content

Fix Ability to Add Query-based Parameters to Existing Queries #3716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
May 12, 2019
Merged

Fix Ability to Add Query-based Parameters to Existing Queries #3716

merged 13 commits into from
May 12, 2019

Conversation

rauchy
Copy link
Contributor

@rauchy rauchy commented Apr 17, 2019
edited by kravets-levko
Loading

What type of PR is this? (check all applicable)

  • Bug Fix

Description

In order to solve #3711, dropdown values would be fetched directly from the /api/:id/dropdown endpoint while a query is edited. Once it is saved, an association is created and dropdown values could be fetched from /api/:parent_id/dropdowns/:id.

If a user has edit privileges to the parent query but cannot access the dropdown query directly, he will be prompted with this message:

image

Related Tickets & Documents

Fixes #3711

Mobile & Desktop Screenshots/Recordings (if there are UI changes)

@rauchy rauchy requested review from arikfr and kravets-levko April 17, 2019 09:20
kravets-levko
kravets-levko reviewed Apr 17, 2019
View reviewed changes
arikfr
arikfr reviewed May 5, 2019
View reviewed changes
Copy link
Member

@arikfr arikfr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No frontend changes were needed? It will always use the API with parent query once the query is saved?

redash/handlers/query_results.py Outdated
abort(403)
dropdown_query = get_object_or_404(models.Query.get_by_id_and_org, dropdown_query_id, self.current_org)
if not has_access(dropdown_query.data_source, current_user, view_only):
abort(403)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check the CodeClimate error -- it's actually relevant.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm surprised Flask didn't crash on this 😝

@weekly-digest weekly-digest bot mentioned this pull request May 6, 2019
Closed
@rauchy
Copy link
Contributor Author

rauchy commented May 6, 2019

No frontend changes were needed? It will always use the API with parent query once the query is saved?

Just like it used to be, but only now it will fallback on the backend and still allow dropdown query results, even when they are unassociated (assuming user has direct access to the dropdown query).

arikfr
arikfr reviewed May 12, 2019
View reviewed changes
Copy link
Member

@arikfr arikfr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just one question ->

redash/handlers/query_results.py Outdated
if int(dropdown_query_id) not in related_queries_ids:
abort(403)
dropdown_query = get_object_or_404(models.Query.get_by_id_and_org, dropdown_query_id, self.current_org)
if not has_access(dropdown_query.data_source, current_user, view_only):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we use require_access here as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Totally. 13e398b

@rauchy rauchy merged commit 50a6f72 into master May 12, 2019
@rauchy rauchy deleted the fix-add-query-based-parameter-to-existing-queries branch May 12, 2019 09:48
@weekly-digest weekly-digest bot mentioned this pull request May 13, 2019
Closed
harveyrendell pushed a commit to pushpay/redash that referenced this pull request Nov 14, 2019
@harveyrendell
Fix Ability to Add Query-based Parameters to Existing Queries (getred…
888723d 
…ash#3716)

* propagate `isDirty` down to `QueryBasedParameterInput`

* go to /api/:id/dropdown while editing a query, since dropdown queries might still not be associated with the parent. see getredash#3711

* show helpful error message if dropdown values cannot be fetched

* use backticks instead of line concatenation

* remove requirement to have direct access to dropdown query in order validate it. parent query association checks are sufficient

* remove isDirty-based implementation and allow dropdown queries through nested ACL even if they aren't associated yet (given that the user has _direct_ access to the dropdown query)

* fix tests to cover all cases for /api/queries/:id/dropdowns/:id

* fix indentation

* require access to the query, not the data source

* use require_access instead of has_access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arikfr arikfr arikfr left review comments

@kravets-levko kravets-levko kravets-levko left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cannot Add Query-based Dropdown Parameter to a Saved Query

3 participants

@rauchy @arikfr @kravets-levko