Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return unsafe sharing error from backend #3990

Merged
merged 10 commits into from
Jul 21, 2019
Merged

Return unsafe sharing error from backend #3990

merged 10 commits into from
Jul 21, 2019

Conversation

rauchy
Copy link
Contributor

@rauchy rauchy commented Jul 16, 2019

What type of PR is this? (check all applicable)

  • Refactor

Description

Create a message explaining that unsafe queries can't be shared in the backend, and use that message in public dashboards and embeds.

Related Tickets & Documents

Replaces the behavior introduced in #3659 and #3988 (/cc @ranbena)

Mobile & Desktop Screenshots/Recordings (if there are UI changes)

@rauchy rauchy requested a review from arikfr July 16, 2019 08:35
@rauchy rauchy mentioned this pull request Jul 16, 2019
Merged
arikfr
arikfr reviewed Jul 17, 2019
View reviewed changes
redash/handlers/query_results.py Outdated
@@ -182,7 +182,12 @@ def post(self, query_id):
if has_access(query, self.current_user, allow_executing_with_view_only_permissions):
return run_query(query.parameterized, parameter_values, query.data_source, query_id, max_age)
else:
return {'job': {'status': 4, 'error': 'You do not have permission to run queries with this data source.'}}, 403
if current_user.is_api_user() and not query.parameterized.is_safe:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍done in 474dae1

redash/handlers/query_results.py Outdated Show resolved Hide resolved
@rauchy rauchy requested a review from arikfr July 17, 2019 10:23
@arikfr @ranbena
Update redash/handlers/query_results.py
5e58ccf 
Co-Authored-By: Ran Byron <ranbena@gmail.com>
@arikfr
Update redash/handlers/query_results.py
ff52e3b 
Co-Authored-By: Arik Fraimovich <arik@arikfr.com>
@rauchy rauchy requested a review from arikfr July 21, 2019 06:08
@rauchy rauchy merged commit ea0e411 into master Jul 21, 2019
@rauchy rauchy deleted the return-unsafe-sharing-error-from-backend branch July 21, 2019 06:21
harveyrendell pushed a commit to pushpay/redash that referenced this pull request Nov 14, 2019
@arikfr @harveyrendell
Return unsafe sharing error from backend (getredash#3990)
e065230 
* return message explaining unsafe sharing

* use backend-generated message for public dashboards

* use backend-generated message for embeds

* Update redash/handlers/query_results.py

Co-Authored-By: Arik Fraimovich <arik@arikfr.com>

* refactor simple (non-interpolated) query result handler error messages to a single location

* use error_messages to test out unsafe error messages (along with a couple of others)

* Update redash/handlers/query_results.py

Co-Authored-By: Ran Byron <ranbena@gmail.com>

* Update redash/handlers/query_results.py

Co-Authored-By: Arik Fraimovich <arik@arikfr.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ranbena ranbena ranbena left review comments

@arikfr arikfr arikfr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rauchy @arikfr @ranbena