Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Be more permissive when parameters are safe #3383

Merged
merged 38 commits into from
Feb 26, 2019
Merged

Be more permissive when parameters are safe #3383

merged 38 commits into from
Feb 26, 2019

Commits on Jan 30, 2019

  1. use the textless endpoint (/api/queries/:id/results) for pristine 

    queriest
    Omer Lachish committed Jan 30, 2019
    Configuration menu
    Copy the full SHA
    cd2cee7 View commit details
    Browse the repository at this point in the history

Commits on Jan 31, 2019

  1. reverse conditional. not not is making me the headaches.

    Omer Lachish committed Jan 31, 2019
    Configuration menu
    Copy the full SHA
    e8ceeb7 View commit details
    Browse the repository at this point in the history

  2. add ParameterizedQuery#is_safe with an inital naive implementation which 

    treats any query with a text parameter as not safe. This will be
remedied later when DB drivers will handle these parameters.
    Omer Lachish committed Jan 31, 2019
    Configuration menu
    Copy the full SHA
    06917ce View commit details
    Browse the repository at this point in the history

  3. allow getting new query results even if user has only view permissions 

    to the data source (given that the query is safe)
    Omer Lachish committed Jan 31, 2019
    Configuration menu
    Copy the full SHA
    31e2238 View commit details
    Browse the repository at this point in the history

Commits on Feb 3, 2019

  1. Merge branch 'master' into use-textless-endpoint-for-pristine-queries

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    c93ed69 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'use-textless-endpoint-for-pristine-queries' into be-mor… 

    …e-permissive-when-parameters-are-safe
    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    d11e4e7 View commit details
    Browse the repository at this point in the history

  3. fix lint error - getDerivedStateFromProps should be placed after state

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    f858ca0 View commit details
    Browse the repository at this point in the history

  4. Merge branch 'fix-time-ago-lint' into be-more-permissive-when-paramet… 

    …ers-are-safe
    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    9bd2308 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'master' into use-textless-endpoint-for-pristine-queries

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    04a1adf View commit details
    Browse the repository at this point in the history

  6. Revert "use the textless endpoint (/api/queries/:id/results) for pris… 

    …tine"

This reverts commit cd2cee7.
    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    9fc9fcb View commit details
    Browse the repository at this point in the history

  7. move execution preparation to a different function, which will be soon 

    reused
    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    ab5eb8f View commit details
    Browse the repository at this point in the history

  8. go to textless /api/queries/:id/results by default

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    df4e9e4 View commit details
    Browse the repository at this point in the history

  9. let the query view decide if text or textless endpoint is needed

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    49c9a68 View commit details
    Browse the repository at this point in the history

  10. Merge branch 'use-textless-endpoint-for-pristine-queries' into be-mor… 

    …e-permissive-when-parameters-are-safe
    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    65e742c View commit details
    Browse the repository at this point in the history

  11. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    8716626 View commit details
    Browse the repository at this point in the history

  12. allow safe queries to be executed in the UI even if the user has no 

    permission to execute and create new query results
    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    d308a4d View commit details
    Browse the repository at this point in the history

  13. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    8807e6a View commit details
    Browse the repository at this point in the history

  14. change run_query's signature to accept a ParameterizedQuery instead of 

    constructing it inside
    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    6c385c0 View commit details
    Browse the repository at this point in the history

  15. use dict#get instead of a None guard

    Omer Lachish committed Feb 3, 2019
    Configuration menu
    Copy the full SHA
    4682368 View commit details
    Browse the repository at this point in the history

Commits on Feb 5, 2019

  1. use ParameterizedQuery in queries handler as well

    Omer Lachish committed Feb 5, 2019
    Configuration menu
    Copy the full SHA
    da45021 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 5, 2019
    Configuration menu
    Copy the full SHA
    5493f97 View commit details
    Browse the repository at this point in the history

Commits on Feb 6, 2019

  1. test that /queries/:id/results allows execution of safe queries even if 

    user has view_only permissions
    Omer Lachish committed Feb 6, 2019
    Configuration menu
    Copy the full SHA
    ae139fa View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 6, 2019
    Configuration menu
    Copy the full SHA
    c1b2d12 View commit details
    Browse the repository at this point in the history

  3. lint

    Omer Lachish committed Feb 6, 2019
    Configuration menu
    Copy the full SHA
    4518d12 View commit details
    Browse the repository at this point in the history

  4. raise HTTP 400 when receiving invalid parameter values. Fixes #3394

    Omer Lachish committed Feb 6, 2019
    Configuration menu
    Copy the full SHA
    2202403 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2019

  1. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 10, 2019
    Configuration menu
    Copy the full SHA
    926b679 View commit details
    Browse the repository at this point in the history

Commits on Feb 12, 2019

  1. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 12, 2019
    Configuration menu
    Copy the full SHA
    df62d8d View commit details
    Browse the repository at this point in the history

  2. remove unused methods

    Omer Lachish committed Feb 12, 2019
    Configuration menu
    Copy the full SHA
    ca08af3 View commit details
    Browse the repository at this point in the history

  3. avoid cyclic imports by importing only when needed

    Omer Lachish committed Feb 12, 2019
    Configuration menu
    Copy the full SHA
    c698a03 View commit details
    Browse the repository at this point in the history

Commits on Feb 17, 2019

  1. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 17, 2019
    Configuration menu
    Copy the full SHA
    97df888 View commit details
    Browse the repository at this point in the history

  2. verify that a ParameterizedQuery without any parameters is considered 

    safe
    Omer Lachish committed Feb 17, 2019
    Configuration menu
    Copy the full SHA
    fca4f1e View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2019

  1. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish authored Feb 21, 2019
    Configuration menu
    Copy the full SHA
    70ea5b9 View commit details
    Browse the repository at this point in the history

Commits on Feb 22, 2019

  1. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish authored Feb 22, 2019
    Configuration menu
    Copy the full SHA
    c66cfab View commit details
    Browse the repository at this point in the history

Commits on Feb 24, 2019

  1. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 24, 2019
    Configuration menu
    Copy the full SHA
    dc3f221 View commit details
    Browse the repository at this point in the history

  2. Merge branch 'be-more-permissive-when-parameters-are-safe' of github.… 

    …com:getredash/redash into be-more-permissive-when-parameters-are-safe
    Omer Lachish committed Feb 24, 2019
    Configuration menu
    Copy the full SHA
    8027ed2 View commit details
    Browse the repository at this point in the history

Commits on Feb 26, 2019

  1. Merge branch 'master' into be-more-permissive-when-parameters-are-safe

    Omer Lachish committed Feb 26, 2019
    Configuration menu
    Copy the full SHA
    65b6b2a View commit details
    Browse the repository at this point in the history

  2. introduce query.parameter_schema

    Omer Lachish committed Feb 26, 2019
    Configuration menu
    Copy the full SHA
    5bdab05 View commit details
    Browse the repository at this point in the history

  3. encapsulate ParameterizedQuery creation inside Query

    Omer Lachish committed Feb 26, 2019
    Configuration menu
    Copy the full SHA
    9d5e231 View commit details
    Browse the repository at this point in the history