Create queries for custom views, reports and queries#7650
Create queries for custom views, reports and queries#7650labkey-klum wants to merge 15 commits intodevelopfrom
Conversation
…ow handled in the update service for the CustomViewsTable.
labkey-adam
left a comment
labkey-adam
left a comment
There was a problem hiding this comment.
See questions about potential cross-container issues
| names.add(DOCUMENTS_TABLE_NAME); | ||
|
|
||
| if (getContainer().hasPermission(getUser(), AdminPermission.class)) | ||
| names.add(REPORTS_TABLE_NAME); |
There was a problem hiding this comment.
Totally fine for now. In the future, we might consider showing non-admins their own reports (and queries and views).
| } | ||
| } | ||
|
|
||
|
|
| Integer id = (Integer) oldRowMap.get("rowId"); | ||
| if (id != null) | ||
| { | ||
| var r = ReportService.get().getReport(container, id); |
There was a problem hiding this comment.
Claude flagged this as a possible cross-container delete issue. When deleting with a container filter applied, container is the request container, not the report's container, right? Should we change? Do we need to check permissions in the report's container as well?
There was a problem hiding this comment.
Yes, we need to use the container from the existing row map to resolve the container and then check the users permissions on that container.
| Integer id = (Integer)oldRowMap.get("customViewId"); | ||
| if (id != null) | ||
| { | ||
| var view = QueryManager.get().getCustomView(container, id); |
| protected Map<String, Object> deleteRow(User user, Container container, Map<String, Object> oldRowMap) throws SQLException, QueryUpdateServiceException, InvalidKeyException | ||
| { | ||
| var queryDef = QueryDefCache.getQueryDefById(container, (Integer)oldRowMap.get("queryDefId")); | ||
| if (queryDef != null) |
| @Override | ||
| protected Map<String, Object> _update(User user, Container container, Map<String, Object> row, Map<String, Object> oldRow, Object[] keys) throws SQLException, ValidationException | ||
| { | ||
| Integer id = (Integer) oldRow.get("customViewId"); |
There was a problem hiding this comment.
Get container from old row?
labkey-adam
left a comment
labkey-adam
left a comment
There was a problem hiding this comment.
Manual testing verifies those cross-container issues are present. For example, apply a folder filter and attempt to delete a report that's outside the request folder.
Give it another try, I think I've addressed all of those cross folder issues. |
2 participants
Rationale
Tracking issue : https://github.com/LabKey/internal-issues/issues/1078
This PR introduces admin-only queries to replace (or create) standard LabKey table infos for : custom views, reports and queries. Details include:
queryschema that's available to admins only.query.CustomViewstable that exposes that table (shared and private views).query.Queirestable that exposes the querydef table.core.Reportstable that exposes the reports table, also restricted to admins.