Commit graph

17 commits

Author SHA1 Message Date
Sam
c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Guo Xiang Tan
983d64fd56 PERF: N+1 query on badges index. 2016-04-12 17:45:02 +08:00
Robin Ward
0cbdf6f5bb FIX: Many bugs with admin badges interface
* Editing a badge's title would show it as changed in the side even if
  you didn't hit save

* Clicking a badge would not scroll to the top

* If there was an error saving a badge there was a missing i18n key

* URLs were using queryParams instead of paths

* User `label` tags for checkboxes for larger click targets

* Saved! text would persist when viewing another badge

* After creating a new badge it would show nothing

* Validation errors were not being properly released to the client

* Query errors were surrounded by an extra array
2014-10-17 16:14:49 -04:00
riking
3cf493eb4f FIX: Apply contract checks when first creating a badge 2014-09-02 19:09:51 -07:00
riking
1833b43ae2 FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.

Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.

On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).

The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.

The Badge.save() method is amended to propogate errors.

Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.

Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.

An uninitialized variable path is removed in the backfill() method.

TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
Sam
0b01310c84 FIX: system badges where created under id 100 2014-08-06 10:51:39 +10:00
Sam
5a3466a6c3 FIX: keep correct ordering on admin badges 2014-07-30 08:46:59 +10:00
Sam
1a6aa07611 FEATURE: editable badge groups 2014-07-27 18:22:01 +10:00
Sam
ec03d135fa FEATURE: allow advanced badge options in admin screen
clean up serializer, allow simplistic preview
2014-07-24 18:28:23 +10:00
Sam
b9a7d945c3 Improve badge grouping UI
Start work on triggers
2014-07-23 11:43:17 +10:00
Sam
88469721b9 FEATURE: Allow admins to disable specific badges 2014-07-14 17:40:36 +10:00
Sam
6bbb083d47 FEATURE: support "unlisted" badges. 2014-07-03 17:44:36 +10:00
Vikhyat Korrapati
e0fd1f6f5e Add ability to specify custom font awesome icon for badges. 2014-06-19 16:56:18 +05:30
Vikhyat Korrapati
d208e4d517 Multiple grant badges. 2014-05-21 12:54:55 +05:30
Vikhyat Korrapati
b4e037dfb2 Allow badges to be marked as "titleable". 2014-04-28 10:30:38 +05:30
Vikhyat Korrapati
acfcf0b64e Add /badges route that lists all defined badges. 2014-04-16 18:42:06 +05:30
Vikhyat Korrapati
9b26c8584e Initial badge system implementation. 2014-03-14 21:49:26 +05:30