discourse/app/controllers/admin/badges_controller.rb
riking 1833b43ae2 FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.

Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.

On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).

The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.

The Badge.save() method is amended to propogate errors.

Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.

Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.

An uninitialized variable path is removed in the backfill() method.

TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00

106 lines
2.8 KiB
Ruby

class Admin::BadgesController < Admin::AdminController
def index
data = {
badge_types: BadgeType.all.order(:id).to_a,
badge_groupings: BadgeGrouping.all.order(:position).to_a,
badges: Badge.includes(:badge_grouping)
.references(:badge_grouping)
.order('badge_groupings.position, badge_type_id, badges.name').to_a,
protected_system_fields: Badge.protected_system_fields,
triggers: Badge.trigger_hash
}
render_serialized(OpenStruct.new(data), AdminBadgesSerializer)
end
def preview
render json: BadgeGranter.preview(params[:sql],
target_posts: params[:target_posts] == "true",
explain: params[:explain] == "true",
trigger: params[:trigger].to_i)
end
def badge_types
badge_types = BadgeType.all.to_a
render_serialized(badge_types, BadgeTypeSerializer, root: "badge_types")
end
def save_badge_groupings
badge_groupings = BadgeGrouping.all.order(:position).to_a
ids = params[:ids].map(&:to_i)
params[:names].each_with_index do |name,index|
id = ids[index].to_i
group = badge_groupings.find{|b| b.id == id} || BadgeGrouping.new()
group.name = name
group.position = index
group.save
end
badge_groupings.each do |g|
g.destroy unless g.system? || ids.include?(g.id)
end
badge_groupings = BadgeGrouping.all.order(:position).to_a
render_serialized(badge_groupings, BadgeGroupingSerializer, root: "badge_groupings")
end
def create
badge = Badge.new
update_badge_from_params(badge)
badge.id = nil
badge.save!
render_serialized(badge, BadgeSerializer, root: "badge")
end
def update
badge = find_badge
error = nil
Badge.transaction do
update_badge_from_params(badge)
# Perform checks to prevent bad queries
begin
BadgeGranter.contract_checks!(badge.query, { target_posts: badge.target_posts, trigger: badge.trigger })
rescue => e
# noinspection RubyUnusedLocalVariable
error = e.message
raise ActiveRecord::Rollback
end
badge.save!
end
if error
render_json_error error
else
render_serialized(badge, BadgeSerializer, root: "badge")
end
end
def destroy
find_badge.destroy
render nothing: true
end
private
def find_badge
params.require(:id)
Badge.find(params[:id])
end
def update_badge_from_params(badge)
allowed = Badge.column_names.map(&:to_sym)
allowed -= [:id, :created_at, :updated_at, :grant_count]
allowed -= Badge.protected_system_fields if badge.system?
params.permit(*allowed)
allowed.each do |key|
badge.send("#{key}=" , params[key]) if params[key]
end
badge
end
end