mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-24 16:18:42 -05:00
1833b43ae2
Upon saving a badge or requesting a badge result preview, BadgeGranter.contract_checks! will examine the provided badge SQL for some contractual obligations - namely, the returned columns and use of trigger parameters. Saving the badge is wrapped in a transaction to make this easier, by raising ActiveRecord::Rollback on a detected violation. On the client, a modal view is added for the badge query sample run results, named admin-badge-preview. The preview action is moved up to the route. The save action, on failure, triggers a 'saveError' action (also in the route). The preview action gains a new parameter, 'explain', which will give the output of an EXPLAIN query for the badge sql, which can be used by forum admins to estimate the cost of their badge queries. The preview link is replaced by two links, one which omits (false) and includes (true) the EXPLAIN query. The Badge.save() method is amended to propogate errors. Badge::Trigger gets some utility methods for use in the BadgeGranter.contract_checks! method. Additionally, extra checks outside of BadgeGranter.contract_checks! are added in the preview() method, to cover cases of null granted_at columns. An uninitialized variable path is removed in the backfill() method. TODO - it would be nice to be able to get the actual names of all columns the provided query returns, so we could give more errors
106 lines
2.8 KiB
Ruby
106 lines
2.8 KiB
Ruby
class Admin::BadgesController < Admin::AdminController
|
|
|
|
def index
|
|
data = {
|
|
badge_types: BadgeType.all.order(:id).to_a,
|
|
badge_groupings: BadgeGrouping.all.order(:position).to_a,
|
|
badges: Badge.includes(:badge_grouping)
|
|
.references(:badge_grouping)
|
|
.order('badge_groupings.position, badge_type_id, badges.name').to_a,
|
|
protected_system_fields: Badge.protected_system_fields,
|
|
triggers: Badge.trigger_hash
|
|
}
|
|
render_serialized(OpenStruct.new(data), AdminBadgesSerializer)
|
|
end
|
|
|
|
def preview
|
|
render json: BadgeGranter.preview(params[:sql],
|
|
target_posts: params[:target_posts] == "true",
|
|
explain: params[:explain] == "true",
|
|
trigger: params[:trigger].to_i)
|
|
end
|
|
|
|
def badge_types
|
|
badge_types = BadgeType.all.to_a
|
|
render_serialized(badge_types, BadgeTypeSerializer, root: "badge_types")
|
|
end
|
|
|
|
def save_badge_groupings
|
|
|
|
badge_groupings = BadgeGrouping.all.order(:position).to_a
|
|
ids = params[:ids].map(&:to_i)
|
|
|
|
params[:names].each_with_index do |name,index|
|
|
id = ids[index].to_i
|
|
group = badge_groupings.find{|b| b.id == id} || BadgeGrouping.new()
|
|
group.name = name
|
|
group.position = index
|
|
group.save
|
|
end
|
|
|
|
badge_groupings.each do |g|
|
|
g.destroy unless g.system? || ids.include?(g.id)
|
|
end
|
|
|
|
badge_groupings = BadgeGrouping.all.order(:position).to_a
|
|
render_serialized(badge_groupings, BadgeGroupingSerializer, root: "badge_groupings")
|
|
end
|
|
|
|
def create
|
|
badge = Badge.new
|
|
update_badge_from_params(badge)
|
|
badge.id = nil
|
|
badge.save!
|
|
render_serialized(badge, BadgeSerializer, root: "badge")
|
|
end
|
|
|
|
def update
|
|
badge = find_badge
|
|
|
|
error = nil
|
|
Badge.transaction do
|
|
update_badge_from_params(badge)
|
|
|
|
# Perform checks to prevent bad queries
|
|
begin
|
|
BadgeGranter.contract_checks!(badge.query, { target_posts: badge.target_posts, trigger: badge.trigger })
|
|
rescue => e
|
|
# noinspection RubyUnusedLocalVariable
|
|
error = e.message
|
|
raise ActiveRecord::Rollback
|
|
end
|
|
|
|
badge.save!
|
|
end
|
|
|
|
if error
|
|
render_json_error error
|
|
else
|
|
render_serialized(badge, BadgeSerializer, root: "badge")
|
|
end
|
|
end
|
|
|
|
def destroy
|
|
find_badge.destroy
|
|
render nothing: true
|
|
end
|
|
|
|
private
|
|
def find_badge
|
|
params.require(:id)
|
|
Badge.find(params[:id])
|
|
end
|
|
|
|
def update_badge_from_params(badge)
|
|
allowed = Badge.column_names.map(&:to_sym)
|
|
allowed -= [:id, :created_at, :updated_at, :grant_count]
|
|
allowed -= Badge.protected_system_fields if badge.system?
|
|
params.permit(*allowed)
|
|
|
|
allowed.each do |key|
|
|
badge.send("#{key}=" , params[key]) if params[key]
|
|
end
|
|
|
|
badge
|
|
end
|
|
end
|