Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Row action linking to update SQL #11

Merged
merged 14 commits into from
Sep 4, 2024
Merged

Row action linking to update SQL #11

merged 14 commits into from
Sep 4, 2024

Conversation

simonw
Copy link
Owner

@simonw simonw commented Mar 18, 2024

Refs:

Still needed:

  • Automated tests
  • Manually test that the null handling works and makes sense
  • Sign the redirect_to argument to prevent abuse
  • Solution for if there are columns called sql or database or redirect_to - avoid clashes in query string parameters
  • Smarter detection of fields that should be textareas, see comment Row action item for "Update using SQL" #10 (comment) skipped for scope creep

"tables": tables,
"views": views,
"redirect_to": request.args.get("_redirect_to")
or "", # TODO: Sign this
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's the TODO mentioning that redirect_to should be signed

@simonw
Copy link
Owner Author

simonw commented Mar 18, 2024

Demo so far:

row-action-prototype

@simonw
Copy link
Owner Author

simonw commented Sep 3, 2024

I decided to pass ?_title=... as a signed parameter too - if that's present it shows that title and hides the SQL behind a <details> thing like this:

CleanShot 2024-09-03 at 14 25 54@2x

Additionally, the primary key columns used to look up the value to edit are now sent as ?id_hidden=... and are hidden on that page.

@simonw simonw marked this pull request as ready for review September 4, 2024 04:43
@simonw simonw merged commit 4bfd318 into main Sep 4, 2024
20 checks passed
@simonw simonw deleted the update-row-action branch September 4, 2024 04:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant