def test_default_blacklist_prevents_deletes(self): r = SimpleQueryFactory(sql="SELECT 1+1 AS \"DELETE\";") fn = generate_report_action() result = fn(None, None, [ r, ]) self.assertEqual(result.content.decode('utf-8'), '0')
def test_packaging_removes_commas_from_file_name(self): expected = 'attachment; filename=query for x y.csv' q = SimpleQueryFactory(title='query for x, y') fn = generate_report_action() res = fn(None, None, [q]) self.assertEqual(res['Content-Disposition'], expected)
def test_single_query_is_csv_file(self): expected_csv = b'two\r\n2\r\n' r = SimpleQueryFactory() fn = generate_report_action() result = fn(None, None, [r, ]) self.assertEqual(result.content.lower(), expected_csv)
def download_query(request, query_id): query = get_object_or_404(Query, pk=query_id) query.params = url_get_params(request) fn = generate_report_action() return fn(None, None, [ query, ])
def test_overriding_blacklist(self): app_settings.EXPLORER_SQL_BLACKLIST = [] r = SimpleQueryFactory(sql="SELECT 1+1 AS \"DELETE\";") fn = generate_report_action() result = fn(None, None, [ r, ]) self.assertEqual(result.content, b'DELETE\r\n2\r\n')
def csv_from_sql(request): sql = request.POST.get('sql', None) if not sql: return PlayQueryView.render(request) query = Query(sql=sql) query.params = url_get_params(request) fn = generate_report_action() return fn(None, None, [query, ])
class QueryAdmin(admin.ModelAdmin): list_display = ( 'title', 'description', 'created_by_user', ) list_filter = ('title', ) raw_id_fields = ('created_by_user', ) actions = [generate_report_action()]
def csv_from_sql(request): sql = request.POST.get('sql', None) if not sql: return PlayQueryView.render(request) query = Query(sql=sql) query.params = url_get_params(request) fn = generate_report_action() return fn(None, None, [ query, ])
class QueryAdmin(admin.ModelAdmin): list_display = ( 'title', 'description', ) list_filter = ( 'title', 'description', ) actions = [generate_report_action()]
def test_multiple_queries_are_zip_file(self): expected_csv = 'two\r\n2\r\n' q = SimpleQueryFactory() q2 = SimpleQueryFactory() fn = generate_report_action() res = fn(None, None, [q, q2]) z = ZipFile(io.BytesIO(res.content)) got_csv = z.read(z.namelist()[0]) self.assertEqual(len(z.namelist()), 2) self.assertEqual(z.namelist()[0], '%s.csv' % q.title) self.assertEqual(got_csv.lower().decode('utf-8'), expected_csv)
def test_multiple_queries_are_zip_file(self): expected_csv = 'two\r\n2\r\n' q = SimpleQueryFactory() q2 = SimpleQueryFactory() fn = generate_report_action() res = fn(None, None, [q, q2]) z = ZipFile(StringIO.StringIO(res.content)) got_csv = z.read(z.namelist()[0]) self.assertEqual(len(z.namelist()), 2) self.assertEqual(z.namelist()[0], '%s.csv' % q.title) self.assertEqual(got_csv.lower(), expected_csv)
def test_multiple_queries_are_zip_file(self): expected_csv = 'two\r\n2\r\n' q = SimpleQueryFactory() q2 = SimpleQueryFactory() fn = generate_report_action() res = fn(None, None, [q, q2]) z = ZipFile(io.BytesIO(res.content)) got_csv = z.read(z.namelist()[0]) self.assertEqual(len(z.namelist()), 2) self.assertEqual(z.namelist()[0], f'{q.title}.csv') self.assertEqual(got_csv.lower().decode('utf-8-sig'), expected_csv)
def download_query(request, query_id): query = get_object_or_404(Query, pk=query_id) query.params = url_get_params(request) fn = generate_report_action() return fn(None, None, [query, ])
def test_default_blacklist_prevents_deletes(self): r = SimpleQueryFactory(sql="SELECT 1+1 AS \"DELETE\";") fn = generate_report_action() result = fn(None, None, [r, ]) self.assertEqual(result.content.decode('utf-8'), '0')
def test_default_blacklist_prevents_deletes(self): r = SimpleQueryFactory(sql='SELECT 1+1 AS "DELETE";') fn = generate_report_action() result = fn(None, None, [r]) self.assertEqual(result.content.decode("utf-8"), "0")
def test_overriding_blacklist(self): app_settings.EXPLORER_SQL_BLACKLIST = [] r = SimpleQueryFactory(sql="SELECT 1+1 AS \"DELETE\";") fn = generate_report_action() result = fn(None, None, [r, ]) self.assertEqual(result.content, b'DELETE\r\n2\r\n')
class QueryAdmin(admin.ModelAdmin): list_display = ('title', 'description', 'created_by', 'sql', 'is_public', 'last_run_date') list_filter = ('title', ) actions = [generate_report_action()]