async def template_data(): display_columns, display_rows = await self.display_columns_and_rows( database, table, results.description, rows, link_column=False, truncate_cells=0, ) for column in display_columns: column["sortable"] = False return { "foreign_key_tables": await self.foreign_key_tables( database, table, pk_values ), "display_columns": display_columns, "display_rows": display_rows, "custom_table_templates": [ "_table-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table-row-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table.html", ], "metadata": (self.ds.metadata("databases") or {}) .get(database, {}) .get("tables", {}) .get(table, {}), }
async def extra_template(): display_columns, display_rows = await self.display_columns_and_rows( database, table, results.description, rows, link_column=not is_view, truncate_cells=self.ds.config("truncate_cells_html"), ) metadata = ( (self.ds.metadata("databases") or {}) .get(database, {}) .get("tables", {}) .get(table, {}) ) self.ds.update_with_inherited_metadata(metadata) form_hidden_args = [] for arg in ("_fts_table", "_fts_pk"): if arg in special_args: form_hidden_args.append((arg, special_args[arg])) if request.args.get("_where"): for where_text in request.args["_where"]: form_hidden_args.append(("_where", where_text)) return { "supports_search": bool(fts_table), "search": search or "", "use_rowid": use_rowid, "filters": filters, "display_columns": display_columns, "filter_columns": columns, "display_rows": display_rows, "facets_timed_out": facets_timed_out, "sorted_facet_results": sorted( facet_results.values(), key=lambda f: (len(f["results"]), f["name"]), reverse=True, ), "extra_wheres_for_ui": extra_wheres_for_ui, "form_hidden_args": form_hidden_args, "is_sortable": any(c["sortable"] for c in display_columns), "path_with_replaced_args": path_with_replaced_args, "path_with_removed_args": path_with_removed_args, "append_querystring": append_querystring, "request": request, "sort": sort, "sort_desc": sort_desc, "disable_sort": is_view, "custom_table_templates": [ "_table-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table-table-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table.html", ], "metadata": metadata, "view_definition": await db.get_view_definition(table), "table_definition": await db.get_table_definition(table), }
async def template_data(): display_columns, display_rows = await self.display_columns_and_rows( name, table, results.description, rows, link_column=False, ) for column in display_columns: column["sortable"] = False return { "database_hash": hash, "foreign_key_tables": await self.foreign_key_tables( name, table, pk_values ), "display_columns": display_columns, "display_rows": display_rows, "custom_rows_and_columns_templates": [ "_rows_and_columns-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns-row-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns.html", ], "metadata": self.ds.metadata.get("databases", {}).get(name, {}).get( "tables", {} ).get( table, {} ), }
async def custom_sql(self, request, name, hash, sql, editable=True, canned_query=None): params = request.raw_args if "sql" in params: params.pop("sql") if "_shape" in params: params.pop("_shape") # Extract any :named parameters named_parameters = self.re_named_parameter.findall(sql) named_parameter_values = { named_parameter: params.get(named_parameter) or "" for named_parameter in named_parameters } # Set to blank string if missing from params for named_parameter in named_parameters: if named_parameter not in params: params[named_parameter] = "" extra_args = {} if params.get("_timelimit"): extra_args["custom_time_limit"] = int(params["_timelimit"]) rows, truncated, description = await self.execute(name, sql, params, truncate=True, **extra_args) columns = [r[0] for r in description] templates = ["query-{}.html".format(to_css_class(name)), "query.html"] if canned_query: templates.insert( 0, "query-{}-{}.html".format(to_css_class(name), to_css_class(canned_query)), ) return { "database": name, "rows": rows, "truncated": truncated, "columns": columns, "query": { "sql": sql, "params": params }, }, { "database_hash": hash, "custom_sql": True, "named_parameter_values": named_parameter_values, "editable": editable, "canned_query": canned_query, }, templates
async def extra_template(): display_columns, display_rows = await self.display_columns_and_rows( name, table, description, rows, link_column=not is_view, expand_foreign_keys=True, ) metadata = self.ds.metadata.get("databases", {}).get(name, {}).get("tables", {}).get(table, {}) self.ds.update_with_inherited_metadata(metadata) return { "database_hash": hash, "supports_search": bool(fts_table), "search": search or "", "use_rowid": use_rowid, "filters": filters, "display_columns": display_columns, "filter_columns": filter_columns, "display_rows": display_rows, "is_sortable": any(c["sortable"] for c in display_columns), "path_with_added_args": path_with_added_args, "request": request, "sort": sort, "sort_desc": sort_desc, "disable_sort": is_view, "custom_rows_and_columns_templates": [ "_rows_and_columns-{}-{}.html".format( to_css_class(name), to_css_class(table)), "_rows_and_columns-table-{}-{}.html".format( to_css_class(name), to_css_class(table)), "_rows_and_columns.html", ], "metadata": metadata, }
async def extra_template(): display_columns, display_rows = await self.display_columns_and_rows( name, table, results.description, rows, link_column=not is_view, ) metadata = self.ds.metadata.get("databases", {}).get(name, {}).get( "tables", {} ).get( table, {} ) self.ds.update_with_inherited_metadata(metadata) return { "database_hash": hash, "supports_search": bool(fts_table), "search": search or "", "use_rowid": use_rowid, "filters": filters, "display_columns": display_columns, "filter_columns": filter_columns, "display_rows": display_rows, "facets_timed_out": facets_timed_out, "sorted_facet_results": sorted( facet_results.values(), key=lambda f: (len(f["results"]), f["name"]), reverse=True ), "facet_hideable": lambda facet: facet not in metadata_facets, "is_sortable": any(c["sortable"] for c in display_columns), "path_with_replaced_args": path_with_replaced_args, "path_with_removed_args": path_with_removed_args, "append_querystring": append_querystring, "request": request, "sort": sort, "sort_desc": sort_desc, "disable_sort": is_view, "custom_rows_and_columns_templates": [ "_rows_and_columns-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns-table-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns.html", ], "metadata": metadata, "view_definition": await self.ds.get_view_definition(name, table), "table_definition": await self.ds.get_table_definition(name, table), }
async def get(self, request, db_name, table, pk_path, column): await self.check_permissions( request, [ ("view-table", (db_name, table)), ("view-database", db_name), "view-instance", ], ) try: db = self.ds.get_database(db_name) except KeyError: raise NotFound("Database {} does not exist".format(db_name)) if not await db.table_exists(table): raise NotFound("Table {} does not exist".format(table)) # Ensure the column exists and is of type BLOB column_types = { c.name: c.type for c in await db.table_column_details(table) } if column not in column_types: raise NotFound("Table {} does not have column {}".format( table, column)) if column_types[column].upper() not in ("BLOB", ""): raise NotFound( "Table {} does not have column {} of type BLOB".format( table, column)) # Ensure the row exists for the pk_path pk_values = urlsafe_components(pk_path) sql, params, _ = await _sql_params_pks(db, table, pk_values) results = await db.execute(sql, params, truncate=True) rows = list(results.rows) if not rows: raise NotFound("Record not found: {}".format(pk_values)) # Serve back the binary data filename_bits = [to_css_class(table), pk_path, to_css_class(column)] filename = "-".join(filename_bits) + ".blob" headers = { "X-Content-Type-Options": "nosniff", "Content-Disposition": 'attachment; filename="{}"'.format(filename), } return Response( body=rows[0][column], status=200, headers=headers, content_type="application/binary", )
async def data(self, request, database, hash, default_labels=False, _size=None): if request.args.get("sql"): if not self.ds.config("allow_sql"): raise DatasetteError("sql= is not allowed", status=400) sql = request.raw_args.pop("sql") validate_sql_select(sql) return await self.custom_sql(request, database, hash, sql, _size=_size) info = self.ds.inspect()[database] metadata = (self.ds.metadata("databases") or {}).get(database, {}) self.ds.update_with_inherited_metadata(metadata) tables = list(info["tables"].values()) tables.sort(key=lambda t: (t["hidden"], t["name"])) return { "database": database, "size": info["size"], "tables": tables, "hidden_count": len([t for t in tables if t["hidden"]]), "views": info["views"], "queries": self.ds.get_canned_queries(database), }, { "show_hidden": request.args.get("_show_hidden"), "editable": True, "metadata": metadata, }, ("database-{}.html".format(to_css_class(database)), "database.html")
async def data(self, request, name, hash): if request.args.get("sql"): if not self.ds.config["allow_sql"]: raise DatasetteError("sql= is not allowed", status=400) sql = request.raw_args.pop("sql") validate_sql_select(sql) return await self.custom_sql(request, name, hash, sql) info = self.ds.inspect()[name] metadata = self.ds.metadata.get("databases", {}).get(name, {}) self.ds.update_with_inherited_metadata(metadata) tables = list(info["tables"].values()) tables.sort(key=lambda t: (t["hidden"], t["name"])) return { "database": name, "tables": tables, "hidden_count": len([t for t in tables if t["hidden"]]), "views": info["views"], "queries": [{ "name": query_name, "sql": query_sql } for query_name, query_sql in ( metadata.get("queries") or {}).items()], "config": self.ds.config, }, { "database_hash": hash, "show_hidden": request.args.get("_show_hidden"), "editable": True, "metadata": metadata, }, ("database-{}.html".format(to_css_class(name)), "database.html")
async def render_blob(datasette, database, rows, columns, request, table, view_name): if _BLOB_COLUMN not in request.args: raise BadRequest(f"?{_BLOB_COLUMN}= is required") blob_column = request.args[_BLOB_COLUMN] if blob_column not in columns: raise BadRequest(f"{blob_column} is not a valid column") # If ?_blob_hash= provided, use that to select the row - otherwise use first row blob_hash = None if _BLOB_HASH in request.args: blob_hash = request.args[_BLOB_HASH] for row in rows: value = row[blob_column] if hashlib.sha256(value).hexdigest() == blob_hash: break else: # Loop did not break raise BadRequest( "Link has expired - the requested binary content has changed or could not be found." ) else: row = rows[0] value = row[blob_column] filename_bits = [] if table: filename_bits.append(to_css_class(table)) if "pk_path" in request.url_vars: filename_bits.append(request.url_vars["pk_path"]) filename_bits.append(to_css_class(blob_column)) if blob_hash: filename_bits.append(blob_hash[:6]) filename = "-".join(filename_bits) + ".blob" headers = { "X-Content-Type-Options": "nosniff", "Content-Disposition": f'attachment; filename="{filename}"', } return Response( body=value or b"", status=200, headers=headers, content_type="application/binary", )
async def data(self, request, database, hash, default_labels=False, _size=None): metadata = (self.ds.metadata("databases") or {}).get(database, {}) self.ds.update_with_inherited_metadata(metadata) if request.args.get("sql"): if not self.ds.config("allow_sql"): raise DatasetteError("sql= is not allowed", status=400) sql = request.raw_args.pop("sql") validate_sql_select(sql) return await QueryView(self.ds).data( request, database, hash, sql, _size=_size, metadata=metadata ) db = self.ds.databases[database] table_counts = await db.table_counts(5) views = await db.view_names() hidden_table_names = set(await db.hidden_table_names()) all_foreign_keys = await db.get_all_foreign_keys() tables = [] for table in table_counts: table_columns = await db.table_columns(table) tables.append( { "name": table, "columns": table_columns, "primary_keys": await db.primary_keys(table), "count": table_counts[table], "hidden": table in hidden_table_names, "fts_table": await db.fts_table(table), "foreign_keys": all_foreign_keys[table], } ) tables.sort(key=lambda t: (t["hidden"], t["name"])) return ( { "database": database, "size": db.size, "tables": tables, "hidden_count": len([t for t in tables if t["hidden"]]), "views": views, "queries": self.ds.get_canned_queries(database), }, { "show_hidden": request.args.get("_show_hidden"), "editable": True, "metadata": metadata, "allow_download": self.ds.config("allow_download") and not db.is_mutable and database != ":memory:", }, ("database-{}.html".format(to_css_class(database)), "database.html"), )
async def data(self, request, database, hash, default_labels=False, _size=None): await self.check_permissions( request, [ ("view-database", database), "view-instance", ], ) metadata = (self.ds.metadata("databases") or {}).get(database, {}) self.ds.update_with_inherited_metadata(metadata) if request.args.get("sql"): sql = request.args.get("sql") validate_sql_select(sql) return await QueryView(self.ds).data(request, database, hash, sql, _size=_size, metadata=metadata) db = self.ds.databases[database] table_counts = await db.table_counts(5) hidden_table_names = set(await db.hidden_table_names()) all_foreign_keys = await db.get_all_foreign_keys() views = [] for view_name in await db.view_names(): visible, private = await check_visibility( self.ds, request.actor, "view-table", (database, view_name), ) if visible: views.append({ "name": view_name, "private": private, }) tables = [] for table in table_counts: visible, private = await check_visibility( self.ds, request.actor, "view-table", (database, table), ) if not visible: continue table_columns = await db.table_columns(table) tables.append({ "name": table, "columns": table_columns, "primary_keys": await db.primary_keys(table), "count": table_counts[table], "hidden": table in hidden_table_names, "fts_table": await db.fts_table(table), "foreign_keys": all_foreign_keys[table], "private": private, }) tables.sort(key=lambda t: (t["hidden"], t["name"])) canned_queries = [] for query in (await self.ds.get_canned_queries(database, request.actor)).values(): visible, private = await check_visibility( self.ds, request.actor, "view-query", (database, query["name"]), ) if visible: canned_queries.append(dict(query, private=private)) return ( { "database": database, "size": db.size, "tables": tables, "hidden_count": len([t for t in tables if t["hidden"]]), "views": views, "queries": canned_queries, "private": not await self.ds.permission_allowed( None, "view-database", database, default=True), "allow_execute_sql": await self.ds.permission_allowed(request.actor, "execute-sql", database, default=True), }, { "show_hidden": request.args.get("_show_hidden"), "editable": True, "metadata": metadata, "allow_download": self.ds.config("allow_download") and not db.is_mutable and database != ":memory:", }, ("database-{}.html".format(to_css_class(database)), "database.html"), )
async def data( self, request, database, hash, sql, editable=True, canned_query=None, metadata=None, _size=None, named_parameters=None, write=False, ): params = {key: request.args.get(key) for key in request.args} if "sql" in params: params.pop("sql") if "_shape" in params: params.pop("_shape") private = False if canned_query: # Respect canned query permissions await self.check_permissions( request, [ ("view-query", (database, canned_query)), ("view-database", database), "view-instance", ], ) private = not await self.ds.permission_allowed( None, "view-query", (database, canned_query), default=True) else: await self.check_permission(request, "execute-sql", database) # Extract any :named parameters named_parameters = named_parameters or self.re_named_parameter.findall( sql) named_parameter_values = { named_parameter: params.get(named_parameter) or "" for named_parameter in named_parameters if not named_parameter.startswith("_") } # Set to blank string if missing from params for named_parameter in named_parameters: if named_parameter not in params and not named_parameter.startswith( "_"): params[named_parameter] = "" extra_args = {} if params.get("_timelimit"): extra_args["custom_time_limit"] = int(params["_timelimit"]) if _size: extra_args["page_size"] = _size templates = [ "query-{}.html".format(to_css_class(database)), "query.html" ] # Execute query - as write or as read if write: if request.method == "POST": body = await request.post_body() body = body.decode("utf-8").strip() if body.startswith("{") and body.endswith("}"): params = json.loads(body) # But we want key=value strings for key, value in params.items(): params[key] = str(value) else: params = dict(parse_qsl(body, keep_blank_values=True)) # Should we return JSON? should_return_json = (request.headers.get("accept") == "application/json" or request.args.get("_json") or params.get("_json")) if canned_query: params_for_query = MagicParameters(params, request, self.ds) else: params_for_query = params ok = None try: cursor = await self.ds.databases[database].execute_write( sql, params_for_query, block=True) message = metadata.get( "on_success_message" ) or "Query executed, {} row{} affected".format( cursor.rowcount, "" if cursor.rowcount == 1 else "s") message_type = self.ds.INFO redirect_url = metadata.get("on_success_redirect") ok = True except Exception as e: message = metadata.get("on_error_message") or str(e) message_type = self.ds.ERROR redirect_url = metadata.get("on_error_redirect") ok = False if should_return_json: return Response.json({ "ok": ok, "message": message, "redirect": redirect_url, }) else: self.ds.add_message(request, message, message_type) return self.redirect(request, redirect_url or request.path) else: async def extra_template(): return { "request": request, "path_with_added_args": path_with_added_args, "path_with_removed_args": path_with_removed_args, "named_parameter_values": named_parameter_values, "canned_query": canned_query, "success_message": request.args.get("_success") or "", "canned_write": True, } return ( { "database": database, "rows": [], "truncated": False, "columns": [], "query": { "sql": sql, "params": params }, "private": private, }, extra_template, templates, ) else: # Not a write if canned_query: params_for_query = MagicParameters(params, request, self.ds) else: params_for_query = params results = await self.ds.execute(database, sql, params_for_query, truncate=True, **extra_args) columns = [r[0] for r in results.description] if canned_query: templates.insert( 0, "query-{}-{}.html".format(to_css_class(database), to_css_class(canned_query)), ) allow_execute_sql = await self.ds.permission_allowed(request.actor, "execute-sql", database, default=True) async def extra_template(): display_rows = [] for row in results.rows: display_row = [] for column, value in zip(results.columns, row): display_value = value # Let the plugins have a go # pylint: disable=no-member plugin_value = pm.hook.render_cell( value=value, column=column, table=None, database=database, datasette=self.ds, ) if plugin_value is not None: display_value = plugin_value else: if value in ("", None): display_value = jinja2.Markup(" ") elif is_url(str(display_value).strip()): display_value = jinja2.Markup( '<a href="{url}">{url}</a>'.format( url=jinja2.escape(value.strip()))) display_row.append(display_value) display_rows.append(display_row) # Show 'Edit SQL' button only if: # - User is allowed to execute SQL # - SQL is an approved SELECT statement # - No magic parameters, so no :_ in the SQL string edit_sql_url = None is_validated_sql = False try: validate_sql_select(sql) is_validated_sql = True except InvalidSql: pass if allow_execute_sql and is_validated_sql and ":_" not in sql: edit_sql_url = (self.database_url(database) + "?" + urlencode({ **{ "sql": sql, }, **named_parameter_values, })) return { "display_rows": display_rows, "custom_sql": True, "named_parameter_values": named_parameter_values, "editable": editable, "canned_query": canned_query, "edit_sql_url": edit_sql_url, "metadata": metadata, "config": self.ds.config_dict(), "request": request, "path_with_added_args": path_with_added_args, "path_with_removed_args": path_with_removed_args, "hide_sql": "_hide_sql" in params, } return ( { "database": database, "query_name": canned_query, "rows": results.rows, "truncated": results.truncated, "columns": columns, "query": { "sql": sql, "params": params }, "private": private, "allow_execute_sql": allow_execute_sql, }, extra_template, templates, )
async def data( self, request, database, hash, sql, editable=True, canned_query=None, metadata=None, _size=None, named_parameters=None, write=False, ): params = {key: request.args.get(key) for key in request.args} if "sql" in params: params.pop("sql") if "_shape" in params: params.pop("_shape") private = False if canned_query: # Respect canned query permissions await self.check_permissions( request, [ ("view-query", (database, canned_query)), ("view-database", database), "view-instance", ], ) private = not await self.ds.permission_allowed( None, "view-query", (database, canned_query), default=True) else: await self.check_permission(request, "execute-sql", database) # Extract any :named parameters named_parameters = named_parameters or self.re_named_parameter.findall( sql) named_parameter_values = { named_parameter: params.get(named_parameter) or "" for named_parameter in named_parameters if not named_parameter.startswith("_") } # Set to blank string if missing from params for named_parameter in named_parameters: if named_parameter not in params and not named_parameter.startswith( "_"): params[named_parameter] = "" extra_args = {} if params.get("_timelimit"): extra_args["custom_time_limit"] = int(params["_timelimit"]) if _size: extra_args["page_size"] = _size templates = [ "query-{}.html".format(to_css_class(database)), "query.html" ] # Execute query - as write or as read if write: if request.method == "POST": params = await request.post_vars() if canned_query: params_for_query = MagicParameters(params, request, self.ds) else: params_for_query = params try: cursor = await self.ds.databases[database].execute_write( sql, params_for_query, block=True) message = metadata.get( "on_success_message" ) or "Query executed, {} row{} affected".format( cursor.rowcount, "" if cursor.rowcount == 1 else "s") message_type = self.ds.INFO redirect_url = metadata.get("on_success_redirect") except Exception as e: message = metadata.get("on_error_message") or str(e) message_type = self.ds.ERROR redirect_url = metadata.get("on_error_redirect") self.ds.add_message(request, message, message_type) return self.redirect(request, redirect_url or request.path) else: async def extra_template(): return { "request": request, "path_with_added_args": path_with_added_args, "path_with_removed_args": path_with_removed_args, "named_parameter_values": named_parameter_values, "canned_query": canned_query, "success_message": request.args.get("_success") or "", "canned_write": True, } return ( { "database": database, "rows": [], "truncated": False, "columns": [], "query": { "sql": sql, "params": params }, "private": private, }, extra_template, templates, ) else: # Not a write if canned_query: params_for_query = MagicParameters(params, request, self.ds) else: params_for_query = params results = await self.ds.execute(database, sql, params_for_query, truncate=True, **extra_args) columns = [r[0] for r in results.description] if canned_query: templates.insert( 0, "query-{}-{}.html".format(to_css_class(database), to_css_class(canned_query)), ) async def extra_template(): display_rows = [] for row in results.rows: display_row = [] for column, value in zip(results.columns, row): display_value = value # Let the plugins have a go # pylint: disable=no-member plugin_value = pm.hook.render_cell( value=value, column=column, table=None, database=database, datasette=self.ds, ) if plugin_value is not None: display_value = plugin_value else: if value in ("", None): display_value = jinja2.Markup(" ") elif is_url(str(display_value).strip()): display_value = jinja2.Markup( '<a href="{url}">{url}</a>'.format( url=jinja2.escape(value.strip()))) display_row.append(display_value) display_rows.append(display_row) return { "display_rows": display_rows, "custom_sql": True, "named_parameter_values": named_parameter_values, "editable": editable, "canned_query": canned_query, "metadata": metadata, "config": self.ds.config_dict(), "request": request, "path_with_added_args": path_with_added_args, "path_with_removed_args": path_with_removed_args, "hide_sql": "_hide_sql" in params, } return ( { "database": database, "query_name": canned_query, "rows": results.rows, "truncated": results.truncated, "columns": columns, "query": { "sql": sql, "params": params }, "private": private, "allow_execute_sql": await self.ds.permission_allowed(request.actor, "execute-sql", database, default=True), }, extra_template, templates, )
async def data(self, request, name, hash, table): table = urllib.parse.unquote_plus(table) canned_query = self.ds.get_canned_query(name, table) if canned_query is not None: return await self.custom_sql( request, name, hash, canned_query["sql"], editable=False, canned_query=table, ) is_view = bool( list(await self.execute( name, "SELECT count(*) from sqlite_master WHERE type = 'view' and name=:n", {"n": table}, ))[0][0]) view_definition = None table_definition = None if is_view: view_definition = list(await self.execute( name, 'select sql from sqlite_master where name = :n and type="view"', {"n": table}, ))[0][0] else: table_definition_rows = list(await self.execute( name, 'select sql from sqlite_master where name = :n and type="table"', {"n": table}, )) if not table_definition_rows: raise NotFound("Table not found: {}".format(table)) table_definition = table_definition_rows[0][0] info = self.ds.inspect() table_info = info[name]["tables"].get(table) or {} pks = table_info.get("primary_keys") or [] use_rowid = not pks and not is_view if use_rowid: select = "rowid, *" order_by = "rowid" order_by_pks = "rowid" else: select = "*" order_by_pks = ", ".join([escape_sqlite(pk) for pk in pks]) order_by = order_by_pks if is_view: order_by = "" # We roll our own query_string decoder because by default Sanic # drops anything with an empty value e.g. ?name__exact= args = RequestParameters( urllib.parse.parse_qs(request.query_string, keep_blank_values=True)) # Special args start with _ and do not contain a __ # That's so if there is a column that starts with _ # it can still be queried using ?_col__exact=blah special_args = {} special_args_lists = {} other_args = {} for key, value in args.items(): if key.startswith("_") and "__" not in key: special_args[key] = value[0] special_args_lists[key] = value else: other_args[key] = value[0] # Handle ?_filter_column and redirect, if present redirect_params = filters_should_redirect(special_args) if redirect_params: return self.redirect( request, path_with_added_args(request, redirect_params), forward_querystring=False, ) # Spot ?_sort_by_desc and redirect to _sort_desc=(_sort) if "_sort_by_desc" in special_args: return self.redirect( request, path_with_added_args( request, { "_sort_desc": special_args.get("_sort"), "_sort_by_desc": None, "_sort": None, }, ), forward_querystring=False, ) table_metadata = self.table_metadata(name, table) units = table_metadata.get("units", {}) filters = Filters(sorted(other_args.items()), units, ureg) where_clauses, params = filters.build_where_clauses() # _search support: fts_table = info[name]["tables"].get(table, {}).get("fts_table") search_args = dict(pair for pair in special_args.items() if pair[0].startswith("_search")) search_descriptions = [] search = "" if fts_table and search_args: if "_search" in search_args: # Simple ?_search=xxx search = search_args["_search"] where_clauses.append( "rowid in (select rowid from [{fts_table}] where [{fts_table}] match :search)" .format(fts_table=fts_table)) search_descriptions.append( 'search matches "{}"'.format(search)) params["search"] = search else: # More complex: search against specific columns valid_columns = set(info[name]["tables"][fts_table]["columns"]) for i, (key, search_text) in enumerate(search_args.items()): search_col = key.split("_search_", 1)[1] if search_col not in valid_columns: raise DatasetteError("Cannot search by that column", status=400) where_clauses.append( "rowid in (select rowid from [{fts_table}] where [{search_col}] match :search_{i})" .format(fts_table=fts_table, search_col=search_col, i=i)) search_descriptions.append( 'search column "{}" matches "{}"'.format( search_col, search_text)) params["search_{}".format(i)] = search_text table_rows_count = None sortable_columns = set() if not is_view: table_rows_count = table_info["count"] sortable_columns = self.sortable_columns_for_table( name, table, use_rowid) # Allow for custom sort order sort = special_args.get("_sort") if sort: if sort not in sortable_columns: raise DatasetteError("Cannot sort table by {}".format(sort)) order_by = escape_sqlite(sort) sort_desc = special_args.get("_sort_desc") if sort_desc: if sort_desc not in sortable_columns: raise DatasetteError( "Cannot sort table by {}".format(sort_desc)) if sort: raise DatasetteError( "Cannot use _sort and _sort_desc at the same time") order_by = "{} desc".format(escape_sqlite(sort_desc)) from_sql = "from {table_name} {where}".format( table_name=escape_sqlite(table), where=("where {} ".format(" and ".join(where_clauses))) if where_clauses else "", ) count_sql = "select count(*) {}".format(from_sql) _next = special_args.get("_next") offset = "" if _next: if is_view: # _next is an offset offset = " offset {}".format(int(_next)) else: components = urlsafe_components(_next) # If a sort order is applied, the first of these is the sort value if sort or sort_desc: sort_value = components[0] # Special case for if non-urlencoded first token was $null if _next.split(",")[0] == "$null": sort_value = None components = components[1:] # Figure out the SQL for next-based-on-primary-key first next_by_pk_clauses = [] if use_rowid: next_by_pk_clauses.append("rowid > :p{}".format( len(params))) params["p{}".format(len(params))] = components[0] else: # Apply the tie-breaker based on primary keys if len(components) == len(pks): param_len = len(params) next_by_pk_clauses.append( compound_keys_after_sql(pks, param_len)) for i, pk_value in enumerate(components): params["p{}".format(param_len + i)] = pk_value # Now add the sort SQL, which may incorporate next_by_pk_clauses if sort or sort_desc: if sort_value is None: if sort_desc: # Just items where column is null ordered by pk where_clauses.append( "({column} is null and {next_clauses})".format( column=escape_sqlite(sort_desc), next_clauses=" and ".join( next_by_pk_clauses), )) else: where_clauses.append( "({column} is not null or ({column} is null and {next_clauses}))" .format( column=escape_sqlite(sort), next_clauses=" and ".join( next_by_pk_clauses), )) else: where_clauses.append( "({column} {op} :p{p}{extra_desc_only} or ({column} = :p{p} and {next_clauses}))" .format( column=escape_sqlite(sort or sort_desc), op=">" if sort else "<", p=len(params), extra_desc_only="" if sort else " or {column2} is null".format( column2=escape_sqlite(sort or sort_desc)), next_clauses=" and ".join(next_by_pk_clauses), )) params["p{}".format(len(params))] = sort_value order_by = "{}, {}".format(order_by, order_by_pks) else: where_clauses.extend(next_by_pk_clauses) where_clause = "" if where_clauses: where_clause = "where {} ".format(" and ".join(where_clauses)) if order_by: order_by = "order by {} ".format(order_by) # _group_count=col1&_group_count=col2 group_count = special_args_lists.get("_group_count") or [] if group_count: sql = 'select {group_cols}, count(*) as "count" from {table_name} {where} group by {group_cols} order by "count" desc limit 100'.format( group_cols=", ".join('"{}"'.format(group_count_col) for group_count_col in group_count), table_name=escape_sqlite(table), where=where_clause, ) return await self.custom_sql(request, name, hash, sql, editable=True) extra_args = {} # Handle ?_page_size=500 page_size = request.raw_args.get("_size") if page_size: if page_size == "max": page_size = self.max_returned_rows try: page_size = int(page_size) if page_size < 0: raise ValueError except ValueError: raise DatasetteError("_size must be a positive integer", status=400) if page_size > self.max_returned_rows: raise DatasetteError("_size must be <= {}".format( self.max_returned_rows), status=400) extra_args["page_size"] = page_size else: page_size = self.page_size sql = "select {select} from {table_name} {where}{order_by}limit {limit}{offset}".format( select=select, table_name=escape_sqlite(table), where=where_clause, order_by=order_by, limit=page_size + 1, offset=offset, ) if request.raw_args.get("_timelimit"): extra_args["custom_time_limit"] = int( request.raw_args["_timelimit"]) rows, truncated, description = await self.execute(name, sql, params, truncate=True, **extra_args) # facets support try: facets = request.args["_facet"] except KeyError: facets = table_metadata.get("facets", []) facet_results = {} for column in facets: facet_sql = """ select {col} as value, count(*) as count {from_sql} group by {col} order by count desc limit 20 """.format(col=escape_sqlite(column), from_sql=from_sql) try: facet_rows = await self.execute(name, facet_sql, params, truncate=False, custom_time_limit=200) facet_results[column] = [{ "value": row["value"], "count": row["count"], "toggle_url": urllib.parse.urljoin( request.url, path_with_added_args(request, {column: row["value"]}), ), } for row in facet_rows] except sqlite3.OperationalError: # Hit time limit pass columns = [r[0] for r in description] rows = list(rows) filter_columns = columns[:] if use_rowid and filter_columns[0] == "rowid": filter_columns = filter_columns[1:] # Pagination next link next_value = None next_url = None if len(rows) > page_size and page_size > 0: if is_view: next_value = int(_next or 0) + page_size else: next_value = path_from_row_pks(rows[-2], pks, use_rowid) # If there's a sort or sort_desc, add that value as a prefix if (sort or sort_desc) and not is_view: prefix = rows[-2][sort or sort_desc] if prefix is None: prefix = "$null" else: prefix = urllib.parse.quote_plus(str(prefix)) next_value = "{},{}".format(prefix, next_value) added_args = {"_next": next_value} if sort: added_args["_sort"] = sort else: added_args["_sort_desc"] = sort_desc else: added_args = {"_next": next_value} next_url = urllib.parse.urljoin( request.url, path_with_added_args(request, added_args)) rows = rows[:page_size] # Number of filtered rows in whole set: filtered_table_rows_count = None if count_sql: try: count_rows = list(await self.execute(name, count_sql, params)) filtered_table_rows_count = count_rows[0][0] except sqlite3.OperationalError: # Almost certainly hit the timeout pass # human_description_en combines filters AND search, if provided human_description_en = filters.human_description_en( extra=search_descriptions) if sort or sort_desc: sorted_by = "sorted by {}{}".format( (sort or sort_desc), " descending" if sort_desc else "") human_description_en = " ".join( [b for b in [human_description_en, sorted_by] if b]) async def extra_template(): display_columns, display_rows = await self.display_columns_and_rows( name, table, description, rows, link_column=not is_view, expand_foreign_keys=True, ) metadata = self.ds.metadata.get("databases", {}).get(name, {}).get("tables", {}).get(table, {}) self.ds.update_with_inherited_metadata(metadata) return { "database_hash": hash, "supports_search": bool(fts_table), "search": search or "", "use_rowid": use_rowid, "filters": filters, "display_columns": display_columns, "filter_columns": filter_columns, "display_rows": display_rows, "is_sortable": any(c["sortable"] for c in display_columns), "path_with_added_args": path_with_added_args, "request": request, "sort": sort, "sort_desc": sort_desc, "disable_sort": is_view, "custom_rows_and_columns_templates": [ "_rows_and_columns-{}-{}.html".format( to_css_class(name), to_css_class(table)), "_rows_and_columns-table-{}-{}.html".format( to_css_class(name), to_css_class(table)), "_rows_and_columns.html", ], "metadata": metadata, } return { "database": name, "table": table, "is_view": is_view, "view_definition": view_definition, "table_definition": table_definition, "human_description_en": human_description_en, "rows": rows[:page_size], "truncated": truncated, "table_rows_count": table_rows_count, "filtered_table_rows_count": filtered_table_rows_count, "columns": columns, "primary_keys": pks, "units": units, "query": { "sql": sql, "params": params }, "facet_results": facet_results, "next": next_value and str(next_value) or None, "next_url": next_url, }, extra_template, ( "table-{}-{}.html".format(to_css_class(name), to_css_class(table)), "table.html", )
async def data(self, request, database, hash, table, pk_path, default_labels=False): pk_values = urlsafe_components(pk_path) await self.check_permission(request, "view-instance") await self.check_permission(request, "view-database", database) await self.check_permission(request, "view-table", (database, table)) db = self.ds.databases[database] pks = await db.primary_keys(table) use_rowid = not pks select = "*" if use_rowid: select = "rowid, *" pks = ["rowid"] wheres = ['"{}"=:p{}'.format(pk, i) for i, pk in enumerate(pks)] sql = "select {} from {} where {}".format( select, escape_sqlite(table), " AND ".join(wheres) ) params = {} for i, pk_value in enumerate(pk_values): params["p{}".format(i)] = pk_value results = await db.execute(sql, params, truncate=True) columns = [r[0] for r in results.description] rows = list(results.rows) if not rows: raise NotFound("Record not found: {}".format(pk_values)) async def template_data(): display_columns, display_rows = await self.display_columns_and_rows( database, table, results.description, rows, link_column=False, truncate_cells=0, ) for column in display_columns: column["sortable"] = False return { "foreign_key_tables": await self.foreign_key_tables( database, table, pk_values ), "display_columns": display_columns, "display_rows": display_rows, "custom_table_templates": [ "_table-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table-row-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table.html", ], "metadata": (self.ds.metadata("databases") or {}) .get(database, {}) .get("tables", {}) .get(table, {}), } data = { "database": database, "table": table, "rows": rows, "columns": columns, "primary_keys": pks, "primary_key_values": pk_values, "units": self.ds.table_metadata(database, table).get("units", {}), } if "foreign_key_tables" in (request.args.get("_extras") or "").split(","): data["foreign_key_tables"] = await self.foreign_key_tables( database, table, pk_values ) return ( data, template_data, ( "row-{}-{}.html".format(to_css_class(database), to_css_class(table)), "row.html", ), )
async def data(self, request, name, hash, table, pk_path, default_labels=False): pk_values = urlsafe_components(pk_path) info = self.ds.inspect()[name] table_info = info["tables"].get(table) or {} pks = table_info.get("primary_keys") or [] use_rowid = not pks select = "*" if use_rowid: select = "rowid, *" pks = ["rowid"] wheres = ['"{}"=:p{}'.format(pk, i) for i, pk in enumerate(pks)] sql = 'select {} from "{}" where {}'.format(select, table, " AND ".join(wheres)) params = {} for i, pk_value in enumerate(pk_values): params["p{}".format(i)] = pk_value results = await self.ds.execute( name, sql, params, truncate=True ) columns = [r[0] for r in results.description] rows = list(results.rows) if not rows: raise NotFound("Record not found: {}".format(pk_values)) async def template_data(): display_columns, display_rows = await self.display_columns_and_rows( name, table, results.description, rows, link_column=False, ) for column in display_columns: column["sortable"] = False return { "database_hash": hash, "foreign_key_tables": await self.foreign_key_tables( name, table, pk_values ), "display_columns": display_columns, "display_rows": display_rows, "custom_rows_and_columns_templates": [ "_rows_and_columns-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns-row-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns.html", ], "metadata": self.ds.metadata.get("databases", {}).get(name, {}).get( "tables", {} ).get( table, {} ), } data = { "database": name, "table": table, "rows": rows, "columns": columns, "primary_keys": pks, "primary_key_values": pk_values, "units": self.table_metadata(name, table).get("units", {}), } if "foreign_key_tables" in (request.raw_args.get("_extras") or "").split(","): data["foreign_key_tables"] = await self.foreign_key_tables( name, table, pk_values ) return data, template_data, ( "row-{}-{}.html".format(to_css_class(name), to_css_class(table)), "row.html" )
async def data(self, request, name, hash, table, default_labels=False, _next=None, _size=None): canned_query = self.ds.get_canned_query(name, table) if canned_query is not None: return await self.custom_sql( request, name, hash, canned_query["sql"], editable=False, canned_query=table, ) is_view = bool(await self.ds.get_view_definition(name, table)) info = self.ds.inspect() table_info = info[name]["tables"].get(table) or {} if not is_view and not table_info: raise NotFound("Table not found: {}".format(table)) pks = table_info.get("primary_keys") or [] use_rowid = not pks and not is_view if use_rowid: select = "rowid, *" order_by = "rowid" order_by_pks = "rowid" else: select = "*" order_by_pks = ", ".join([escape_sqlite(pk) for pk in pks]) order_by = order_by_pks if is_view: order_by = "" # We roll our own query_string decoder because by default Sanic # drops anything with an empty value e.g. ?name__exact= args = RequestParameters( urllib.parse.parse_qs(request.query_string, keep_blank_values=True) ) # Special args start with _ and do not contain a __ # That's so if there is a column that starts with _ # it can still be queried using ?_col__exact=blah special_args = {} special_args_lists = {} other_args = {} for key, value in args.items(): if key.startswith("_") and "__" not in key: special_args[key] = value[0] special_args_lists[key] = value else: other_args[key] = value[0] # Handle ?_filter_column and redirect, if present redirect_params = filters_should_redirect(special_args) if redirect_params: return self.redirect( request, path_with_added_args(request, redirect_params), forward_querystring=False, ) # Spot ?_sort_by_desc and redirect to _sort_desc=(_sort) if "_sort_by_desc" in special_args: return self.redirect( request, path_with_added_args( request, { "_sort_desc": special_args.get("_sort"), "_sort_by_desc": None, "_sort": None, }, ), forward_querystring=False, ) table_metadata = self.table_metadata(name, table) units = table_metadata.get("units", {}) filters = Filters(sorted(other_args.items()), units, ureg) where_clauses, params = filters.build_where_clauses() # _search support: fts_table = info[name]["tables"].get(table, {}).get("fts_table") search_args = dict( pair for pair in special_args.items() if pair[0].startswith("_search") ) search_descriptions = [] search = "" if fts_table and search_args: if "_search" in search_args: # Simple ?_search=xxx search = search_args["_search"] where_clauses.append( "rowid in (select rowid from {fts_table} where {fts_table} match :search)".format( fts_table=escape_sqlite(fts_table), ) ) search_descriptions.append('search matches "{}"'.format(search)) params["search"] = search else: # More complex: search against specific columns valid_columns = set(info[name]["tables"][fts_table]["columns"]) for i, (key, search_text) in enumerate(search_args.items()): search_col = key.split("_search_", 1)[1] if search_col not in valid_columns: raise DatasetteError("Cannot search by that column", status=400) where_clauses.append( "rowid in (select rowid from {fts_table} where {search_col} match :search_{i})".format( fts_table=escape_sqlite(fts_table), search_col=escape_sqlite(search_col), i=i ) ) search_descriptions.append( 'search column "{}" matches "{}"'.format( search_col, search_text ) ) params["search_{}".format(i)] = search_text table_rows_count = None sortable_columns = set() if not is_view: table_rows_count = table_info["count"] sortable_columns = self.sortable_columns_for_table(name, table, use_rowid) # Allow for custom sort order sort = special_args.get("_sort") if sort: if sort not in sortable_columns: raise DatasetteError("Cannot sort table by {}".format(sort)) order_by = escape_sqlite(sort) sort_desc = special_args.get("_sort_desc") if sort_desc: if sort_desc not in sortable_columns: raise DatasetteError("Cannot sort table by {}".format(sort_desc)) if sort: raise DatasetteError("Cannot use _sort and _sort_desc at the same time") order_by = "{} desc".format(escape_sqlite(sort_desc)) from_sql = "from {table_name} {where}".format( table_name=escape_sqlite(table), where=( "where {} ".format(" and ".join(where_clauses)) ) if where_clauses else "", ) # Store current params and where_clauses for later: from_sql_params = dict(**params) from_sql_where_clauses = where_clauses[:] count_sql = "select count(*) {}".format(from_sql) _next = _next or special_args.get("_next") offset = "" if _next: if is_view: # _next is an offset offset = " offset {}".format(int(_next)) else: components = urlsafe_components(_next) # If a sort order is applied, the first of these is the sort value if sort or sort_desc: sort_value = components[0] # Special case for if non-urlencoded first token was $null if _next.split(",")[0] == "$null": sort_value = None components = components[1:] # Figure out the SQL for next-based-on-primary-key first next_by_pk_clauses = [] if use_rowid: next_by_pk_clauses.append("rowid > :p{}".format(len(params))) params["p{}".format(len(params))] = components[0] else: # Apply the tie-breaker based on primary keys if len(components) == len(pks): param_len = len(params) next_by_pk_clauses.append( compound_keys_after_sql(pks, param_len) ) for i, pk_value in enumerate(components): params["p{}".format(param_len + i)] = pk_value # Now add the sort SQL, which may incorporate next_by_pk_clauses if sort or sort_desc: if sort_value is None: if sort_desc: # Just items where column is null ordered by pk where_clauses.append( "({column} is null and {next_clauses})".format( column=escape_sqlite(sort_desc), next_clauses=" and ".join(next_by_pk_clauses), ) ) else: where_clauses.append( "({column} is not null or ({column} is null and {next_clauses}))".format( column=escape_sqlite(sort), next_clauses=" and ".join(next_by_pk_clauses), ) ) else: where_clauses.append( "({column} {op} :p{p}{extra_desc_only} or ({column} = :p{p} and {next_clauses}))".format( column=escape_sqlite(sort or sort_desc), op=">" if sort else "<", p=len(params), extra_desc_only="" if sort else " or {column2} is null".format( column2=escape_sqlite(sort or sort_desc) ), next_clauses=" and ".join(next_by_pk_clauses), ) ) params["p{}".format(len(params))] = sort_value order_by = "{}, {}".format(order_by, order_by_pks) else: where_clauses.extend(next_by_pk_clauses) where_clause = "" if where_clauses: where_clause = "where {} ".format(" and ".join(where_clauses)) if order_by: order_by = "order by {} ".format(order_by) # _group_count=col1&_group_count=col2 group_count = special_args_lists.get("_group_count") or [] if group_count: sql = 'select {group_cols}, count(*) as "count" from {table_name} {where} group by {group_cols} order by "count" desc limit 100'.format( group_cols=", ".join( '"{}"'.format(group_count_col) for group_count_col in group_count ), table_name=escape_sqlite(table), where=where_clause, ) return await self.custom_sql(request, name, hash, sql, editable=True) extra_args = {} # Handle ?_size=500 page_size = _size or request.raw_args.get("_size") if page_size: if page_size == "max": page_size = self.max_returned_rows try: page_size = int(page_size) if page_size < 0: raise ValueError except ValueError: raise DatasetteError("_size must be a positive integer", status=400) if page_size > self.max_returned_rows: raise DatasetteError( "_size must be <= {}".format(self.max_returned_rows), status=400 ) extra_args["page_size"] = page_size else: page_size = self.page_size sql = "select {select} from {table_name} {where}{order_by}limit {limit}{offset}".format( select=select, table_name=escape_sqlite(table), where=where_clause, order_by=order_by, limit=page_size + 1, offset=offset, ) if request.raw_args.get("_timelimit"): extra_args["custom_time_limit"] = int(request.raw_args["_timelimit"]) results = await self.ds.execute( name, sql, params, truncate=True, **extra_args ) # facets support facet_size = self.ds.config["default_facet_size"] metadata_facets = table_metadata.get("facets", []) facets = metadata_facets[:] if request.args.get("_facet") and not self.ds.config["allow_facet"]: raise DatasetteError("_facet= is not allowed", status=400) try: facets.extend(request.args["_facet"]) except KeyError: pass facet_results = {} facets_timed_out = [] for column in facets: if _next: continue facet_sql = """ select {col} as value, count(*) as count {from_sql} {and_or_where} {col} is not null group by {col} order by count desc limit {limit} """.format( col=escape_sqlite(column), from_sql=from_sql, and_or_where='and' if from_sql_where_clauses else 'where', limit=facet_size+1, ) try: facet_rows_results = await self.ds.execute( name, facet_sql, params, truncate=False, custom_time_limit=self.ds.config["facet_time_limit_ms"], ) facet_results_values = [] facet_results[column] = { "name": column, "results": facet_results_values, "truncated": len(facet_rows_results) > facet_size, } facet_rows = facet_rows_results.rows[:facet_size] # Attempt to expand foreign keys into labels values = [row["value"] for row in facet_rows] expanded = (await self.expand_foreign_keys( name, table, column, values )) for row in facet_rows: selected = str(other_args.get(column)) == str(row["value"]) if selected: toggle_path = path_with_removed_args( request, {column: str(row["value"])} ) else: toggle_path = path_with_added_args( request, {column: row["value"]} ) facet_results_values.append({ "value": row["value"], "label": expanded.get( (column, row["value"]), row["value"] ), "count": row["count"], "toggle_url": urllib.parse.urljoin( request.url, toggle_path ), "selected": selected, }) except InterruptedError: facets_timed_out.append(column) columns = [r[0] for r in results.description] rows = list(results.rows) filter_columns = columns[:] if use_rowid and filter_columns[0] == "rowid": filter_columns = filter_columns[1:] # Expand labeled columns if requested expanded_columns = [] expandable_columns = self.expandable_columns(name, table) columns_to_expand = None try: all_labels = value_as_boolean(special_args.get("_labels", "")) except ValueError: all_labels = default_labels # Check for explicit _label= if "_label" in request.args: columns_to_expand = request.args["_label"] if columns_to_expand is None and all_labels: # expand all columns with foreign keys columns_to_expand = [ fk["column"] for fk, _ in expandable_columns ] if columns_to_expand: expanded_labels = {} for fk, label_column in expandable_columns: column = fk["column"] if column not in columns_to_expand: continue expanded_columns.append(column) # Gather the values column_index = columns.index(column) values = [row[column_index] for row in rows] # Expand them expanded_labels.update(await self.expand_foreign_keys( name, table, column, values )) if expanded_labels: # Rewrite the rows new_rows = [] for row in rows: new_row = CustomRow(columns) for column in row.keys(): value = row[column] if (column, value) in expanded_labels: new_row[column] = { 'value': value, 'label': expanded_labels[(column, value)] } else: new_row[column] = value new_rows.append(new_row) rows = new_rows # Pagination next link next_value = None next_url = None if len(rows) > page_size and page_size > 0: if is_view: next_value = int(_next or 0) + page_size else: next_value = path_from_row_pks(rows[-2], pks, use_rowid) # If there's a sort or sort_desc, add that value as a prefix if (sort or sort_desc) and not is_view: prefix = rows[-2][sort or sort_desc] if prefix is None: prefix = "$null" else: prefix = urllib.parse.quote_plus(str(prefix)) next_value = "{},{}".format(prefix, next_value) added_args = {"_next": next_value} if sort: added_args["_sort"] = sort else: added_args["_sort_desc"] = sort_desc else: added_args = {"_next": next_value} next_url = urllib.parse.urljoin( request.url, path_with_replaced_args(request, added_args) ) rows = rows[:page_size] # Number of filtered rows in whole set: filtered_table_rows_count = None if count_sql: try: count_rows = list(await self.ds.execute( name, count_sql, from_sql_params )) filtered_table_rows_count = count_rows[0][0] except InterruptedError: pass # Detect suggested facets suggested_facets = [] if self.ds.config["suggest_facets"] and self.ds.config["allow_facet"]: for facet_column in columns: if facet_column in facets: continue if _next: continue if not self.ds.config["suggest_facets"]: continue suggested_facet_sql = ''' select distinct {column} {from_sql} {and_or_where} {column} is not null limit {limit} '''.format( column=escape_sqlite(facet_column), from_sql=from_sql, and_or_where='and' if from_sql_where_clauses else 'where', limit=facet_size+1 ) distinct_values = None try: distinct_values = await self.ds.execute( name, suggested_facet_sql, from_sql_params, truncate=False, custom_time_limit=self.ds.config["facet_suggest_time_limit_ms"], ) num_distinct_values = len(distinct_values) if ( num_distinct_values and num_distinct_values > 1 and num_distinct_values <= facet_size and num_distinct_values < filtered_table_rows_count ): suggested_facets.append({ 'name': facet_column, 'toggle_url': path_with_added_args( request, {'_facet': facet_column} ), }) except InterruptedError: pass # human_description_en combines filters AND search, if provided human_description_en = filters.human_description_en(extra=search_descriptions) if sort or sort_desc: sorted_by = "sorted by {}{}".format( (sort or sort_desc), " descending" if sort_desc else "" ) human_description_en = " ".join( [b for b in [human_description_en, sorted_by] if b] ) async def extra_template(): display_columns, display_rows = await self.display_columns_and_rows( name, table, results.description, rows, link_column=not is_view, ) metadata = self.ds.metadata.get("databases", {}).get(name, {}).get( "tables", {} ).get( table, {} ) self.ds.update_with_inherited_metadata(metadata) return { "database_hash": hash, "supports_search": bool(fts_table), "search": search or "", "use_rowid": use_rowid, "filters": filters, "display_columns": display_columns, "filter_columns": filter_columns, "display_rows": display_rows, "facets_timed_out": facets_timed_out, "sorted_facet_results": sorted( facet_results.values(), key=lambda f: (len(f["results"]), f["name"]), reverse=True ), "facet_hideable": lambda facet: facet not in metadata_facets, "is_sortable": any(c["sortable"] for c in display_columns), "path_with_replaced_args": path_with_replaced_args, "path_with_removed_args": path_with_removed_args, "append_querystring": append_querystring, "request": request, "sort": sort, "sort_desc": sort_desc, "disable_sort": is_view, "custom_rows_and_columns_templates": [ "_rows_and_columns-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns-table-{}-{}.html".format( to_css_class(name), to_css_class(table) ), "_rows_and_columns.html", ], "metadata": metadata, "view_definition": await self.ds.get_view_definition(name, table), "table_definition": await self.ds.get_table_definition(name, table), } return { "database": name, "table": table, "is_view": is_view, "human_description_en": human_description_en, "rows": rows[:page_size], "truncated": results.truncated, "table_rows_count": table_rows_count, "filtered_table_rows_count": filtered_table_rows_count, "expanded_columns": expanded_columns, "expandable_columns": expandable_columns, "columns": columns, "primary_keys": pks, "units": units, "query": {"sql": sql, "params": params}, "facet_results": facet_results, "suggested_facets": suggested_facets, "next": next_value and str(next_value) or None, "next_url": next_url, }, extra_template, ( "table-{}-{}.html".format(to_css_class(name), to_css_class(table)), "table.html", )
async def data( self, request, database, hash, table, default_labels=False, _next=None, _size=None, ): canned_query = await self.ds.get_canned_query(database, table, request.actor) if canned_query: return await QueryView(self.ds).data( request, database, hash, canned_query["sql"], metadata=canned_query, editable=False, canned_query=table, named_parameters=canned_query.get("params"), write=bool(canned_query.get("write")), ) db = self.ds.databases[database] is_view = bool(await db.get_view_definition(table)) table_exists = bool(await db.table_exists(table)) if not is_view and not table_exists: raise NotFound("Table not found: {}".format(table)) await self.check_permission(request, "view-instance") await self.check_permission(request, "view-database", database) await self.check_permission(request, "view-table", (database, table)) private = not await self.ds.permission_allowed( None, "view-table", (database, table), default=True ) pks = await db.primary_keys(table) table_columns = await db.table_columns(table) select_columns = ", ".join(escape_sqlite(t) for t in table_columns) use_rowid = not pks and not is_view if use_rowid: select = "rowid, {}".format(select_columns) order_by = "rowid" order_by_pks = "rowid" else: select = select_columns order_by_pks = ", ".join([escape_sqlite(pk) for pk in pks]) order_by = order_by_pks if is_view: order_by = "" # Ensure we don't drop anything with an empty value e.g. ?name__exact= args = MultiParams( urllib.parse.parse_qs(request.query_string, keep_blank_values=True) ) # Special args start with _ and do not contain a __ # That's so if there is a column that starts with _ # it can still be queried using ?_col__exact=blah special_args = {} other_args = [] for key in args: if key.startswith("_") and "__" not in key: special_args[key] = args[key] else: for v in args.getlist(key): other_args.append((key, v)) # Handle ?_filter_column and redirect, if present redirect_params = filters_should_redirect(special_args) if redirect_params: return self.redirect( request, path_with_added_args(request, redirect_params), forward_querystring=False, ) # Spot ?_sort_by_desc and redirect to _sort_desc=(_sort) if "_sort_by_desc" in special_args: return self.redirect( request, path_with_added_args( request, { "_sort_desc": special_args.get("_sort"), "_sort_by_desc": None, "_sort": None, }, ), forward_querystring=False, ) table_metadata = self.ds.table_metadata(database, table) units = table_metadata.get("units", {}) filters = Filters(sorted(other_args), units, ureg) where_clauses, params = filters.build_where_clauses(table) extra_wheres_for_ui = [] # Add _where= from querystring if "_where" in request.args: if not await self.ds.permission_allowed( request.actor, "execute-sql", resource=database, default=True, ): raise DatasetteError("_where= is not allowed", status=403) else: where_clauses.extend(request.args.getlist("_where")) extra_wheres_for_ui = [ { "text": text, "remove_url": path_with_removed_args(request, {"_where": text}), } for text in request.args.getlist("_where") ] # Support for ?_through={table, column, value} extra_human_descriptions = [] if "_through" in request.args: for through in request.args.getlist("_through"): through_data = json.loads(through) through_table = through_data["table"] other_column = through_data["column"] value = through_data["value"] outgoing_foreign_keys = await db.foreign_keys_for_table(through_table) try: fk_to_us = [ fk for fk in outgoing_foreign_keys if fk["other_table"] == table ][0] except IndexError: raise DatasetteError( "Invalid _through - could not find corresponding foreign key" ) param = "p{}".format(len(params)) where_clauses.append( "{our_pk} in (select {our_column} from {through_table} where {other_column} = :{param})".format( through_table=escape_sqlite(through_table), our_pk=escape_sqlite(fk_to_us["other_column"]), our_column=escape_sqlite(fk_to_us["column"]), other_column=escape_sqlite(other_column), param=param, ) ) params[param] = value extra_human_descriptions.append( '{}.{} = "{}"'.format(through_table, other_column, value) ) # _search support: fts_table = special_args.get("_fts_table") fts_table = fts_table or table_metadata.get("fts_table") fts_table = fts_table or await db.fts_table(table) fts_pk = special_args.get("_fts_pk", table_metadata.get("fts_pk", "rowid")) search_args = dict( pair for pair in special_args.items() if pair[0].startswith("_search") ) search = "" search_mode_raw = special_args.get("_searchmode") == "raw" if fts_table and search_args: if "_search" in search_args: # Simple ?_search=xxx search = search_args["_search"] where_clauses.append( "{fts_pk} in (select rowid from {fts_table} where {fts_table} match {match_clause})".format( fts_table=escape_sqlite(fts_table), fts_pk=escape_sqlite(fts_pk), match_clause=":search" if search_mode_raw else "escape_fts(:search)", ) ) extra_human_descriptions.append('search matches "{}"'.format(search)) params["search"] = search else: # More complex: search against specific columns for i, (key, search_text) in enumerate(search_args.items()): search_col = key.split("_search_", 1)[1] if search_col not in await db.table_columns(fts_table): raise DatasetteError("Cannot search by that column", status=400) where_clauses.append( "rowid in (select rowid from {fts_table} where {search_col} match {match_clause})".format( fts_table=escape_sqlite(fts_table), search_col=escape_sqlite(search_col), match_clause=":search_{}".format(i) if search_mode_raw else "escape_fts(:search_{})".format(i), ) ) extra_human_descriptions.append( 'search column "{}" matches "{}"'.format( search_col, search_text ) ) params["search_{}".format(i)] = search_text sortable_columns = set() sortable_columns = await self.sortable_columns_for_table( database, table, use_rowid ) # Allow for custom sort order sort = special_args.get("_sort") sort_desc = special_args.get("_sort_desc") if not sort and not sort_desc: sort = table_metadata.get("sort") sort_desc = table_metadata.get("sort_desc") if sort and sort_desc: raise DatasetteError("Cannot use _sort and _sort_desc at the same time") if sort: if sort not in sortable_columns: raise DatasetteError("Cannot sort table by {}".format(sort)) order_by = escape_sqlite(sort) if sort_desc: if sort_desc not in sortable_columns: raise DatasetteError("Cannot sort table by {}".format(sort_desc)) order_by = "{} desc".format(escape_sqlite(sort_desc)) from_sql = "from {table_name} {where}".format( table_name=escape_sqlite(table), where=("where {} ".format(" and ".join(where_clauses))) if where_clauses else "", ) # Copy of params so we can mutate them later: from_sql_params = dict(**params) count_sql = "select count(*) {}".format(from_sql) _next = _next or special_args.get("_next") offset = "" if _next: if is_view: # _next is an offset offset = " offset {}".format(int(_next)) else: components = urlsafe_components(_next) # If a sort order is applied, the first of these is the sort value if sort or sort_desc: sort_value = components[0] # Special case for if non-urlencoded first token was $null if _next.split(",")[0] == "$null": sort_value = None components = components[1:] # Figure out the SQL for next-based-on-primary-key first next_by_pk_clauses = [] if use_rowid: next_by_pk_clauses.append("rowid > :p{}".format(len(params))) params["p{}".format(len(params))] = components[0] else: # Apply the tie-breaker based on primary keys if len(components) == len(pks): param_len = len(params) next_by_pk_clauses.append( compound_keys_after_sql(pks, param_len) ) for i, pk_value in enumerate(components): params["p{}".format(param_len + i)] = pk_value # Now add the sort SQL, which may incorporate next_by_pk_clauses if sort or sort_desc: if sort_value is None: if sort_desc: # Just items where column is null ordered by pk where_clauses.append( "({column} is null and {next_clauses})".format( column=escape_sqlite(sort_desc), next_clauses=" and ".join(next_by_pk_clauses), ) ) else: where_clauses.append( "({column} is not null or ({column} is null and {next_clauses}))".format( column=escape_sqlite(sort), next_clauses=" and ".join(next_by_pk_clauses), ) ) else: where_clauses.append( "({column} {op} :p{p}{extra_desc_only} or ({column} = :p{p} and {next_clauses}))".format( column=escape_sqlite(sort or sort_desc), op=">" if sort else "<", p=len(params), extra_desc_only="" if sort else " or {column2} is null".format( column2=escape_sqlite(sort or sort_desc) ), next_clauses=" and ".join(next_by_pk_clauses), ) ) params["p{}".format(len(params))] = sort_value order_by = "{}, {}".format(order_by, order_by_pks) else: where_clauses.extend(next_by_pk_clauses) where_clause = "" if where_clauses: where_clause = "where {} ".format(" and ".join(where_clauses)) if order_by: order_by = "order by {} ".format(order_by) extra_args = {} # Handle ?_size=500 page_size = _size or request.args.get("_size") or table_metadata.get("size") if page_size: if page_size == "max": page_size = self.ds.max_returned_rows try: page_size = int(page_size) if page_size < 0: raise ValueError except ValueError: raise DatasetteError("_size must be a positive integer", status=400) if page_size > self.ds.max_returned_rows: raise DatasetteError( "_size must be <= {}".format(self.ds.max_returned_rows), status=400 ) extra_args["page_size"] = page_size else: page_size = self.ds.page_size sql_no_limit = "select {select} from {table_name} {where}{order_by}".format( select=select, table_name=escape_sqlite(table), where=where_clause, order_by=order_by, ) sql = "{sql_no_limit} limit {limit}{offset}".format( sql_no_limit=sql_no_limit.rstrip(), limit=page_size + 1, offset=offset ) if request.args.get("_timelimit"): extra_args["custom_time_limit"] = int(request.args.get("_timelimit")) results = await db.execute(sql, params, truncate=True, **extra_args) # Number of filtered rows in whole set: filtered_table_rows_count = None if ( not db.is_mutable and self.ds.inspect_data and count_sql == "select count(*) from {} ".format(table) ): try: filtered_table_rows_count = self.ds.inspect_data[database]["tables"][ table ]["count"] except KeyError: pass if count_sql and filtered_table_rows_count is None: try: count_rows = list(await db.execute(count_sql, from_sql_params)) filtered_table_rows_count = count_rows[0][0] except QueryInterrupted: pass # facets support if not self.ds.config("allow_facet") and any( arg.startswith("_facet") for arg in request.args ): raise DatasetteError("_facet= is not allowed", status=400) # pylint: disable=no-member facet_classes = list( itertools.chain.from_iterable(pm.hook.register_facet_classes()) ) facet_results = {} facets_timed_out = [] facet_instances = [] for klass in facet_classes: facet_instances.append( klass( self.ds, request, database, sql=sql_no_limit, params=params, table=table, metadata=table_metadata, row_count=filtered_table_rows_count, ) ) for facet in facet_instances: ( instance_facet_results, instance_facets_timed_out, ) = await facet.facet_results() facet_results.update(instance_facet_results) facets_timed_out.extend(instance_facets_timed_out) # Figure out columns and rows for the query columns = [r[0] for r in results.description] rows = list(results.rows) # Expand labeled columns if requested expanded_columns = [] expandable_columns = await self.expandable_columns(database, table) columns_to_expand = None try: all_labels = value_as_boolean(special_args.get("_labels", "")) except ValueError: all_labels = default_labels # Check for explicit _label= if "_label" in request.args: columns_to_expand = request.args.getlist("_label") if columns_to_expand is None and all_labels: # expand all columns with foreign keys columns_to_expand = [fk["column"] for fk, _ in expandable_columns] if columns_to_expand: expanded_labels = {} for fk, _ in expandable_columns: column = fk["column"] if column not in columns_to_expand: continue expanded_columns.append(column) # Gather the values column_index = columns.index(column) values = [row[column_index] for row in rows] # Expand them expanded_labels.update( await self.ds.expand_foreign_keys(database, table, column, values) ) if expanded_labels: # Rewrite the rows new_rows = [] for row in rows: new_row = CustomRow(columns) for column in row.keys(): value = row[column] if (column, value) in expanded_labels and value is not None: new_row[column] = { "value": value, "label": expanded_labels[(column, value)], } else: new_row[column] = value new_rows.append(new_row) rows = new_rows # Pagination next link next_value = None next_url = None if len(rows) > page_size and page_size > 0: if is_view: next_value = int(_next or 0) + page_size else: next_value = path_from_row_pks(rows[-2], pks, use_rowid) # If there's a sort or sort_desc, add that value as a prefix if (sort or sort_desc) and not is_view: prefix = rows[-2][sort or sort_desc] if isinstance(prefix, dict) and "value" in prefix: prefix = prefix["value"] if prefix is None: prefix = "$null" else: prefix = urllib.parse.quote_plus(str(prefix)) next_value = "{},{}".format(prefix, next_value) added_args = {"_next": next_value} if sort: added_args["_sort"] = sort else: added_args["_sort_desc"] = sort_desc else: added_args = {"_next": next_value} next_url = self.ds.absolute_url( request, path_with_replaced_args(request, added_args) ) rows = rows[:page_size] # Detect suggested facets suggested_facets = [] if ( self.ds.config("suggest_facets") and self.ds.config("allow_facet") and not _next ): for facet in facet_instances: suggested_facets.extend(await facet.suggest()) # human_description_en combines filters AND search, if provided human_description_en = filters.human_description_en( extra=extra_human_descriptions ) if sort or sort_desc: sorted_by = "sorted by {}{}".format( (sort or sort_desc), " descending" if sort_desc else "" ) human_description_en = " ".join( [b for b in [human_description_en, sorted_by] if b] ) async def extra_template(): nonlocal sort display_columns, display_rows = await self.display_columns_and_rows( database, table, results.description, rows, link_column=not is_view, truncate_cells=self.ds.config("truncate_cells_html"), ) metadata = ( (self.ds.metadata("databases") or {}) .get(database, {}) .get("tables", {}) .get(table, {}) ) self.ds.update_with_inherited_metadata(metadata) form_hidden_args = [] for arg in ("_fts_table", "_fts_pk"): if arg in special_args: form_hidden_args.append((arg, special_args[arg])) if request.args.get("_where"): for where_text in request.args.getlist("_where"): form_hidden_args.append(("_where", where_text)) # if no sort specified AND table has a single primary key, # set sort to that so arrow is displayed if not sort and not sort_desc: if 1 == len(pks): sort = pks[0] elif use_rowid: sort = "rowid" return { "supports_search": bool(fts_table), "search": search or "", "use_rowid": use_rowid, "filters": filters, "display_columns": display_columns, "filter_columns": columns, "display_rows": display_rows, "facets_timed_out": facets_timed_out, "sorted_facet_results": sorted( facet_results.values(), key=lambda f: (len(f["results"]), f["name"]), reverse=True, ), "extra_wheres_for_ui": extra_wheres_for_ui, "form_hidden_args": form_hidden_args, "is_sortable": any(c["sortable"] for c in display_columns), "path_with_replaced_args": path_with_replaced_args, "path_with_removed_args": path_with_removed_args, "append_querystring": append_querystring, "request": request, "sort": sort, "sort_desc": sort_desc, "disable_sort": is_view, "custom_table_templates": [ "_table-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table-table-{}-{}.html".format( to_css_class(database), to_css_class(table) ), "_table.html", ], "metadata": metadata, "view_definition": await db.get_view_definition(table), "table_definition": await db.get_table_definition(table), } return ( { "database": database, "table": table, "is_view": is_view, "human_description_en": human_description_en, "rows": rows[:page_size], "truncated": results.truncated, "filtered_table_rows_count": filtered_table_rows_count, "expanded_columns": expanded_columns, "expandable_columns": expandable_columns, "columns": columns, "primary_keys": pks, "units": units, "query": {"sql": sql, "params": params}, "facet_results": facet_results, "suggested_facets": suggested_facets, "next": next_value and str(next_value) or None, "next_url": next_url, "private": private, "allow_execute_sql": await self.ds.permission_allowed( request.actor, "execute-sql", database, default=True ), }, extra_template, ( "table-{}-{}.html".format(to_css_class(database), to_css_class(table)), "table.html", ), )
def test_to_css_class(s, expected): assert expected == utils.to_css_class(s)
async def extra_template(): nonlocal sort display_columns, display_rows = await self.display_columns_and_rows( database, table, results.description, rows, link_column=not is_view, truncate_cells=self.ds.config("truncate_cells_html"), ) metadata = ((self.ds.metadata("databases") or {}).get(database, {}).get("tables", {}).get(table, {})) self.ds.update_with_inherited_metadata(metadata) form_hidden_args = [] # Add currently selected facets for arg in special_args: if arg == "_facet" or arg.startswith("_facet_"): form_hidden_args.extend( (arg, item) for item in request.args.getlist(arg)) for arg in ("_fts_table", "_fts_pk"): if arg in special_args: form_hidden_args.append((arg, special_args[arg])) if request.args.get("_where"): for where_text in request.args.getlist("_where"): form_hidden_args.append(("_where", where_text)) # if no sort specified AND table has a single primary key, # set sort to that so arrow is displayed if not sort and not sort_desc: if 1 == len(pks): sort = pks[0] elif use_rowid: sort = "rowid" return { "supports_search": bool(fts_table), "search": search or "", "use_rowid": use_rowid, "filters": filters, "display_columns": display_columns, "filter_columns": columns, "display_rows": display_rows, "facets_timed_out": facets_timed_out, "sorted_facet_results": sorted( facet_results.values(), key=lambda f: (len(f["results"]), f["name"]), reverse=True, ), "extra_wheres_for_ui": extra_wheres_for_ui, "form_hidden_args": form_hidden_args, "is_sortable": any(c["sortable"] for c in display_columns), "path_with_replaced_args": path_with_replaced_args, "path_with_removed_args": path_with_removed_args, "append_querystring": append_querystring, "request": request, "sort": sort, "sort_desc": sort_desc, "disable_sort": is_view, "custom_table_templates": [ "_table-{}-{}.html".format(to_css_class(database), to_css_class(table)), "_table-table-{}-{}.html".format(to_css_class(database), to_css_class(table)), "_table.html", ], "metadata": metadata, "view_definition": await db.get_view_definition(table), "table_definition": await db.get_table_definition(table), }
async def data(self, request, database, hash, table, pk_path, default_labels=False): await self.check_permissions( request, [ ("view-table", (database, table)), ("view-database", database), "view-instance", ], ) pk_values = urlsafe_components(pk_path) db = self.ds.databases[database] sql, params, pks = await _sql_params_pks(db, table, pk_values) results = await db.execute(sql, params, truncate=True) columns = [r[0] for r in results.description] rows = list(results.rows) if not rows: raise NotFound("Record not found: {}".format(pk_values)) async def template_data(): display_columns, display_rows = await self.display_columns_and_rows( database, table, results.description, rows, link_column=False, truncate_cells=0, ) for column in display_columns: column["sortable"] = False return { "foreign_key_tables": await self.foreign_key_tables(database, table, pk_values), "display_columns": display_columns, "display_rows": display_rows, "custom_table_templates": [ "_table-{}-{}.html".format(to_css_class(database), to_css_class(table)), "_table-row-{}-{}.html".format(to_css_class(database), to_css_class(table)), "_table.html", ], "metadata": (self.ds.metadata("databases") or {}).get(database, {}).get("tables", {}).get(table, {}), } data = { "database": database, "table": table, "rows": rows, "columns": columns, "primary_keys": pks, "primary_key_values": pk_values, "units": self.ds.table_metadata(database, table).get("units", {}), } if "foreign_key_tables" in (request.args.get("_extras") or "").split(","): data["foreign_key_tables"] = await self.foreign_key_tables( database, table, pk_values) return ( data, template_data, ( "row-{}-{}.html".format(to_css_class(database), to_css_class(table)), "row.html", ), )
async def custom_sql( self, request, database, hash, sql, editable=True, canned_query=None, metadata=None, _size=None, ): params = request.raw_args if "sql" in params: params.pop("sql") if "_shape" in params: params.pop("_shape") # Extract any :named parameters named_parameters = self.re_named_parameter.findall(sql) named_parameter_values = { named_parameter: params.get(named_parameter) or "" for named_parameter in named_parameters } # Set to blank string if missing from params for named_parameter in named_parameters: if named_parameter not in params: params[named_parameter] = "" extra_args = {} if params.get("_timelimit"): extra_args["custom_time_limit"] = int(params["_timelimit"]) if _size: extra_args["page_size"] = _size results = await self.ds.execute(database, sql, params, truncate=True, **extra_args) columns = [r[0] for r in results.description] templates = [ "query-{}.html".format(to_css_class(database)), "query.html" ] if canned_query: templates.insert( 0, "query-{}-{}.html".format(to_css_class(database), to_css_class(canned_query)), ) async def extra_template(): display_rows = [] for row in results.rows: display_row = [] for column, value in zip(results.columns, row): display_value = value # Let the plugins have a go # pylint: disable=no-member plugin_value = pm.hook.render_cell( value=value, column=column, table=None, database=database, datasette=self.ds, ) if plugin_value is not None: display_value = plugin_value else: if value in ("", None): display_value = jinja2.Markup(" ") elif is_url(str(display_value).strip()): display_value = jinja2.Markup( '<a href="{url}">{url}</a>'.format( url=jinja2.escape(value.strip()))) display_row.append(display_value) display_rows.append(display_row) return { "display_rows": display_rows, "custom_sql": True, "named_parameter_values": named_parameter_values, "editable": editable, "canned_query": canned_query, "metadata": metadata, "config": self.ds.config_dict(), "request": request, "path_with_added_args": path_with_added_args, "path_with_removed_args": path_with_removed_args, "hide_sql": "_hide_sql" in params, } return ( { "database": database, "rows": results.rows, "truncated": results.truncated, "columns": columns, "query": { "sql": sql, "params": params }, }, extra_template, templates, )
async def custom_sql(self, request, name, hash, sql, editable=True, canned_query=None, metadata=None, _size=None): params = request.raw_args if "sql" in params: params.pop("sql") if "_shape" in params: params.pop("_shape") # Extract any :named parameters named_parameters = self.re_named_parameter.findall(sql) named_parameter_values = { named_parameter: params.get(named_parameter) or "" for named_parameter in named_parameters } # Set to blank string if missing from params for named_parameter in named_parameters: if named_parameter not in params: params[named_parameter] = "" extra_args = {} if params.get("_timelimit"): extra_args["custom_time_limit"] = int(params["_timelimit"]) if _size: extra_args["page_size"] = _size results = await self.ds.execute(name, sql, params, truncate=True, **extra_args) columns = [r[0] for r in results.description] templates = ["query-{}.html".format(to_css_class(name)), "query.html"] if canned_query: templates.insert( 0, "query-{}-{}.html".format(to_css_class(name), to_css_class(canned_query)), ) async def extra_template(): display_rows = [] for row in results.rows: display_row = [] for value in row: display_value = value if value in ("", None): display_value = jinja2.Markup(" ") elif is_url(str(value).strip()): display_value = jinja2.Markup( '<a href="{url}">{url}</a>'.format( url=jinja2.escape(value.strip()))) display_row.append(display_value) display_rows.append(display_row) return { "display_rows": display_rows, "database_hash": hash, "custom_sql": True, "named_parameter_values": named_parameter_values, "editable": editable, "canned_query": canned_query, "metadata": metadata, "config": self.ds.config, } return { "database": name, "rows": results.rows, "truncated": results.truncated, "columns": columns, "query": { "sql": sql, "params": params }, }, extra_template, templates