blazer 2.4.7 → 2.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 001d5a72253bcf62b525854064c1242e7569cc139b8263f54fade4536772de0a
-  data.tar.gz: 9bf14d133dec31e413fa37390cadcd24bf9e0ae965dee208fc7fe7acca0f9111
+  metadata.gz: 8bdfc1e428f7e01bf9a06461a5f0143a6e940cd1e3d708ba2bd504132bbaa1db
+  data.tar.gz: 729e9a408e7f4fa5203ab4c133800e49087fccf634efcf7c9dd6ca80a610a861
 SHA512:
-  metadata.gz: d0406c619b9f6ab242d7dd8d6dcca2341876ee9b5326638a57c590a5a95ecffccc9082b6323dca929487c8d55d5961b93e53788d323866c3d97d06aa846de21a
-  data.tar.gz: 8841aaf8abbedd623b355fac0dd455a1c437abf297748ca847df15c895ba8ff59bda8c536e48da0c1e3fd882e10dbe449f6ba9c7916f0ac3caa882d822339b00
+  metadata.gz: e6c7a7be80246c1030170a5df95656947b2431cf908bb6d37d668cbe3f57006ef096d63186976c63c683f0e2511873cabb5d2be56e389de331487666ba297dc3
+  data.tar.gz: 9feb70216244f77d37357376cd68b9ec85a6d3eeb3c89f3e58196688e81618ca2ae38372e5491e0811bdd7d9e0082317a711040f5782cc54f5d9f99ec57d624a

data/CHANGELOG.md

@@ -1,3 +1,22 @@
+## 2.6.0 (2022-04-20)
+
+- Fixed quoting issue with variables
+- Custom adapters now need to specify how to quote variables in queries
+- Added experimental support for Propshaft
+- Fixed error with empty results with InfluxDB
+
+## 2.5.0 (2022-01-04)
+
+- Added support for Slack OAuth tokens
+- Added experimental support for AnomalyDetection.rb
+- Improved table preview for MySQL
+- Fixed cohort analysis for MySQL
+
+## 2.4.8 (2021-12-07)
+
+- Added support for OpenSearch
+- Removed `elasticsearch-xpack` dependency for Elasticsearch
+
 ## 2.4.7 (2021-09-25)
 
 - Made Action Mailer optional

data/README.md

@@ -10,6 +10,8 @@ Blazer is also available as a [Docker image](https://github.com/ankane/blazer-do
 
 :tangerine: Battle-tested at [Instacart](https://www.instacart.com/opensource)
 
+[![Build Status](https://github.com/ankane/blazer/workflows/build/badge.svg?branch=master)](https://github.com/ankane/blazer/actions)
+
 ## Features
 
 - **Multiple data sources** - PostgreSQL, MySQL, Redshift, and [many more](#full-list)
@@ -37,7 +39,7 @@ Blazer is also available as a [Docker image](https://github.com/ankane/blazer-do
 Add this line to your application’s Gemfile:
 
 ```ruby
-gem 'blazer'
+gem "blazer"
 ```
 
 Run:
@@ -59,7 +61,7 @@ For production, specify your database:
 ENV["BLAZER_DATABASE_URL"] = "postgres://user:password@hostname:5432/database"
 ```
 
-Blazer tries to protect against queries which modify data (by running each query in a transaction and rolling it back), but a safer approach is to use a read-only user. [See how to create one](#permissions).
+When possible, Blazer tries to protect against queries which modify data by running each query in a transaction and rolling it back, but a safer approach is to use a read-only user. [See how to create one](#permissions).
 
 #### Checks (optional)
 
@@ -142,11 +144,9 @@ Be sure to render or redirect for unauthorized users.
 
 ## Permissions
 
-Blazer runs each query in a transaction and rolls it back to prevent queries from modifying data. As an additional line of defense, we recommend using a read only user.
-
 ### PostgreSQL
 
-Create a user with read only permissions:
+Create a user with read-only permissions:
 
 ```sql
 BEGIN;
@@ -160,7 +160,7 @@ COMMIT;
 
 ### MySQL
 
-Create a user with read only permissions:
+Create a user with read-only permissions:
 
 ```sql
 GRANT SELECT, SHOW VIEW ON database_name.* TO blazer@’127.0.0.1′ IDENTIFIED BY ‘secret123‘;
@@ -169,7 +169,7 @@ FLUSH PRIVILEGES;
 
 ### MongoDB
 
-Create a user with read only permissions:
+Create a user with read-only permissions:
 
 ```
 db.createUser({user: "blazer", pwd: "password", roles: ["read"]})
@@ -412,7 +412,7 @@ SELECT users.id AS user_id, orders.created_at AS conversion_time, users.created_
 FROM users LEFT JOIN orders ON orders.user_id = users.id
 ```
 
-This feature requires PostgreSQL or MySQL.
+This feature requires PostgreSQL or MySQL 8.
 
 ## Anomaly Detection
 
@@ -423,7 +423,7 @@ Blazer supports three different approaches to anomaly detection.
 Add [prophet-rb](https://github.com/ankane/prophet) to your Gemfile:
 
 ```ruby
-gem 'prophet-rb'
+gem "prophet-rb"
 ```
 
 And add to `config/blazer.yml`:
@@ -439,7 +439,7 @@ anomaly_checks: prophet
 Add [trend](https://github.com/ankane/trend) to your Gemfile:
 
 ```ruby
-gem 'trend'
+gem "trend"
 ```
 
 And add to `config/blazer.yml`:
@@ -454,46 +454,20 @@ For the [self-hosted API](https://github.com/ankane/trend-api), create an initia
 Trend.url = "http://localhost:8000"
 ```
 
-### R
+### AnomalyDetection.rb (experimental)
 
-R uses Twitter’s [AnomalyDetection](https://github.com/twitter/AnomalyDetection) library.
+Add [anomaly_detection](https://github.com/ankane/AnomalyDetection.rb) to your Gemfile:
 
-First, [install R](https://cloud.r-project.org/). Then, run:
-
-```R
-install.packages("remotes")
-remotes::install_github("twitter/AnomalyDetection")
+```ruby
+gem "anomaly_detection"
 ```
 
 And add to `config/blazer.yml`:
 
 ```yml
-anomaly_checks: r
-```
-
-If upgrading from version 1.4 or below, also follow the [upgrade instructions](#15).
-
-If you’re on Heroku, follow the additional instructions below.
-
-### R on Heroku
-
-Add the [R buildpack](https://github.com/virtualstaticvoid/heroku-buildpack-r) to your app.
-
-```sh
-heroku buildpacks:add --index 1 https://github.com/virtualstaticvoid/heroku-buildpack-r.git
-```
-
-And create an `init.R` with:
-
-```r
-if (!"AnomalyDetection" %in% installed.packages()) {
-  install.packages("remotes")
-  remotes::install_github("twitter/AnomalyDetection")
-}
+anomaly_checks: anomaly_detection
 ```
 
-Commit and deploy away. The first deploy may take a few minutes.
-
 ## Forecasting
 
 Blazer supports for two different forecasting methods. [Example](https://blazer.dokkuapp.com/queries/18-forecast?forecast=t)
@@ -502,10 +476,10 @@ A forecast link will appear for queries that return 2 columns with types timesta
 
 ### Prophet
 
-Add [prophet](https://github.com/ankane/prophet) to your Gemfile:
+Add [prophet-rb](https://github.com/ankane/prophet) to your Gemfile:
 
 ```ruby
-gem 'prophet-rb', '>= 0.2.1'
+gem "prophet-rb", ">= 0.2.1"
 ```
 
 And add to `config/blazer.yml`:
@@ -516,12 +490,12 @@ forecasting: prophet
 
 ### Trend
 
-[Trend](https://trendapi.org/) uses an external service.
+[Trend](https://trendapi.org/) uses an external service by default, but you can run it on your own infrastructure as well.
 
 Add [trend](https://github.com/ankane/trend) to your Gemfile:
 
 ```ruby
-gem 'trend'
+gem "trend"
 ```
 
 And add to `config/blazer.yml`:
@@ -530,6 +504,12 @@ And add to `config/blazer.yml`:
 forecasting: trend
 ```
 
+For the [self-hosted API](https://github.com/ankane/trend-api), create an initializer with:
+
+```ruby
+Trend.url = "http://localhost:8000"
+```
+
 ## Uploads
 
 Creating database tables from CSV files. [Example](https://blazer.dokkuapp.com/uploads)
@@ -592,6 +572,7 @@ data_sources:
 - [MongoDB](#mongodb-1)
 - [MySQL](#mysql-1)
 - [Neo4j](#neo4j)
+- [OpenSearch](#opensearch)
 - [Oracle](#oracle)
 - [PostgreSQL](#postgresql-1)
 - [Presto](#presto)
@@ -673,6 +654,8 @@ data_sources:
     url: redshift://user:password@hostname:5439/database
 ```
 
+Use a [read-only user](https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT.html).
+
 ### Apache Drill
 
 Add [drill-sergeant](https://github.com/ankane/drill-sergeant) to your Gemfile and set:
@@ -684,6 +667,8 @@ data_sources:
     url: http://hostname:8047
 ```
 
+Use a [read-only user](https://drill.apache.org/docs/roles-and-privileges/).
+
 ### Apache Hive
 
 Add [hexspace](https://github.com/ankane/hexspace) to your Gemfile and set:
@@ -707,6 +692,8 @@ data_sources:
     url: ignite://user:password@hostname:10800
 ```
 
+Use a [read-only user](https://www.gridgain.com/docs/latest/administrators-guide/security/authorization-permissions) (requires a third-party plugin).
+
 ### Apache Spark
 
 Add [hexspace](https://github.com/ankane/hexspace) to your Gemfile and set:
@@ -730,6 +717,8 @@ data_sources:
     url: cassandra://user:password@hostname:9042/keyspace
 ```
 
+Use a [read-only role](https://docs.datastax.com/en/cql-oss/3.3/cql/cql_using/useSecurePermission.html).
+
 ### Druid
 
 Enable [SQL support](http://druid.io/docs/latest/querying/sql.html#configuration) on the broker and set:
@@ -741,9 +730,11 @@ data_sources:
     url: http://hostname:8082
 ```
 
+Use a [read-only role](https://druid.apache.org/docs/latest/development/extensions-core/druid-basic-security.html).
+
 ### Elasticsearch
 
-Add [elasticsearch](https://github.com/elastic/elasticsearch-ruby) and [elasticsearch-xpack](https://github.com/elastic/elasticsearch-ruby/tree/master/elasticsearch-xpack) to your Gemfile and set:
+Add [elasticsearch](https://github.com/elastic/elasticsearch-ruby) to your Gemfile and set:
 
 ```yml
 data_sources:
@@ -752,6 +743,8 @@ data_sources:
     url: http://user:password@hostname:9200
 ```
 
+Use a [read-only role](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html).
+
 ### Google BigQuery
 
 Add [google-cloud-bigquery](https://github.com/GoogleCloudPlatform/google-cloud-ruby/tree/master/google-cloud-bigquery) to your Gemfile and set:
@@ -774,6 +767,8 @@ data_sources:
     url: ibm-db://user:password@hostname:50000/database
 ```
 
+Use a [read-only user](https://www.ibm.com/support/pages/creating-read-only-database-permissions-user).
+
 ### InfluxDB
 
 Add [influxdb](https://github.com/influxdata/influxdb-ruby) to your Gemfile and set:
@@ -785,7 +780,7 @@ data_sources:
     url: http://user:password@hostname:8086/database
 ```
 
-Supports [InfluxQL](https://docs.influxdata.com/influxdb/v1.8/query_language/explore-data/)
+Use a [read-only user](https://docs.influxdata.com/influxdb/v1.8/administration/authentication_and_authorization/). Supports [InfluxQL](https://docs.influxdata.com/influxdb/v1.8/query_language/explore-data/).
 
 ### MongoDB
 
@@ -799,6 +794,8 @@ data_sources:
     url: mongodb://user:password@hostname:27017/database
 ```
 
+Use a [read-only user](#mongodb).
+
 ### MySQL
 
 Add [mysql2](https://github.com/brianmario/mysql2) to your Gemfile (if it’s not there) and set:
@@ -809,6 +806,8 @@ data_sources:
     url: mysql2://user:password@hostname:3306/database
 ```
 
+Use a [read-only user](#mysql).
+
 ### Neo4j
 
 Add [neo4j-core](https://github.com/neo4jrb/neo4j-core) to your Gemfile and set:
@@ -820,6 +819,21 @@ data_sources:
     url: http://user:password@hostname:7474
 ```
 
+Use a [read-only user](https://neo4j.com/docs/cypher-manual/current/access-control/manage-privileges/).
+
+### OpenSearch
+
+Add [opensearch-ruby](https://github.com/opensearch-project/opensearch-ruby) to your Gemfile and set:
+
+```yml
+data_sources:
+  my_source:
+    adapter: opensearch
+    url: http://user:password@hostname:9200
+```
+
+Use a [read-only user](https://opensearch.org/docs/latest/security-plugin/access-control/permissions/).
+
 ### Oracle
 
 Add [activerecord-oracle_enhanced-adapter](https://github.com/rsim/oracle-enhanced) and [ruby-oci8](https://github.com/kubo/ruby-oci8) to your Gemfile and set:
@@ -830,6 +844,8 @@ data_sources:
     url: oracle-enhanced://user:password@hostname:1521/database
 ```
 
+Use a [read-only user](https://docs.oracle.com/cd/B19306_01/network.102/b14266/authoriz.htm).
+
 ### PostgreSQL
 
 Add [pg](https://github.com/ged/ruby-pg) to your Gemfile (if it’s not there) and set:
@@ -840,6 +856,8 @@ data_sources:
     url: postgres://user:password@hostname:5432/database
 ```
 
+Use a [read-only user](#postgresql).
+
 ### Presto
 
 Add [presto-client](https://github.com/treasure-data/presto-client-ruby) to your Gemfile and set:
@@ -850,6 +868,8 @@ data_sources:
     url: presto://user@hostname:8080/catalog
 ```
 
+Use a [read-only user](https://prestodb.io/docs/current/security/built-in-system-access-control.html).
+
 ### Salesforce
 
 Add [restforce](https://github.com/restforce/restforce) to your Gemfile and set:
@@ -871,7 +891,7 @@ SALESFORCE_CLIENT_SECRET="client secret"
 SALESFORCE_API_VERSION="41.0"
 ```
 
-Supports [SOQL](https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql.htm)
+Use a read-only user. Supports [SOQL](https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql.htm).
 
 ### Socrata Open Data API (SODA)
 
@@ -885,7 +905,7 @@ data_sources:
     app_token: ...
 ```
 
-Supports [SoQL](https://dev.socrata.com/docs/functions/)
+Supports [SoQL](https://dev.socrata.com/docs/functions/).
 
 ### Snowflake
 
@@ -919,6 +939,8 @@ data_sources:
     conn_str: Driver=/path/to/libSnowflake.so;uid=user;pwd=password;server=host.snowflakecomputing.com
 ```
 
+Use a [read-only role](https://docs.snowflake.com/en/user-guide/security-access-control-configure.html).
+
 ### SQLite
 
 Add [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) to your Gemfile and set:
@@ -939,6 +961,8 @@ data_sources:
     url: sqlserver://user:password@hostname:1433/database
 ```
 
+Use a [read-only user](https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/getting-started-with-database-engine-permissions?view=sql-server-ver15).
+
 ## Creating an Adapter
 
 Create an adapter for any data store with:
@@ -1015,6 +1039,22 @@ override_csp: true
 
 ## Upgrading
 
+### 2.6
+
+Custom adapters now need to specify how to quote variables in queries (there is no longer a default)
+
+```ruby
+class FooAdapter < Blazer::Adapters::BaseAdapter
+  def quoting
+    :backslash_escape # single quote strings and convert ' to \' and \ to \\
+    # or
+    :single_quote_escape # single quote strings and convert ' to ''
+    # or
+    ->(value) { ... } # custom method
+  end
+end
+```
+
 ### 2.3
 
 To archive queries, create a migration

data/app/assets/stylesheets/blazer/application.css

@@ -1,4 +1,5 @@
 /*
+ *= require ./bootstrap-sprockets
  *= require ./bootstrap
  *= require ./selectize
  *= require ./github

data/app/assets/stylesheets/blazer/bootstrap-propshaft.css

@@ -0,0 +1,10 @@
+/*!
+ * Bootstrap v3.4.1 (https://getbootstrap.com/)
+ * Copyright 2011-2019 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+ */
+@font-face {
+  font-family: "Glyphicons Halflings";
+  src: url('/blazer/glyphicons-halflings-regular.eot');
+  src: url('/blazer/glyphicons-halflings-regular.eot?#iefix') format('embedded-opentype'), url('/blazer/glyphicons-halflings-regular.woff2') format('woff2'), url('/blazer/glyphicons-halflings-regular.woff') format('woff'), url('/blazer/glyphicons-halflings-regular.ttf') format('truetype'), url('/blazer/glyphicons-halflings-regular.svg#glyphicons_halflingsregular') format('svg');
+}

data/app/assets/stylesheets/blazer/bootstrap-sprockets.css.erb

@@ -0,0 +1,10 @@
+/*!
+ * Bootstrap v3.4.1 (https://getbootstrap.com/)
+ * Copyright 2011-2019 Twitter, Inc.
+ * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
+ */
+@font-face {
+  font-family: "Glyphicons Halflings";
+  src: url('<%= font_path("blazer/glyphicons-halflings-regular.eot") %>');
+  src: url('<%= font_path("blazer/glyphicons-halflings-regular.eot?#iefix") %>') format('embedded-opentype'), url('<%= font_path("blazer/glyphicons-halflings-regular.woff2") %>') format('woff2'), url('<%= font_path("blazer/glyphicons-halflings-regular.woff") %>') format('woff'), url('<%= font_path("blazer/glyphicons-halflings-regular.ttf") %>') format('truetype'), url('<%= font_path("blazer/glyphicons-halflings-regular.svg#glyphicons_halflingsregular") %>') format('svg');
+}

data/app/assets/stylesheets/blazer/{bootstrap.css.erb → bootstrap.css}

@@ -263,11 +263,6 @@ th {
     border: 1px solid #ddd !important;
   }
 }
-@font-face {
-  font-family: "Glyphicons Halflings";
-  src: url('<%= font_path("blazer/glyphicons-halflings-regular.eot") %>');
-  src: url('<%= font_path("blazer/glyphicons-halflings-regular.eot?#iefix") %>') format('embedded-opentype'), url('<%= font_path("blazer/glyphicons-halflings-regular.woff2") %>') format('woff2'), url('<%= font_path("blazer/glyphicons-halflings-regular.woff") %>') format('woff'), url('<%= font_path("blazer/glyphicons-halflings-regular.ttf") %>') format('truetype'), url('<%= font_path("blazer/glyphicons-halflings-regular.svg#glyphicons_halflingsregular") %>') format('svg');
-}
 .glyphicon {
   position: relative;
   top: 1px;
@@ -6831,4 +6826,3 @@ button.close {
     display: none !important;
   }
 }
-/*# sourceMappingURL=bootstrap.css.map */

data/app/controllers/blazer/base_controller.rb

@@ -32,45 +32,34 @@ module Blazer
 
     private
 
-      def process_vars(statement, data_source)
-        (@bind_vars ||= []).concat(Blazer.extract_vars(statement)).uniq!
+      def process_vars(statement, var_params = nil)
+        var_params ||= request.query_parameters
+        (@bind_vars ||= []).concat(statement.variables).uniq!
+        # update in-place so populated in view and consistent across queries on dashboard
         @bind_vars.each do |var|
-          params[var] ||= Blazer.data_sources[data_source].variable_defaults[var]
-        end
-        @success = @bind_vars.all? { |v| params[v] }
-
-        if @success
-          @bind_vars.each do |var|
-            value = params[var].presence
-            if value
-              if ["start_time", "end_time"].include?(var)
-                value = value.to_s.gsub(" ", "+") # fix for Quip bug
-              end
-
-              if var.end_with?("_at")
-                begin
-                  value = Blazer.time_zone.parse(value)
-                rescue
-                  # do nothing
-                end
-              end
-
-              if value =~ /\A\d+\z/
-                value = value.to_i
-              elsif value =~ /\A\d+\.\d+\z/
-                value = value.to_f
-              end
-            end
-            value = Blazer.transform_variable.call(var, value) if Blazer.transform_variable
-            statement.gsub!("{#{var}}", ActiveRecord::Base.connection.quote(value))
+          if !var_params[var]
+            default = statement.data_source.variable_defaults[var]
+            # only add if default exists
+            var_params[var] = default if default
           end
         end
+        runnable = @bind_vars.all? { |v| var_params[v] }
+        statement.add_values(var_params) if runnable
+        runnable
+      end
+
+      def refresh_query(query)
+        statement = query.statement_object
+        runnable = process_vars(statement)
+        cohort_analysis_statement(statement) if statement.cohort_analysis?
+        statement.clear_cache if runnable
       end
 
       def add_cohort_analysis_vars
         @bind_vars << "cohort_period" unless @bind_vars.include?("cohort_period")
-        @smart_vars["cohort_period"] = ["day", "week", "month"]
-        params[:cohort_period] ||= "week"
+        @smart_vars["cohort_period"] = ["day", "week", "month"] if @smart_vars
+        # TODO create var_params method
+        request.query_parameters["cohort_period"] ||= "week"
       end
 
       def parse_smart_variables(var, data_source)
@@ -94,22 +83,33 @@ module Blazer
         [smart_var, error]
       end
 
-      # don't pass to url helpers
-      #
-      # some are dangerous when passed as symbols
-      # root_url({host: "evilsite.com"})
-      #
-      # certain ones (like host) only affect *_url and not *_path
-      #
-      # when permitted parameters are passed in Rails 6,
-      # they appear to be added as GET parameters
-      # root_url(params.permit(:host))
+      def cohort_analysis_statement(statement)
+        @cohort_period = params["cohort_period"] || "week"
+        @cohort_period = "week" unless ["day", "week", "month"].include?(@cohort_period)
+
+        # for now
+        @conversion_period = @cohort_period
+        @cohort_days =
+          case @cohort_period
+          when "day"
+            1
+          when "week"
+            7
+          when "month"
+            30
+          end
+
+        statement.apply_cohort_analysis(period: @cohort_period, days: @cohort_days)
+      end
+
+      # TODO allow all keys
+      # or show error message for disallowed keys
       UNPERMITTED_KEYS = [:controller, :action, :id, :host, :query, :dashboard, :query_id, :query_ids, :table_names, :authenticity_token, :utf8, :_method, :commit, :statement, :data_source, :name, :fork_query_id, :blazer, :run_id, :script_name, :original_script_name]
 
-      # remove unpermitted keys from both params and permitted keys for better sleep
-      def variable_params(resource)
+      def variable_params(resource, var_params = nil)
         permitted_keys = resource.variables - UNPERMITTED_KEYS.map(&:to_s)
-        params.except(*UNPERMITTED_KEYS).slice(*permitted_keys).permit!
+        var_params ||= request.query_parameters
+        var_params.slice(*permitted_keys)
       end
       helper_method :variable_params
 

data/app/controllers/blazer/dashboards_controller.rb

@@ -21,11 +21,8 @@ module Blazer
 
     def show
       @queries = @dashboard.dashboard_queries.order(:position).preload(:query).map(&:query)
-      @statements = []
       @queries.each do |query|
-        statement = query.statement.dup
-        process_vars(statement, query.data_source)
-        @statements << statement
+        @success = process_vars(query.statement_object)
       end
       @bind_vars ||= []
 
@@ -48,7 +45,7 @@ module Blazer
 
     def update
       if update_dashboard(@dashboard)
-        redirect_to dashboard_path(@dashboard, variable_params(@dashboard))
+        redirect_to dashboard_path(@dashboard, params: variable_params(@dashboard))
       else
         render_errors @dashboard
       end
@@ -61,13 +58,9 @@ module Blazer
 
     def refresh
       @dashboard.queries.each do |query|
-        data_source = Blazer.data_sources[query.data_source]
-        statement = query.statement.dup
-        process_vars(statement, query.data_source)
-        Blazer.transform_statement.call(data_source, statement) if Blazer.transform_statement
-        data_source.clear_cache(statement)
+        refresh_query(query)
       end
-      redirect_to dashboard_path(@dashboard, variable_params(@dashboard))
+      redirect_to dashboard_path(@dashboard, params: variable_params(@dashboard))
     end
 
     private