RubyGems - bnb_blazer - Versions diffs - 0.7.0 → 0.8.0 - Mend

bnb_blazer 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/app/overrides/controllers/blazer/base_controller_override.rb +133 -0
data/lib/bnb_blazer/version.rb +1 -1
metadata +2 -2
data/app/controllers/bnb_blazer/base_controller.rb +0 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06465b7bc74fb9c9350467f23ae914accc47aa26e7ee5973f138bbcbcb9a19d9
-  data.tar.gz: 26bf968760df1f82273873d66af5722bdcc293806c340f57b594ba19a04b9753
+  metadata.gz: 9dfd9dcc54ad8fc13934d9de74792a7c1be24d2449fb4c868490692302086341
+  data.tar.gz: ce3a925a2fc273a2d79873ba3c3c3e3f60581cad6cd8ec0f93a23711597ba833
 SHA512:
-  metadata.gz: 16ebe79d26cecd562ff8b1881c38e17a1b0581c4f3fc62545fb4a2cd283e420655f2046ec1a07975f8b71ae1bcdb88afb6ff14406ef7319fc5c8a256deed3bb1
-  data.tar.gz: 10d4988450aa16045b295d78beec0ca20c9d825b406c7ebeaa2e94578a337059ec7e9db1a40e93149fed5c2419f40f4838f1b83e9298e4dfeba7ed0daa87a703
+  metadata.gz: e73e24bd82ede29b8fe9b4e4e7b66d6ff15797d7704c8586ebb7acace5312ecbecf158372470790c95559d19267995e62cf3a1aa463a94e7a9d1021a9654f468
+  data.tar.gz: 608fcfcc41142cc28c697740f03eee11c3471b289e491db051527e13c5ca4310f253c875478c8d7fe15fbc6ebb77b7c5e19cb7c49d4956430772e7b0139d894c

data/app/overrides/controllers/blazer/base_controller_override.rb ADDED Viewed

@@ -0,0 +1,133 @@
+Blazer::BaseController.class_eval do
+  # skip filters
+  filters = _process_action_callbacks.map(&:filter) - [:activate_authlogic]
+  skip_before_action(*filters, raise: false)
+  skip_after_action(*filters, raise: false)
+  skip_around_action(*filters, raise: false)
+  clear_helpers
+  protect_from_forgery with: :exception
+  if ENV["BLAZER_PASSWORD"]
+    http_basic_authenticate_with name: ENV["BLAZER_USERNAME"], password: ENV["BLAZER_PASSWORD"]
+  end
+  if Blazer.settings["before_action"]
+    raise Blazer::Error, "The docs for protecting Blazer with a custom before_action had an incorrect example from August 2017 to June 2018. The example method had a boolean return value. However, you must render or redirect if a user is unauthorized rather than return a falsy value. Double check that your before_action works correctly for unauthorized users (if it worked when added, there should be no issue). Then, change before_action to before_action_method in config/blazer.yml."
+  end
+  if Blazer.before_action
+    before_action Blazer.before_action.to_sym
+  end
+  if Blazer.override_csp
+    after_action do
+      response.headers['Content-Security-Policy'] = "default-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:"
+    end
+  end
+  layout "bnb_blazer/application"
+  append_view_path(["views/blazer", "views/bnb_blazer", "views/blazer"])
+  private
+    def process_vars(statement, data_source)
+      (@bind_vars ||= []).concat(Blazer.extract_vars(statement)).uniq!
+      @bind_vars.each do |var|
+        params[var] ||= Blazer.data_sources[data_source].variable_defaults[var]
+      end
+      @success = @bind_vars.all? { |v| params[v] }
+      if @success
+        @bind_vars.each do |var|
+          value = params[var].presence
+          if value
+            if ["start_time", "end_time"].include?(var)
+              value = value.to_s.gsub(" ", "+") # fix for Quip bug
+            end
+            if var.end_with?("_at")
+              begin
+                value = Blazer.time_zone.parse(value)
+              rescue
+                # do nothing
+              end
+            end
+            if value =~ /\A\d+\z/
+              value = value.to_i
+            elsif value =~ /\A\d+\.\d+\z/
+              value = value.to_f
+            end
+          end
+          value = Blazer.transform_variable.call(var, value) if Blazer.transform_variable
+          statement.gsub!("{#{var}}", ActiveRecord::Base.connection.quote(value))
+        end
+      end
+    end
+    def add_cohort_analysis_vars
+      @bind_vars << "cohort_period" unless @bind_vars.include?("cohort_period")
+      @smart_vars["cohort_period"] = ["day", "week", "month"]
+      params[:cohort_period] ||= "week"
+    end
+    def parse_smart_variables(var, data_source)
+      smart_var_data_source =
+        ([data_source] + Array(data_source.settings["inherit_smart_settings"]).map { |ds| Blazer.data_sources[ds] }).find { |ds| ds.smart_variables[var] }
+      if smart_var_data_source
+        query = smart_var_data_source.smart_variables[var]
+        if query.is_a? Hash
+          smart_var = query.map { |k,v| [v, k] }
+        elsif query.is_a? Array
+          smart_var = query.map { |v| [v, v] }
+        elsif query
+          result = smart_var_data_source.run_statement(query)
+          smart_var = result.rows.map { |v| v.reverse }
+          error = result.error if result.error
+        end
+      end
+      [smart_var, error]
+    end
+    # don't pass to url helpers
+    #
+    # some are dangerous when passed as symbols
+    # root_url({host: "evilsite.com"})
+    #
+    # certain ones (like host) only affect *_url and not *_path
+    #
+    # when permitted parameters are passed in Rails 6,
+    # they appear to be added as GET parameters
+    # root_url(params.permit(:host))
+    UNPERMITTED_KEYS = [:controller, :action, :id, :host, :query, :dashboard, :query_id, :query_ids, :table_names, :authenticity_token, :utf8, :_method, :commit, :statement, :data_source, :name, :fork_query_id, :blazer, :run_id, :script_name, :original_script_name]
+    # remove unpermitted keys from both params and permitted keys for better sleep
+    def variable_params(resource)
+      permitted_keys = resource.variables - UNPERMITTED_KEYS.map(&:to_s)
+      params.except(*UNPERMITTED_KEYS).slice(*permitted_keys).permit!
+    end
+    helper_method :variable_params
+    def blazer_user
+      send(Blazer.user_method) if Blazer.user_method && respond_to?(Blazer.user_method, true)
+    end
+    helper_method :blazer_user
+    def render_errors(resource)
+      @errors = resource.errors
+      action = resource.persisted? ? :edit : :new
+      render action, status: :unprocessable_entity
+    end
+    # do not inherit from ApplicationController - #120
+    def default_url_options
+      {}
+    end
+end
+end

data/lib/bnb_blazer/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module BnbBlazer
-  VERSION = "0.7.0"
+  VERSION = "0.8.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bnb_blazer
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Joe
@@ -32,7 +32,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - Rakefile
-- app/controllers/bnb_blazer/base_controller.rb
+- app/overrides/controllers/blazer/base_controller_override.rb
 - app/views/bnb_blazer/_variables.html.haml
 - app/views/bnb_blazer/checks/_form.html.haml
 - app/views/bnb_blazer/checks/edit.html.haml

data/app/controllers/bnb_blazer/base_controller.rb DELETED Viewed

@@ -1,6 +0,0 @@
-module BNBBlazer
-  class Blazer::BaseController < ApplicationController
-    layout "bnb_blazer/application"
-    append_view_path(["views/blazer", "views/bnb_blazer", "views/blazer"])
-  end
-end