forest_admin_agent 1.0.0.pre.beta.83 → 1.0.0.pre.beta.85

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc2616742091891ab31320bddf9c831fe4c02d5a87cf932a0e871ef2d38763c6
-  data.tar.gz: b1339e1f05022f5b802acf7316e7f2e2aa3ec813e0266257056e1961170e31d2
+  metadata.gz: ea066cba15cc0f617f2d1c3a80268389401c379e137ea8eccf6311af1a47c74e
+  data.tar.gz: dd1be9288ee1bb1b2873d5d1b5eb2c76f6a2a48bfe836d4f13ed8b80b317f1d5
 SHA512:
-  metadata.gz: 75f872e89c52353aebd3f2bc81aab8004db746fb5d1852cb63c2b5e7f2125a04e105c87f4b1e595a772d0928ee156c94bca01fad7dcb1764074366cfcc7dc96f
-  data.tar.gz: 446338498854b9aaec0e1b00b68dca90230e371b202a55d14b4509c43e9e98875bc61bb5ac5cad2df405162ef1762d01cd7241874fc4f61e7422e9b91f99b97c
+  metadata.gz: c85e1a843858134e2e80b5c029f94abcffd853c0ff36994e0c3fd583c6f421b92ada593d2ba5e88189087b0edf0193ce8421c608e34459c14c945c5f523afd3e
+  data.tar.gz: b016730a166f3cc7007d7173504ea0136151d8019396cc592b5a90854bf2695f0684d3b6f0919cf53196de20b8b8a0e32178ff30cf0de5da6d0ba7e45dea9820

data/lib/forest_admin_agent/http/router.rb

@@ -12,6 +12,7 @@ module ForestAdminAgent
           Security::ScopeInvalidation.new.routes,
           Charts::Charts.new.routes,
           Capabilities::Collections.new.routes,
+          Resources::NativeQuery.new.routes,
           Resources::Count.new.routes,
           Resources::Delete.new.routes,
           Resources::Csv.new.routes,

data/lib/forest_admin_agent/routes/abstract_route.rb

@@ -8,6 +8,8 @@ module ForestAdminAgent
 
       def build(args)
         @datasource = ForestAdminAgent::Facades::Container.datasource
+        return unless args[:params]['collection_name']
+
         @collection = @datasource.get_collection(args[:params]['collection_name'])
       end
 

data/lib/forest_admin_agent/routes/capabilities/collections.rb

@@ -18,6 +18,13 @@ module ForestAdminAgent
           @datasource = ForestAdminAgent::Facades::Container.datasource
           collections = args[:params]['collectionNames'] || []
 
+          connections = []
+          ForestAdminAgent::Builder::AgentFactory.instance.customizer.datasources.map do |root_datasource|
+            connections = connections.union(
+              root_datasource.live_query_connections.keys.map { |connection_name| { name: connection_name } }
+            )
+          end
+
           result = collections.map do |collection_name|
             collection = @datasource.get_collection(collection_name)
             {
@@ -34,7 +41,8 @@ module ForestAdminAgent
 
           {
             content: {
-              collections: result
+              collections: result,
+              nativeQueryConnections: connections
             },
             status: 200
           }

data/lib/forest_admin_agent/routes/query_handler.rb

@@ -0,0 +1,56 @@
+module ForestAdminAgent
+  module Routes
+    module QueryHandler
+      include ForestAdminAgent::Utils
+      include ForestAdminAgent::Builder
+      include ForestAdminDatasourceToolkit::Components::Query
+      include ForestAdminDatasourceToolkit::Validations
+
+      def inject_context_variables(connection_name, query, permissions, caller, context_variables)
+        user = permissions.get_user_data(caller.id)
+        team = permissions.get_team(caller.rendering_id)
+        context_variables = ContextVariables.new(team, user, context_variables)
+
+        ContextVariablesInjector.inject_context_in_native_query(connection_name, query, context_variables)
+      end
+
+      def execute_query(query, connection_name, permissions, caller, context_variables)
+        root_datasource = AgentFactory.instance.customizer.get_root_datasource_by_connection(connection_name)
+        query = query.strip
+        query, context_variables = inject_context_variables(connection_name, query, permissions, caller,
+                                                            context_variables)
+
+        root_datasource.execute_native_query(
+          connection_name,
+          query,
+          context_variables.values
+        )
+      end
+
+      def parse_query_segment(collection, args, permissions, caller)
+        return unless args[:params][:segmentQuery]
+
+        unless args[:params][:connectionName]
+          raise ForestAdminAgent::Http::Exceptions::UnprocessableError, 'Missing native query connection attribute'
+        end
+
+        QueryValidator.valid?(args[:params][:segmentQuery])
+
+        permissions.can_execute_query_segment?(collection, args[:params][:segmentQuery], args[:params][:connectionName])
+
+        ids = execute_query(
+          args[:params][:segmentQuery],
+          args[:params][:connectionName],
+          permissions,
+          caller,
+          args[:params][:contextVariables]
+        ).map(&:values)
+
+        condition_tree_segment = ConditionTree::ConditionTreeFactory.match_ids(collection, ids)
+        ConditionTreeValidator.validate(condition_tree_segment, collection)
+
+        condition_tree_segment
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/routes/resources/count.rb

@@ -6,6 +6,8 @@ module ForestAdminAgent
       class Count < AbstractAuthenticatedRoute
         include ForestAdminAgent::Builder
         include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
+        include ForestAdminAgent::Routes::QueryHandler
+
         def setup_routes
           add_route('forest_count', 'get', '/:collection_name/count', ->(args) { handle_request(args) })
 
@@ -18,7 +20,16 @@ module ForestAdminAgent
 
           if @collection.is_countable?
             filter = ForestAdminDatasourceToolkit::Components::Query::Filter.new(
-              condition_tree: @permissions.get_scope(@collection)
+              condition_tree: ConditionTreeFactory.intersect(
+                [
+                  @permissions.get_scope(@collection),
+                  parse_query_segment(@collection, args, @permissions, @caller),
+                  ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(@collection, args)
+                ]
+              ),
+              search: QueryStringParser.parse_search(@collection, args),
+              search_extended: QueryStringParser.parse_search_extended(args),
+              segment: QueryStringParser.parse_segment(@collection, args)
             )
             aggregation = ForestAdminDatasourceToolkit::Components::Query::Aggregation.new(operation: 'Count')
             result = @collection.aggregate(@caller, filter, aggregation)

data/lib/forest_admin_agent/routes/resources/csv.rb

@@ -4,6 +4,7 @@ module ForestAdminAgent
       class Csv < AbstractAuthenticatedRoute
         include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
         include ForestAdminAgent::Utils
+        include ForestAdminAgent::Routes::QueryHandler
 
         def setup_routes
           add_route(
@@ -25,6 +26,7 @@ module ForestAdminAgent
             condition_tree: ConditionTreeFactory.intersect(
               [
                 @permissions.get_scope(@collection),
+                parse_query_segment(@collection, args, @permissions, @caller),
                 ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(
                   @collection, args
                 )

data/lib/forest_admin_agent/routes/resources/list.rb

@@ -5,6 +5,8 @@ module ForestAdminAgent
     module Resources
       class List < AbstractAuthenticatedRoute
         include ForestAdminDatasourceToolkit::Components::Query::ConditionTree
+        include ForestAdminAgent::Utils
+        include ForestAdminAgent::Routes::QueryHandler
 
         def setup_routes
           add_route('forest_list', 'get', '/:collection_name', ->(args) { handle_request(args) })
@@ -17,20 +19,21 @@ module ForestAdminAgent
           @permissions.can?(:browse, @collection)
 
           filter = ForestAdminDatasourceToolkit::Components::Query::Filter.new(
-            condition_tree: ConditionTreeFactory.intersect([
-                                                             @permissions.get_scope(@collection),
-                                                             ForestAdminAgent::Utils::QueryStringParser.parse_condition_tree(
-                                                               @collection, args
-                                                             )
-                                                           ]),
-            page: ForestAdminAgent::Utils::QueryStringParser.parse_pagination(args),
-            search: ForestAdminAgent::Utils::QueryStringParser.parse_search(@collection, args),
-            search_extended: ForestAdminAgent::Utils::QueryStringParser.parse_search_extended(args),
-            sort: ForestAdminAgent::Utils::QueryStringParser.parse_sort(@collection, args),
-            segment: ForestAdminAgent::Utils::QueryStringParser.parse_segment(@collection, args)
+            condition_tree: ConditionTreeFactory.intersect(
+              [
+                @permissions.get_scope(@collection),
+                QueryStringParser.parse_condition_tree(@collection, args),
+                parse_query_segment(@collection, args, @permissions, @caller)
+              ]
+            ),
+            page: QueryStringParser.parse_pagination(args),
+            search: QueryStringParser.parse_search(@collection, args),
+            search_extended: QueryStringParser.parse_search_extended(args),
+            sort: QueryStringParser.parse_sort(@collection, args),
+            segment: QueryStringParser.parse_segment(@collection, args)
           )
 
-          projection = ForestAdminAgent::Utils::QueryStringParser.parse_projection_with_pks(@collection, args)
+          projection = QueryStringParser.parse_projection_with_pks(@collection, args)
           records = @collection.list(@caller, filter, projection)
 
           {

data/lib/forest_admin_agent/routes/resources/native_query.rb

@@ -0,0 +1,117 @@
+require 'jsonapi-serializers'
+require 'active_support/inflector'
+
+module ForestAdminAgent
+  module Routes
+    module Resources
+      class NativeQuery < AbstractAuthenticatedRoute
+        include ForestAdminAgent::Builder
+        include ForestAdminAgent::Utils
+        include ForestAdminDatasourceToolkit::Exceptions
+        include ForestAdminDatasourceToolkit::Components::Charts
+        include ForestAdminAgent::Routes::QueryHandler
+
+        def setup_routes
+          add_route(
+            'forest_native_query',
+            'post',
+            '/_internal/native_query',
+            lambda { |args|
+              handle_request(args)
+            }
+          )
+
+          self
+        end
+
+        def handle_request(args = {})
+          build(args)
+          query = args[:params][:query].strip
+
+          QueryValidator.valid?(query)
+          unless args[:params][:connectionName]
+            raise ForestAdminAgent::Http::Exceptions::UnprocessableError, 'Missing native query connection attribute'
+          end
+
+          @permissions.can_chart?(args[:params])
+
+          query.gsub!('?', args[:params][:record_id].to_s) if args[:params][:record_id]
+          self.type = args[:params][:type]
+          result = execute_query(
+            query,
+            args[:params][:connectionName],
+            @permissions,
+            @caller,
+            args[:params][:contextVariables]
+          )
+
+          { content: Serializer::ForestChartSerializer.serialize(send(:"make_#{@type}", result)) }
+        end
+
+        private
+
+        def type=(type)
+          chart_types = %w[Value Objective Pie Line Leaderboard]
+          unless chart_types.include?(type)
+            raise ForestAdminDatasourceToolkit::Exceptions::ForestException, "Invalid Chart type #{type}"
+          end
+
+          @type = type.downcase
+        end
+
+        def raise_error(result, key_names)
+          raise ForestException,
+                "The result columns must be named #{key_names} instead of '#{result.keys.join("', '")}'"
+        end
+
+        def make_value(result)
+          return unless result.count
+
+          result = result.first
+
+          raise_error(result, "'value'") unless result.key?(:value)
+
+          ValueChart.new(result[:value] || 0, result[:previous] || nil).serialize
+        end
+
+        def make_objective(result)
+          return unless result.count
+
+          result = result.first
+
+          raise_error(result, "'value', 'objective'") unless result.key?(:value) || result.key?(:objective)
+
+          ObjectiveChart.new(result[:value] || 0, result[:objective]).serialize
+        end
+
+        def make_pie(result)
+          return unless result.count
+
+          raise_error(result[0], "'key', 'value'") if !result[0]&.key?(:value) || !result[0]&.key?(:key)
+
+          PieChart.new(result).serialize
+        end
+
+        def make_leaderboard(result)
+          return unless result.count
+
+          raise_error(result[0], "'key', 'value'") if !result[0]&.key?(:value) || !result[0]&.key?(:key)
+
+          LeaderboardChart.new(result).serialize
+        end
+
+        def make_line(result)
+          return unless result.count
+
+          result = result.map! do |result_line|
+            raise_error(result_line, "'key', 'value'") if !result_line.key?(:value) || !result_line.key?(:key)
+
+            { label: result_line[:key], values: { value: result_line[:value] } }
+          end
+
+          LineChart.new(result).serialize
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/routes/resources/update.rb

@@ -21,8 +21,7 @@ module ForestAdminAgent
           id = Utils::Id.unpack_id(@collection, args[:params]['id'], with_key: true)
           condition_tree = ConditionTree::ConditionTreeFactory.match_records(@collection, [id])
           filter = ForestAdminDatasourceToolkit::Components::Query::Filter.new(
-            condition_tree: ConditionTree::ConditionTreeFactory.intersect([condition_tree, scope]),
-            page: ForestAdminAgent::Utils::QueryStringParser.parse_pagination(args)
+            condition_tree: ConditionTree::ConditionTreeFactory.intersect([condition_tree, scope])
           )
           data = format_attributes(args)
           @collection.update(@caller, filter, data)

data/lib/forest_admin_agent/routes/security/scope_invalidation.rb

@@ -18,7 +18,7 @@ module ForestAdminAgent
         def handle_request(args)
           # Check if user is logged
           Utils::QueryStringParser.parse_caller(args)
-          Permissions.invalidate_cache('forest.scopes')
+          Permissions.invalidate_cache('forest.rendering')
 
           { content: nil, status: 204 }
         end

data/lib/forest_admin_agent/services/permissions.rb

@@ -80,6 +80,31 @@ module ForestAdminAgent
         is_allowed
       end
 
+      def can_execute_query_segment?(collection, query, connection_name)
+        hash_request = array_hash({ query: query, connectionName: connection_name })
+        is_allowed = get_segments(collection).include?(hash_request)
+
+        # Refetch
+        is_allowed ||= get_segments(collection, force_fetch: true).include?(hash_request)
+
+        # still not allowed - throw forbidden message
+        unless is_allowed
+          ForestAdminAgent::Facades::Container.logger.log(
+            'Debug',
+            "User #{caller.id} cannot retrieve query segment on rendering #{caller.rendering_id}"
+          )
+
+          raise ForbiddenError, "You don't have permission to use this query segment."
+        end
+
+        ForestAdminAgent::Facades::Container.logger.log(
+          'Debug',
+          "User #{caller.id} can retrieve query segment on rendering #{caller.rendering_id}"
+        )
+
+        is_allowed
+      end
+
       def can_smart_action?(request, collection, filter, allow_fetch: true)
         return true unless permission_system?
 
@@ -103,7 +128,7 @@ module ForestAdminAgent
       end
 
       def get_scope(collection)
-        permissions = get_scope_and_team_data(caller.rendering_id)
+        permissions = get_rendering_data(caller.rendering_id)
         scope = permissions[:scopes][collection.name.to_sym]
 
         return nil if scope.nil?
@@ -116,6 +141,12 @@ module ForestAdminAgent
         ContextVariablesInjector.inject_context_in_filter(scope, context_variables)
       end
 
+      def get_segments(collection, force_fetch: false)
+        permissions = get_rendering_data(caller.rendering_id, force_fetch: force_fetch)
+
+        permissions[:segments][collection.name.to_sym]
+      end
+
       def get_user_data(user_id)
         cache.get_or_set('forest.users') do
           response = fetch('/liana/v4/permissions/users')
@@ -132,7 +163,7 @@ module ForestAdminAgent
       end
 
       def get_team(rendering_id)
-        permissions = get_scope_and_team_data(rendering_id)
+        permissions = get_rendering_data(rendering_id)
 
         permissions[:team]
       end
@@ -157,35 +188,23 @@ module ForestAdminAgent
       end
 
       def get_chart_data(rendering_id, force_fetch: false)
-        self.class.invalidate_cache('forest.stats') if force_fetch == true
-
-        cache.get_or_set('forest.stats') do
-          response = fetch("/liana/v4/permissions/renderings/#{rendering_id}")
-          stat_hash = []
-          response[:stats].each do |stat|
-            stat = stat.select { |_, value| !value.nil? && value != '' }
-            stat_hash << "#{stat[:type]}:#{array_hash(stat)}"
-          end
-
-          ForestAdminAgent::Facades::Container.logger.log(
-            'Debug',
-            "Loading rendering permissions for rendering #{rendering_id}"
-          )
+        rendering_data = get_rendering_data(rendering_id, force_fetch: force_fetch)
 
-          stat_hash
-        end
+        rendering_data[:charts]
       end
 
       def sanitize_chart_parameters(parameters)
         parameters.delete(:timezone)
         parameters.delete(:collection)
         parameters.delete(:contextVariables)
+        parameters.delete(:record_id)
         # rails
         parameters.delete(:route_alias)
         parameters.delete(:controller)
         parameters.delete(:action)
         parameters.delete(:collection_name)
         parameters.delete(:forest)
+        parameters.delete(:format)
 
         parameters.select { |_, value| !value.nil? && value != '' }
       end
@@ -194,13 +213,17 @@ module ForestAdminAgent
         Digest::SHA1.hexdigest(data.deep_sort.to_h.to_s)
       end
 
-      def get_scope_and_team_data(rendering_id)
-        cache.get_or_set('forest.scopes') do
+      def get_rendering_data(rendering_id, force_fetch: false)
+        self.class.invalidate_cache('forest.rendering') if force_fetch == true
+
+        cache.get_or_set('forest.rendering') do
           data = {}
           response = fetch("/liana/v4/permissions/renderings/#{rendering_id}")
 
           data[:scopes] = decode_scope_permissions(response[:collections])
           data[:team] = response[:team]
+          data[:segments] = decode_segment_permissions(response[:collections])
+          data[:charts] = decode_charts_permissions(response[:stats])
 
           data
         end
@@ -265,6 +288,26 @@ module ForestAdminAgent
         scopes
       end
 
+      def decode_charts_permissions(raw_permissions)
+        charts = []
+
+        raw_permissions.each do |chart|
+          chart = chart.select { |_, value| !value.nil? && value != '' }
+          charts << "#{chart[:type]}:#{array_hash(chart)}"
+        end
+
+        charts
+      end
+
+      def decode_segment_permissions(raw_permissions)
+        segments = {}
+        raw_permissions.each do |collection_name, value|
+          segments[collection_name] = value[:liveQuerySegments].map { |segment| array_hash(segment) }
+        end
+
+        segments
+      end
+
       def fetch(url)
         response = forest_api.get(url)
 

data/lib/forest_admin_agent/services/sse_cache_invalidation.rb

@@ -8,7 +8,7 @@ module ForestAdminAgent
       MESSAGE_CACHE_KEYS = {
         'refresh-users': %w[forest.users],
         'refresh-roles': %w[forest.collections],
-        'refresh-renderings': %w[forest.collections forest.stats forest.scopes]
+        'refresh-renderings': %w[forest.collections forest.rendering]
         # TODO: add one for ip whitelist when server implement it
       }.freeze
 

data/lib/forest_admin_agent/utils/context_variables_injector.rb

@@ -2,6 +2,9 @@ module ForestAdminAgent
   module Utils
     class ContextVariablesInjector
       include ForestAdminDatasourceToolkit::Components::Query::ConditionTree::Nodes
+      include ForestAdminAgent::Builder
+
+      REGEX = /{{([^}]+)}}/
 
       def self.inject_context_in_value(value, context_variables)
         inject_context_in_value_custom(value) do |context_variable_key|
@@ -9,14 +12,36 @@ module ForestAdminAgent
         end
       end
 
+      def self.inject_context_in_native_query(connection_name, query, context_variables)
+        return query unless query.is_a?(String)
+
+        query_with_context_variables_injected = query
+        encountered_variables = {}
+        datasource = AgentFactory.instance.customizer.get_root_datasource_by_connection(connection_name)
+
+        while (match = REGEX.match(query_with_context_variables_injected))
+          context_variable_key = match[1]
+
+          next if encountered_variables.value?(context_variable_key)
+
+          index = datasource.build_binding_symbol(connection_name, encountered_variables)
+          query_with_context_variables_injected.gsub!(
+            /{{#{context_variable_key}}}/,
+            index
+          )
+          encountered_variables[index] = context_variables.get_value(context_variable_key)
+        end
+
+        [query_with_context_variables_injected, encountered_variables]
+      end
+
       def self.inject_context_in_value_custom(value)
         return value unless value.is_a?(String)
 
         value_with_context_variables_injected = value
-        regex = /{{([^}]+)}}/
         encountered_variables = []
 
-        while (match = regex.match(value_with_context_variables_injected))
+        while (match = REGEX.match(value_with_context_variables_injected))
           context_variable_key = match[1]
 
           unless encountered_variables.include?(context_variable_key)

data/lib/forest_admin_agent/utils/query_validator.rb

@@ -0,0 +1,73 @@
+module ForestAdminAgent
+  module Utils
+    module QueryValidator
+      FORBIDDEN_KEYWORDS = %w[DROP DELETE INSERT UPDATE ALTER].freeze
+      INJECTION_PATTERNS = [
+        /\bOR\s+1=1\b/i # OR 1=1
+      ].freeze
+
+      def self.valid?(query)
+        query = query.strip
+        raise ForestAdminDatasourceToolkit::Exceptions::ForestException, 'Query cannot be empty.' if query.empty?
+
+        sanitized_query = remove_content_inside_strings(query)
+        check_select_only(sanitized_query)
+        check_semicolon_placement(sanitized_query)
+        check_forbidden_keywords(sanitized_query)
+        check_unbalanced_parentheses(sanitized_query)
+        check_sql_injection_patterns(sanitized_query)
+
+        true
+      end
+
+      class << self
+        include ForestAdminDatasourceToolkit::Exceptions
+
+        private
+
+        def check_select_only(query)
+          return if query.strip.upcase.start_with?('SELECT')
+
+          raise ForestException, 'Only SELECT queries are allowed.'
+        end
+
+        def check_semicolon_placement(query)
+          semicolon_count = query.scan(';').size
+
+          raise ForestException, 'Only one query is allowed.' if semicolon_count > 1
+          return if semicolon_count != 1 || query.strip[-1] == ';'
+
+          raise ForestException, 'Semicolon must only appear as the last character in the query.'
+        end
+
+        def check_forbidden_keywords(query)
+          FORBIDDEN_KEYWORDS.each do |keyword|
+            if /\b#{Regexp.escape(keyword)}\b/i.match?(query)
+              raise ForestException, "The query contains forbidden keyword: #{keyword}."
+            end
+          end
+        end
+
+        def check_unbalanced_parentheses(query)
+          open_count = query.count('(')
+          close_count = query.count(')')
+
+          return if open_count == close_count
+
+          raise ForestException, 'The query contains unbalanced parentheses.'
+        end
+
+        def check_sql_injection_patterns(query)
+          INJECTION_PATTERNS.each do |pattern|
+            raise ForestException, 'The query contains a potential SQL injection pattern.' if pattern.match?(query)
+          end
+        end
+
+        def remove_content_inside_strings(query)
+          # remove content inside single and double quotes
+          query.gsub(/'(?:[^']|\\')*'/, '').gsub(/"(?:[^"]|\\")*"/, '')
+        end
+      end
+    end
+  end
+end

data/lib/forest_admin_agent/utils/schema/schema_emitter.rb

@@ -7,7 +7,7 @@ module ForestAdminAgent
       class SchemaEmitter
         LIANA_NAME = "agent-ruby"
 
-        LIANA_VERSION = "1.0.0-beta.83"
+        LIANA_VERSION = "1.0.0-beta.85"
 
         def self.get_serialized_schema(datasource)
           schema_path = Facades::Container.cache(:schema_path)

data/lib/forest_admin_agent/version.rb

@@ -1,3 +1,3 @@
 module ForestAdminAgent
-  VERSION = "1.0.0-beta.83"
+  VERSION = "1.0.0-beta.85"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: forest_admin_agent
 version: !ruby/object:Gem::Version
-  version: 1.0.0.pre.beta.83
+  version: 1.0.0.pre.beta.85
 platform: ruby
 authors:
 - Matthieu
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-12-13 00:00:00.000000000 Z
+date: 2024-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -249,10 +249,12 @@ files:
 - lib/forest_admin_agent/routes/charts/api_chart_collection.rb
 - lib/forest_admin_agent/routes/charts/api_chart_datasource.rb
 - lib/forest_admin_agent/routes/charts/charts.rb
+- lib/forest_admin_agent/routes/query_handler.rb
 - lib/forest_admin_agent/routes/resources/count.rb
 - lib/forest_admin_agent/routes/resources/csv.rb
 - lib/forest_admin_agent/routes/resources/delete.rb
 - lib/forest_admin_agent/routes/resources/list.rb
+- lib/forest_admin_agent/routes/resources/native_query.rb
 - lib/forest_admin_agent/routes/resources/related/associate_related.rb
 - lib/forest_admin_agent/routes/resources/related/count_related.rb
 - lib/forest_admin_agent/routes/resources/related/csv_related.rb
@@ -280,6 +282,7 @@ files:
 - lib/forest_admin_agent/utils/error_messages.rb
 - lib/forest_admin_agent/utils/id.rb
 - lib/forest_admin_agent/utils/query_string_parser.rb
+- lib/forest_admin_agent/utils/query_validator.rb
 - lib/forest_admin_agent/utils/schema/action_fields.rb
 - lib/forest_admin_agent/utils/schema/forest_value_converter.rb
 - lib/forest_admin_agent/utils/schema/frontend_filterable.rb