netbox-sqlquery 0.1.2__tar.gz → 0.1.4__tar.gz

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/PKG-INFO

@@ -1,12 +1,12 @@
 Metadata-Version: 2.4
 Name: netbox-sqlquery
-Version: 0.1.2
+Version: 0.1.4
 Summary: SQL query interface for NetBox with syntax highlighting, abstract views, and role-based access control
 Author-email: Ravi Pina <ravi@pina.org>
 License-Expression: Apache-2.0
 Project-URL: Homepage, https://github.com/ravinald/netbox-sqlquery
 Project-URL: Issues, https://github.com/ravinald/netbox-sqlquery/issues
-Requires-Python: >=3.10
+Requires-Python: >=3.12
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Dynamic: license-file
@@ -73,7 +73,7 @@ See [COMPATIBILITY.md](COMPATIBILITY.md) for the full version matrix.
 
 | NetBox version | Python versions              |
 |----------------|------------------------------|
-| 4.0 - 4.5      | 3.10, 3.11, 3.12, 3.13, 3.14 |
+| 4.5+            | 3.12, 3.13, 3.14             |
 
 ## Installation
 

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/README.md

@@ -60,7 +60,7 @@ See [COMPATIBILITY.md](COMPATIBILITY.md) for the full version matrix.
 
 | NetBox version | Python versions              |
 |----------------|------------------------------|
-| 4.0 - 4.5      | 3.10, 3.11, 3.12, 3.13, 3.14 |
+| 4.5+            | 3.12, 3.13, 3.14             |
 
 ## Installation
 

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery/__init__.py

@@ -12,11 +12,11 @@ class NetBoxSQLQueryConfig(PluginConfig):
         "SQL query interface for NetBox with syntax highlighting,"
         " abstract views, and role-based access control"
     )
-    version = "0.1.2"
+    version = "0.1.4"
     author = "Ravi Pina"
     author_email = "ravi@pina.org"
     base_url = "sqlquery"
-    min_version = "4.0.0"
+    min_version = "4.5.0"
     max_version = None
     required_settings = []
     default_settings = {

netbox_sqlquery-0.1.4/netbox_sqlquery/api/views.py

@@ -0,0 +1,107 @@
+import logging
+
+from django.utils import timezone
+from rest_framework import status
+from rest_framework.decorators import action
+from rest_framework.response import Response
+from rest_framework.viewsets import ModelViewSet
+
+from netbox_sqlquery.access import can_execute_write, check_access, extract_tables
+from netbox_sqlquery.models import SavedQuery
+from netbox_sqlquery.query import execute_read_query, execute_write_query, is_write_query
+
+from .serializers import SavedQuerySerializer
+
+logger = logging.getLogger("netbox_sqlquery")
+
+
+class SavedQueryViewSet(ModelViewSet):
+    serializer_class = SavedQuerySerializer
+
+    def get_queryset(self):
+        return SavedQuery.visible_to(self.request.user)
+
+    def perform_create(self, serializer):
+        serializer.save(owner=self.request.user)
+
+    @action(detail=True, methods=["post"])
+    def execute(self, request, pk=None):
+        """Execute a saved query and return results as JSON."""
+        saved_query = self.get_object()
+        sql = saved_query.sql.strip()
+        user = request.user
+
+        if not sql:
+            return Response(
+                {"error": "Saved query has no SQL."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        is_write = is_write_query(sql)
+
+        # Check write permission
+        if is_write and not can_execute_write(user):
+            return Response(
+                {"error": "Write queries require the 'change' permission or superuser status."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+        # Require confirmation for write queries
+        if is_write:
+            confirmed = request.data.get("confirmed")
+            if not confirmed:
+                return Response(
+                    {
+                        "error": "Write queries require explicit confirmation.",
+                        "detail": 'Include {"confirmed": true} in the request body.',
+                    },
+                    status=status.HTTP_400_BAD_REQUEST,
+                )
+
+        # Table access check
+        denied = check_access(user, extract_tables(sql))
+        if denied:
+            return Response(
+                {"error": f"Access denied to: {', '.join(sorted(denied))}"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+        # Execute
+        if is_write:
+            result = execute_write_query(sql)
+        else:
+            result = execute_read_query(sql)
+
+        if result.get("error"):
+            return Response(
+                {"error": result["error"]},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        # Update run tracking
+        saved_query.run_count += 1
+        saved_query.last_run = timezone.now()
+        saved_query.save(update_fields=["run_count", "last_run"])
+
+        # Audit log
+        truncated_sql = sql[:500]
+        logger.info(
+            "api query user=%s query=%s sql=%s",
+            user.username,
+            saved_query.name,
+            truncated_sql,
+        )
+
+        # Build response
+        response_data = {
+            "query_name": saved_query.name,
+            "columns": result["columns"],
+            "rows": result["rows"],
+            "row_count": result["row_count"],
+        }
+        if is_write:
+            response_data["rows_affected"] = result.get("rows_affected", 0)
+        else:
+            response_data["truncated"] = result.get("truncated", False)
+
+        return Response(response_data)

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery/migrations/0001_initial.py

@@ -8,8 +8,8 @@ class Migration(migrations.Migration):
 
     dependencies = [
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ("auth", "0012_alter_user_first_name_max_length"),
         ("extras", "0001_initial"),
+        ("users", "0001_squashed_0011"),
     ]
 
     operations = [
@@ -85,7 +85,7 @@ class Migration(migrations.Migration):
                 ("require_staff", models.BooleanField(default=False)),
                 ("require_superuser", models.BooleanField(default=False)),
                 ("allow", models.BooleanField(default=True)),
-                ("groups", models.ManyToManyField(blank=True, to="auth.group")),
+                ("groups", models.ManyToManyField(blank=True, to="users.group")),
             ],
             options={
                 "ordering": ["-require_superuser", "-require_staff", "pattern"],

netbox_sqlquery-0.1.4/netbox_sqlquery/query.py

@@ -0,0 +1,115 @@
+"""Shared query execution functions used by both the web UI and API."""
+
+from django.db import DatabaseError, connection, transaction
+from netbox.plugins import get_plugin_config
+
+
+class _ReadOnlyRollback(Exception):
+    """Raised to force rollback of the read-only transaction."""
+
+
+def execute_read_query(sql, timeout_ms=None, max_rows=None):
+    """Execute a read-only SQL query.
+
+    Returns dict with keys: columns, rows, row_count, truncated, error.
+    """
+    if timeout_ms is None:
+        timeout_ms = get_plugin_config("netbox_sqlquery", "statement_timeout_ms")
+    if max_rows is None:
+        max_rows = get_plugin_config("netbox_sqlquery", "max_rows")
+
+    result = {"columns": [], "rows": [], "row_count": 0, "truncated": False, "error": None}
+
+    try:
+        with transaction.atomic():
+            with connection.cursor() as cursor:
+                cursor.execute(f"SET LOCAL statement_timeout = '{timeout_ms}'")
+                cursor.execute("SET TRANSACTION READ ONLY")
+                cursor.execute(sql)
+                columns = [col[0] for col in cursor.description]
+                rows = cursor.fetchmany(max_rows + 1)
+            raise _ReadOnlyRollback()
+    except _ReadOnlyRollback:
+        truncated = len(rows) > max_rows
+        if truncated:
+            rows = rows[:max_rows]
+        result.update(
+            columns=columns,
+            rows=[list(r) for r in rows],
+            row_count=len(rows),
+            truncated=truncated,
+        )
+    except DatabaseError as exc:
+        result["error"] = str(exc)
+
+    return result
+
+
+def execute_write_query(sql, timeout_ms=None, max_rows=None):
+    """Execute a write SQL query (INSERT/UPDATE/DELETE).
+
+    Returns dict with keys: columns, rows, row_count, rows_affected, error.
+    """
+    if timeout_ms is None:
+        timeout_ms = get_plugin_config("netbox_sqlquery", "statement_timeout_ms")
+    if max_rows is None:
+        max_rows = get_plugin_config("netbox_sqlquery", "max_rows")
+
+    result = {
+        "columns": [],
+        "rows": [],
+        "row_count": 0,
+        "rows_affected": 0,
+        "error": None,
+    }
+
+    try:
+        exec_sql = sql
+        has_returning = "RETURNING" in sql.upper()
+        normalized = sql.lstrip().upper()
+        if not has_returning and (
+            normalized.startswith("UPDATE") or normalized.startswith("DELETE")
+        ):
+            exec_sql = sql.rstrip().rstrip(";") + " RETURNING *"
+
+        with connection.cursor() as cursor:
+            cursor.execute(f"SET LOCAL statement_timeout = '{timeout_ms}'")
+            cursor.execute(exec_sql)
+            rows_affected = cursor.rowcount
+
+            if cursor.description:
+                columns = [col[0] for col in cursor.description]
+                rows = cursor.fetchmany(max_rows)
+                result.update(
+                    columns=columns,
+                    rows=[list(r) for r in rows],
+                    row_count=len(rows),
+                )
+
+        result["rows_affected"] = rows_affected
+    except DatabaseError as exc:
+        result["error"] = str(exc)
+
+    return result
+
+
+def is_write_query(sql):
+    """Check if a SQL statement is a write query."""
+    normalized = sql.lstrip().upper()
+    return (
+        normalized.startswith("INSERT")
+        or normalized.startswith("UPDATE")
+        or normalized.startswith("DELETE")
+    )
+
+
+def is_allowed_query(sql):
+    """Check if a SQL statement type is permitted."""
+    normalized = sql.lstrip().upper()
+    return (
+        normalized.startswith("SELECT")
+        or normalized.startswith("WITH")
+        or normalized.startswith("INSERT")
+        or normalized.startswith("UPDATE")
+        or normalized.startswith("DELETE")
+    )

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery/static/netbox_sqlquery/editor.js

@@ -552,33 +552,7 @@
   });
 
 
-  // CSV download
-  var csvBtn = document.getElementById("csv-download");
-  if (csvBtn) {
-    csvBtn.addEventListener("click", function () {
-      var table = document.querySelector(".results-pane table");
-      if (!table) return;
-      var rows = [];
-      table.querySelectorAll("tr").forEach(function (tr) {
-        var cells = [];
-        tr.querySelectorAll("th, td").forEach(function (cell) {
-          var text = cell.textContent;
-          if (text.includes(",") || text.includes('"') || text.includes("\n")) {
-            text = '"' + text.replace(/"/g, '""') + '"';
-          }
-          cells.push(text);
-        });
-        rows.push(cells.join(","));
-      });
-      var blob = new Blob([rows.join("\n")], { type: "text/csv" });
-      var url = URL.createObjectURL(blob);
-      var a = document.createElement("a");
-      a.href = url;
-      a.download = "query_results.csv";
-      a.click();
-      URL.revokeObjectURL(url);
-    });
-  }
+  // CSV download is now a server-side form POST (no JS needed)
 
   function insertAtCursor(text) {
     var start = editor.selectionStart;

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery/templates/netbox_sqlquery/query.html

@@ -299,10 +299,14 @@
     </tbody>
   </table>
   <div class="results-meta">
-    <span>{{ row_count }} row{{ row_count|pluralize }}</span>
-    <button type="button" class="btn btn-sm btn-outline-secondary" id="csv-download">
-      Download CSV
-    </button>
+    <span>{{ row_count }} row{{ row_count|pluralize }}{% if truncated %} <span class="text-warning">(limited to {{ max_rows }} -- add LIMIT/OFFSET to page through results)</span>{% endif %}</span>
+    <form method="post" action="{% url 'plugins:netbox_sqlquery:export_csv' %}" style="display:inline;">
+      {% csrf_token %}
+      <input type="hidden" name="sql" value="{{ sql }}">
+      <button type="submit" class="btn btn-sm btn-outline-secondary" title="Download all results as CSV (no row limit)">
+        Download CSV
+      </button>
+    </form>
   </div>
 </div>
 {% endif %}

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery/urls.py

@@ -19,4 +19,5 @@ urlpatterns = [
     ),
     path("ajax/save-query/", views.SavedQueryAjaxSave.as_view(), name="ajax_save_query"),
     path("ajax/list-queries/", views.SavedQueryAjaxList.as_view(), name="ajax_list_queries"),
+    path("export-csv/", views.CSVExportView.as_view(), name="export_csv"),
 ]

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery/views.py

@@ -1,9 +1,12 @@
+import csv
+import io
 import json
 import logging
+import re
 
 from django.contrib.auth.mixins import UserPassesTestMixin
 from django.db import DatabaseError, connection, transaction
-from django.http import JsonResponse
+from django.http import HttpResponse, JsonResponse
 from django.views import View
 from django.views.generic import TemplateView
 from netbox.plugins import get_plugin_config
@@ -25,6 +28,7 @@ from .access import (
 from .filtersets import SavedQueryFilterSet
 from .forms import SavedQueryFilterForm, SavedQueryForm
 from .models import SavedQuery
+from .query import execute_read_query, execute_write_query
 from .schema import get_abstract_schema, get_schema
 from .tables import SavedQueryTable
 
@@ -178,46 +182,33 @@ class QueryView(UserPassesTestMixin, TemplateView):
         return self.render_to_response(ctx)
 
     def _execute_read(self, ctx, sql, timeout_ms, max_rows):
-        try:
-            with transaction.atomic():
-                with connection.cursor() as cursor:
-                    cursor.execute(f"SET LOCAL statement_timeout = '{timeout_ms}'")
-                    cursor.execute("SET TRANSACTION READ ONLY")
-                    cursor.execute(sql)
-                    columns = [col[0] for col in cursor.description]
-                    rows = cursor.fetchmany(max_rows)
-                raise _ReadOnlyRollback()
-        except _ReadOnlyRollback:
-            ctx.update(columns=columns, rows=rows, row_count=len(rows))
-        except DatabaseError as exc:
-            ctx["error"] = str(exc)
+        result = execute_read_query(sql, timeout_ms, max_rows)
+        if result["error"]:
+            ctx["error"] = result["error"]
+        else:
+            ctx.update(
+                columns=result["columns"],
+                rows=result["rows"],
+                row_count=result["row_count"],
+                truncated=result["truncated"],
+                max_rows=max_rows,
+            )
         return ctx
 
     def _execute_write(self, ctx, sql, timeout_ms):
         max_rows = get_plugin_config("netbox_sqlquery", "max_rows")
-        try:
-            # Append RETURNING * if the user didn't include a RETURNING clause
-            exec_sql = sql
-            has_returning = "RETURNING" in sql.upper()
-            normalized = sql.lstrip().upper()
-            if not has_returning and (
-                normalized.startswith("UPDATE") or normalized.startswith("DELETE")
-            ):
-                exec_sql = sql.rstrip().rstrip(";") + " RETURNING *"
-
-            with connection.cursor() as cursor:
-                cursor.execute(f"SET LOCAL statement_timeout = '{timeout_ms}'")
-                cursor.execute(exec_sql)
-                row_count = cursor.rowcount
-
-                if cursor.description:
-                    columns = [col[0] for col in cursor.description]
-                    rows = cursor.fetchmany(max_rows)
-                    ctx.update(columns=columns, rows=rows, row_count=len(rows))
-
-            ctx["write_result"] = f"{row_count} row{'s' if row_count != 1 else ''} affected."
-        except DatabaseError as exc:
-            ctx["error"] = str(exc)
+        result = execute_write_query(sql, timeout_ms, max_rows)
+        if result["error"]:
+            ctx["error"] = result["error"]
+        else:
+            if result["columns"]:
+                ctx.update(
+                    columns=result["columns"],
+                    rows=result["rows"],
+                    row_count=result["row_count"],
+                )
+            affected = result["rows_affected"]
+            ctx["write_result"] = f"{affected} row{'s' if affected != 1 else ''} affected."
         return ctx
 
 
@@ -293,7 +284,6 @@ class SavedQueryAjaxSave(UserPassesTestMixin, View):
             return JsonResponse({"error": "Name must be 100 characters or fewer."}, status=400)
 
         # Validate name against injection
-        import re
 
         if not re.match(r"^[a-zA-Z0-9][a-zA-Z0-9 _\-\.]*$", name):
             return JsonResponse(
@@ -351,3 +341,57 @@ class SavedQueryAjaxList(UserPassesTestMixin, View):
                 ]
             }
         )
+
+
+class CSVExportView(UserPassesTestMixin, View):
+    """Export query results as CSV with no row limit."""
+
+    def test_func(self):
+        user = self.request.user
+        if not user.is_active:
+            return False
+        if user.is_superuser:
+            return True
+        if get_plugin_config("netbox_sqlquery", "require_superuser"):
+            return False
+        return user.has_perm("netbox_sqlquery.view_querypermission")
+
+    def post(self, request):
+        sql = request.POST.get("sql", "").strip()
+        if not sql:
+            return HttpResponse("No SQL provided.", status=400)
+
+        normalized = sql.lstrip().upper()
+        if not (normalized.startswith("SELECT") or normalized.startswith("WITH")):
+            return HttpResponse("Only SELECT queries can be exported.", status=400)
+
+        denied = check_access(request.user, extract_tables(sql))
+        if denied:
+            return HttpResponse(f"Access denied to: {', '.join(sorted(denied))}", status=403)
+
+        timeout_ms = get_plugin_config("netbox_sqlquery", "statement_timeout_ms")
+
+        try:
+            with transaction.atomic():
+                with connection.cursor() as cursor:
+                    cursor.execute(f"SET LOCAL statement_timeout = '{timeout_ms}'")
+                    cursor.execute("SET TRANSACTION READ ONLY")
+                    cursor.execute(sql)
+                    columns = [col[0] for col in cursor.description]
+                    rows = cursor.fetchall()
+                raise _ReadOnlyRollback()
+        except _ReadOnlyRollback:
+            pass
+        except DatabaseError as exc:
+            return HttpResponse(f"Query error: {exc}", status=400)
+
+        output = io.StringIO()
+        writer = csv.writer(output)
+        writer.writerow(columns)
+        writer.writerows(rows)
+
+        response = HttpResponse(output.getvalue(), content_type="text/csv")
+        response["Content-Disposition"] = 'attachment; filename="query_results.csv"'
+
+        _record_query(request.user, sql)
+        return response

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery.egg-info/PKG-INFO

@@ -1,12 +1,12 @@
 Metadata-Version: 2.4
 Name: netbox-sqlquery
-Version: 0.1.2
+Version: 0.1.4
 Summary: SQL query interface for NetBox with syntax highlighting, abstract views, and role-based access control
 Author-email: Ravi Pina <ravi@pina.org>
 License-Expression: Apache-2.0
 Project-URL: Homepage, https://github.com/ravinald/netbox-sqlquery
 Project-URL: Issues, https://github.com/ravinald/netbox-sqlquery/issues
-Requires-Python: >=3.10
+Requires-Python: >=3.12
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Dynamic: license-file
@@ -73,7 +73,7 @@ See [COMPATIBILITY.md](COMPATIBILITY.md) for the full version matrix.
 
 | NetBox version | Python versions              |
 |----------------|------------------------------|
-| 4.0 - 4.5      | 3.10, 3.11, 3.12, 3.13, 3.14 |
+| 4.5+            | 3.12, 3.13, 3.14             |
 
 ## Installation
 

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/netbox_sqlquery.egg-info/SOURCES.txt

@@ -9,6 +9,7 @@ netbox_sqlquery/forms.py
 netbox_sqlquery/models.py
 netbox_sqlquery/navigation.py
 netbox_sqlquery/preferences.py
+netbox_sqlquery/query.py
 netbox_sqlquery/schema.py
 netbox_sqlquery/tables.py
 netbox_sqlquery/urls.py
@@ -26,7 +27,6 @@ netbox_sqlquery/management/commands/__init__.py
 netbox_sqlquery/management/commands/sqlquery_create_views.py
 netbox_sqlquery/migrations/0001_initial.py
 netbox_sqlquery/migrations/0002_query_permissions.py
-netbox_sqlquery/migrations/0003_tablepermission_groups_to_users_group.py
 netbox_sqlquery/migrations/__init__.py
 netbox_sqlquery/static/netbox_sqlquery/editor.js
 netbox_sqlquery/static/netbox_sqlquery/icon.LICENSE

{netbox_sqlquery-0.1.2 → netbox_sqlquery-0.1.4}/pyproject.toml

@@ -4,11 +4,11 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "netbox-sqlquery"
-version = "0.1.2"
+version = "0.1.4"
 description = "SQL query interface for NetBox with syntax highlighting, abstract views, and role-based access control"
 readme = "README.md"
 license = "Apache-2.0"
-requires-python = ">=3.10"
+requires-python = ">=3.12"
 dependencies = []
 authors = [
     { name = "Ravi Pina", email = "ravi@pina.org" },

netbox_sqlquery-0.1.2/netbox_sqlquery/api/views.py

@@ -1,15 +0,0 @@
-from rest_framework.viewsets import ModelViewSet
-
-from netbox_sqlquery.models import SavedQuery
-
-from .serializers import SavedQuerySerializer
-
-
-class SavedQueryViewSet(ModelViewSet):
-    serializer_class = SavedQuerySerializer
-
-    def get_queryset(self):
-        return SavedQuery.visible_to(self.request.user)
-
-    def perform_create(self, serializer):
-        serializer.save(owner=self.request.user)

netbox_sqlquery-0.1.2/netbox_sqlquery/migrations/0003_tablepermission_groups_to_users_group.py

@@ -1,16 +0,0 @@
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("netbox_sqlquery", "0002_query_permissions"),
-        ("users", "0001_squashed_0011"),
-    ]
-
-    operations = [
-        migrations.AlterField(
-            model_name="tablepermission",
-            name="groups",
-            field=models.ManyToManyField(blank=True, to="users.group"),
-        ),
-    ]