[fix] Adding check for invalid filter columns #7888
Conversation
| elif op == "IS NOT NULL": | ||
| where_clause_and.append(col_obj.get_sqla_col() != None) # noqa | ||
| col_obj = cols[col] | ||
| is_list_target = op in ("in", "not in") |
There was a problem hiding this comment.
Note this block is just dedented as the if col_obj check is not required given the addition of the new check.
superset/connectors/sqla/models.py
Outdated
| @@ -721,43 +721,46 @@ def get_sqla_query( # sqla | |||
| if not all([flt.get(s) for s in ["col", "op"]]): | |||
| continue | |||
| col = flt["col"] | |||
|
|
|||
| if col not in cols: | |||
| raise Exception(_(f"Column '{col}' is not valid")) | |||
There was a problem hiding this comment.
maybe we could update the language to be a little more precise here? For example Column '{col}' does not exist / ... not found?
There was a problem hiding this comment.
@williaster I think the wording here can be difficult as it's in reference to Superset's data model as opposed to the schema of the underlying table. I think "does not exist" is more precise/clearer than "is not valid" though.
superset/connectors/sqla/models.py
Outdated
| @@ -649,7 +649,7 @@ def get_sqla_query( # sqla | |||
| elif m in metrics_dict: | |||
| metrics_exprs.append(metrics_dict.get(m).get_sqla_col()) | |||
| else: | |||
| raise Exception(_("Metric '{}' is not valid".format(m))) | |||
| raise Exception(_(f"Metric '{m}' is not valid")) | |||
There was a problem hiding this comment.
Ditto re the error message here? Metric '{m}' does not exist / ... not found?
Codecov Report
@@ Coverage Diff @@
## master #7888 +/- ##
==========================================
+ Coverage 65.78% 65.79% +<.01%
==========================================
Files 461 461
Lines 22187 22188 +1
Branches 2425 2425
==========================================
+ Hits 14596 14598 +2
+ Misses 7470 7469 -1
Partials 121 121
Continue to review full report at Codecov.
|
john-bodley
force-pushed
the
john-bodley--fix-invalid-column
branch
2 times, most recently
from
651d674
to
17c2907
Compare
|
@williaster I addressed your comments. |
superset/connectors/sqla/models.py
Outdated
| @@ -649,7 +649,7 @@ def get_sqla_query( # sqla | |||
| elif m in metrics_dict: | |||
| metrics_exprs.append(metrics_dict.get(m).get_sqla_col()) | |||
| else: | |||
| raise Exception(_("Metric '{}' is not valid".format(m))) | |||
| raise Exception(_(f"Metric '{m}' does not exist")) | |||
There was a problem hiding this comment.
It was wrong before, but variable formatting with get_text should use a different formatting scheme. Should look something like _("Metric '%(metric)s' does not exist", metric=metric)
https://pythonhosted.org/Flask-Babel/#flask.ext.babel.gettext
superset/connectors/sqla/models.py
Outdated
| raise Exception( | ||
| _("Metric '{}' is not valid".format(timeseries_limit_metric)) | ||
| ) | ||
| raise Exception(_(f"Metric '{timeseries_limit_metric}' does not exist")) |
john-bodley
changed the title
john-bodley
force-pushed
the
john-bodley--fix-invalid-column
branch
from
17c2907
to
06d26bd
Compare
|
@mistercrunch I addressed your comments. |
mistercrunch
added
🏷️ bot
CATEGORY
Choose one
SUMMARY
This PR fixes an issue where if you specified an invalid column (achievable in the URL) in a simple filter, i.e., not custom SQL, then the filter was simply ignored and the the query would execute sans the filter with no clear indication to the user that the filter wasn't being applied.
This PR applies the same logic as invalid metrics and raises an exception if the column is invalid. Note I added unit tests to cover both the invalid metric and column use cases.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
BEFORE
AFTER
TEST PLAN
ADDITIONAL INFORMATION
REVIEWERS
to: @michellethomas @mistercrunch @williaster