Comments (8)
@AmazingAkai Since it's a Piccolo Admin issue, I think the best way to fix it is to raise an error and display that error in the admin UI. If, for example, we write a validator that only the superuser can access the table like this (user piccolo
is superuser and user john
is not)
from piccolo_api.crud.endpoints import PiccoloCRUD
from piccolo_api.crud.validators import Validators
from piccolo_admin.endpoints import TableConfig
def validator_superuser(piccolo_crud: PiccoloCRUD, request: Request):
if not request.user.user.superuser:
raise HTTPException(
detail="Only a superuser can do this",
status_code=403,
)
director_config = TableConfig(
validators=Validators(every=[validator_superuser]),
)
APP = create_admin([director_config])
This is how it could look like.
validators.webm
from piccolo_api.
@sinisaos That would also be fine if we can customize the message.
from piccolo_api.
@sinisaos That's a smart solution.
In terms of showing the error message, this is the bit of code which shows the error message:
https://github.com/piccolo-orm/piccolo_admin/blob/master/admin_ui/src/store.ts#L186-L189
The problem we have though is knowing how to extract the error message from the response.
For example, for forms we have all of this logic to try and extract the error message from the response:
It gets pretty messy. We could look for a certain header in the response.
raise HTTPException(
detail="Only a superuser can do this",
status_code=403,
headers={'Piccolo-Admin-Error': 'Only a superuser can do this'}
)
Or if it's a text response, just show whatever the response body is as the error message.
I'm not sure - what do you think?
from piccolo_api.
Alternatively, if it's just a matter of hiding certain tables from the sidebar based on whether the user is an admin or superuser, we could do this:
TableConfig(MySecretTable, visible_to=['superuser', 'admin'])
And then just hide tables from the /api/tables/grouped/
accordingly.
Just hiding them isn't enough by itself though, because a user could still follow a URL to the table. So validators are required too.
from piccolo_api.
In terms of showing the error message, this is the bit of code which shows the error message:
https://github.com/piccolo-orm/piccolo_admin/blob/master/admin_ui/src/store.ts#L186-L189
The problem we have though is knowing how to extract the error message from the response.
@dantownsend Thanks. I used that generic error message also in the fetchSchema
and fetchCount
methods to get the results like in the video.
Or if it's a text response, just show whatever the response body is as the error message.
We could just return error message like this
context.commit("updateApiResponseMessage", {
contents: `Problem fetching ${tableName} rows. ${error.message}.`,
type: "error"
})
This would result in a pop-up message like this Problem fetching director rows. Request failed with status code 400.
. Other information about the error is visible in the browser console. I think the main purpose of this is to disable access to the table if the user doesn't have the right permission.
from piccolo_api.
@dantownsend Or we can try something like this
context.commit("updateApiResponseMessage", {
contents: `Problem fetching ${tableName} rows.
${JSON.parse(JSON.stringify(error.response?.data.detail))}.`,
type: "error"
})
Result is Problem fetching director rows. Only a superuser can do this.
in message pop-up.
from piccolo_api.
@sinisaos What do you think of the header idea?
raise HTTPException(
detail="Only a superuser can do this",
status_code=403,
headers={'Piccolo-Admin-Error': 'Only a superuser can do this'}
)
It means we don't have to worry about parsing anything, or looking for specific error codes.
from piccolo_api.
@dantownsend The headers idea is good but that will solve only errors where we specify headers. With the approach I suggested we get more generic messages that would parse all other Axios
errors eg 404 Not Found
etc. Here is a branch you can test if you want (of course, the validator code in example.py
should be removed if it is good enough for PR). I agree with any solutions that will clearly show the user what the error is and where the user won't have to write too much code to get it.
from piccolo_api.
Related Issues (20)
- TypeError: __init__() got an unexpected keyword argument 'excluded_paths' HOT 5
- Feature to modify body and query_parameters in `PiccoloCRUD` HOT 8
- Fix code scanning alert - Unused global variable
- Batch version of the get endpoint HOT 6
- Drop Python 3.7 support
- Catch foreign key constraint errors in `PiccoloCRUD`
- `schema_extra` param not passed to `pydantic_model_{output | optional | plural}` methods HOT 1
- Piccolo Admin API docs are not rendering
- Better error display on PATCH request
- Alpha version for Pydantic 2.0 / Piccolo 1.0a1? HOT 2
- PiccoloCRUD `post_single` return id of the inserted row instead of the row HOT 3
- Add `ne` operator
- Python 3.12 support
- RateLimitingMiddleware tests failed HOT 5
- Stop multi-dimensional arrays from breaking
- Issue with updating and bulk updating `BaseUser` via admin panel HOT 15
- Updating middleware syntax HOT 6
- Make `default-src` configurable in `CSPMiddleware`
- Add `excluded_paths` to `SessionsAuthBackend`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from piccolo_api.