Showing runs from other users also (#1517)

* Showing runs from other users also

* (feat): Bringing saved filters also to repository view [skip ci]

* Removed default settings from search form. Will be set by JS

* Added CSS selector attribute quotes for consistency

* Made visibility logic more developer friendly by placing it in one location and not have double-checks

* Guard clause if URL params are malicious [skip ci]

Author: ArneTR

api/scenario_runner.py

@@ -300,7 +300,7 @@ def old_v1_runs_endpoint():
 
 # A route to return all of the available entries in our catalog.
 @router.get('/v2/runs')
-async def get_runs(uri: str | None = None, branch: str | None = None, machine_id: int | None = None, machine: str | None = None, filename: str | None = None, usage_scenario_variables: str | None = None, job_id: int | None = None, failed: bool | None = None, show_archived: bool | None = None, limit: int | None = 50, uri_mode = 'none', user: User = Depends(authenticate)):
+async def get_runs(uri: str | None = None, branch: str | None = None, machine_id: int | None = None, machine: str | None = None, filename: str | None = None, usage_scenario_variables: str | None = None, job_id: int | None = None, failed: bool | None = None, show_archived: bool | None = None, show_other_users: bool | None = None, limit: int | None = 50, uri_mode = 'none', user: User = Depends(authenticate)):
 
     query = '''
             SELECT r.id, r.name, r.uri, r.branch, r.created_at,
@@ -309,9 +309,16 @@ async def get_runs(uri: str | None = None, branch: str | None = None, machine_id
             FROM runs as r
             LEFT JOIN machines as m on r.machine_id = m.id
             WHERE
-                (TRUE = %s OR r.user_id = ANY(%s::int[]) or r.public = TRUE)
     '''
-    params = [user.is_super_user(), user.visible_users()]
+    params = []
+
+    if show_other_users is False:
+        query = f"{query} r.user_id = %s  \n"
+        params.append(user._id)
+    else:
+        query = f"{query} (TRUE = %s OR r.user_id = ANY(%s::int[]) or r.public = TRUE) \n"
+        params.append(user.is_super_user())
+        params.append(user.visible_users())
 
     if uri:
         if uri_mode == 'exact':
@@ -355,6 +362,8 @@ async def get_runs(uri: str | None = None, branch: str | None = None, machine_id
     if show_archived is not True:
         query = f"{query} AND r.archived = False \n"
 
+
+
     query = f"{query} ORDER BY r.created_at DESC"
 
     if limit is not None and limit != 0:

frontend/js/authentication.js

@@ -44,6 +44,7 @@
 
             localStorage.setItem('authentication_token', authentication_token);
             localStorage.setItem('user_name', user_data.data._name);
+            localStorage.setItem('show_other_users', 'false'); // default setting on new login different from DEFAULT user
 
             $('#login-successful-message').show();
             $('#token-details-message').show();

frontend/js/helpers/runs.js

@@ -76,45 +76,83 @@ const removeFilter = (paramName) => {
 }
 
 
-const getFilterQueryStringFromURI = () => {
+const getFilterQueryStringFromURI = (only_saved_filters=false) => {
     const url_params = getURLParams();
 
     let query_string = '';
-    if (url_params['uri'] != null && url_params['uri'].trim() != '') {
-        const uri = url_params['uri'].trim()
-        query_string += `&uri=${uri}`
-        document.querySelector('input[name=uri]').value = uri;
-        document.querySelector('#filters-active').classList.remove('hidden');
+    if (only_saved_filters === true) {
+        if (url_params['uri'] != null && url_params['uri'].trim() != '') {
+            const uri = url_params['uri'].trim()
+            query_string += `&uri=${uri}`
+            document.querySelector('input[name="uri"]').value = uri;
+            document.querySelector('#filters-active').classList.remove('hidden');
+        }
+        if (url_params['filename'] != null && url_params['filename'].trim() != '') {
+            const filename = url_params['filename'].trim()
+            query_string += `&filename=${filename}`
+            document.querySelector('input[name="filename"]').value = filename;
+            document.querySelector('#filters-active').classList.remove('hidden');
+        }
+        if (url_params['branch'] != null && url_params['branch'].trim() != '') {
+            const branch = url_params['branch'].trim()
+            query_string += `&branch=${branch}`
+            document.querySelector('input[name="branch"]').value = branch;
+            document.querySelector('#filters-active').classList.remove('hidden');
+        }
+        if (url_params['machine_id'] != null && url_params['machine_id'].trim() != '') {
+            const machine_id = url_params['machine_id'].trim()
+            query_string += `&machine_id=${machine_id}`
+            document.querySelector('input[name="machine_id"]').value = machine_id;
+            document.querySelector('#filters-active').classList.remove('hidden');
+        }
+        if (url_params['machine'] != null && url_params['machine'].trim() != '') {
+            const machine = url_params['machine'].trim()
+            query_string += `&machine=${machine}`
+            document.querySelector('input[name="machine"]').value = machine;
+            document.querySelector('#filters-active').classList.remove('hidden');
+        }
+        if (url_params['usage_scenario_variables'] != null && url_params['usage_scenario_variables'].trim() != '') {
+            const usage_scenario_variables = url_params['usage_scenario_variables'].trim()
+            query_string += `&usage_scenario_variables=${usage_scenario_variables}`
+            document.querySelector('input[name="usage_scenario_variables"]').value = usage_scenario_variables;
+            document.querySelector('#filters-active').classList.remove('hidden');
+        }
     }
-    if (url_params['filename'] != null && url_params['filename'].trim() != '') {
-        const filename = url_params['filename'].trim()
-        query_string += `&filename=${filename}`
-        document.querySelector('input[name=filename]').value = filename;
+
+    let show_archived = null;
+    if (url_params['show_archived'] != null && url_params['show_archived'].trim() != '') {
+        show_archived = url_params['show_archived'].trim()
         document.querySelector('#filters-active').classList.remove('hidden');
-    }
-    if (url_params['branch'] != null && url_params['branch'].trim() != '') {
-        const branch = url_params['branch'].trim()
-        query_string += `&branch=${branch}`
-        document.querySelector('input[name=branch]').value = branch;
+    } else if (localStorage.getItem('show_archived')) {
+        show_archived = localStorage.getItem('show_archived');
         document.querySelector('#filters-active').classList.remove('hidden');
+    } else {
+        show_archived = 'false';
     }
-    if (url_params['machine_id'] != null && url_params['machine_id'].trim() != '') {
-        const machine_id = url_params['machine_id'].trim()
-        query_string += `&machine_id=${machine_id}`
-        document.querySelector('input[name=machine_id]').value = machine_id;
-        document.querySelector('#filters-active').classList.remove('hidden');
+
+    const archived_radio = document.querySelector(`input[name="show_archived"][value="${show_archived}"]`)
+    if (archived_radio != null) { // since user can submit bullshit we do not want to except on querySelector after accessing checkes
+        archived_radio.checked = true;
+        localStorage.setItem('show_archived', show_archived);
+        query_string += `&show_archived=${show_archived}`
     }
-    if (url_params['machine'] != null && url_params['machine'].trim() != '') {
-        const machine = url_params['machine'].trim()
-        query_string += `&machine=${machine}`
-        document.querySelector('input[name=machine]').value = machine;
+
+    let show_other_users = null;
+    if (url_params['show_other_users'] != null && url_params['show_other_users'].trim() != '') {
+        show_other_users = url_params['show_other_users'].trim()
         document.querySelector('#filters-active').classList.remove('hidden');
-    }
-    if (url_params['usage_scenario_variables'] != null && url_params['usage_scenario_variables'].trim() != '') {
-        const usage_scenario_variables = url_params['usage_scenario_variables'].trim()
-        query_string += `&usage_scenario_variables=${usage_scenario_variables}`
-        document.querySelector('input[name=usage_scenario_variables]').value = usage_scenario_variables;
+    } else if (localStorage.getItem('show_other_users')) {
+        show_other_users = localStorage.getItem('show_other_users');
         document.querySelector('#filters-active').classList.remove('hidden');
+    } else {
+        show_other_users = 'true';
+    }
+
+    const other_users_radio = document.querySelector(`input[name="show_other_users"][value="${show_other_users}"]`)
+    if (other_users_radio != null) { // since user can submit bullshit we do not want to except on querySelector after accessing checkes
+        document.querySelector(`input[name="show_other_users"][value="${show_other_users}"]`).checked = true;
+        localStorage.setItem('show_other_users', show_other_users);
+        query_string += `&show_other_users=${show_other_users}`
     }
 
     return query_string
@@ -123,21 +161,25 @@ const getFilterQueryStringFromURI = () => {
 const getFilterQueryStringFromInputs = () => {
     let query_string = '';
 
-    const uri = document.querySelector('input[name=uri]').value.trim()
-    const filename = document.querySelector('input[name=filename]').value.trim()
-    const branch = document.querySelector('input[name=branch]').value.trim()
-    const machine = document.querySelector('input[name=machine]').value.trim()
-    const machine_id = document.querySelector('input[name=machine_id]').value.trim()
-    const usage_scenario_variables = document.querySelector('input[name=usage_scenario_variables]').value.trim()
-    const show_archived = document.querySelector('input[name=show_archived]:checked').value.trim()
+    const uri = document.querySelector('input[name="uri"]').value.trim()
+    const filename = document.querySelector('input[name="filename"]').value.trim()
+    const branch = document.querySelector('input[name="branch"]').value.trim()
+    const machine = document.querySelector('input[name="machine"]').value.trim()
+    const machine_id = document.querySelector('input[name="machine_id"]').value.trim()
+    const usage_scenario_variables = document.querySelector('input[name="usage_scenario_variables"]').value.trim()
+    const show_archived = document.querySelector('input[name="show_archived"]:checked')?.value?.trim()
+    localStorage.setItem('show_archived', show_archived);
+    const show_other_users = document.querySelector('input[name="show_other_users"]:checked')?.value?.trim()
+    localStorage.setItem('show_other_users', show_other_users);
 
     if(uri != '') query_string += `&uri=${uri}`
     if(filename != '') query_string += `&filename=${filename}`
     if(branch != '') query_string += `&branch=${branch}`
     if(machine != '') query_string += `&machine=${machine}`
     if(machine_id != '') query_string += `&machine_id=${machine_id}`
     if(usage_scenario_variables != '') query_string += `&usage_scenario_variables=${usage_scenario_variables}`
-    if(show_archived) query_string += `&show_archived=${show_archived}`
+    if(show_archived != null && show_archived != '') query_string += `&show_archived=${show_archived}`
+    if(show_other_users != null && show_other_users != '') query_string += `&show_other_users=${show_other_users}`
 
     document.querySelector('#filters-active').classList.remove('hidden');
 
@@ -183,7 +225,7 @@ async function getRepositories(sort_by = 'date') {
 
             if(!$.fn.DataTable.isDataTable(table)) {
                 const uri = this.getAttribute('data-uri');
-                getRunsTable($(table), `/v2/runs?uri=${uri}&uri_mode=exact&limit=0`, false, false, true)
+                getRunsTable($(table), `/v2/runs?uri=${uri}&uri_mode=exact&limit=0&${getFilterQueryStringFromURI(true)}`, false, false, true)
             }
     }});
     $('.ui.accordion.filter-dropdown').hide();