Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Allow admins to search unsearchable users #4190

Closed
wants to merge 16 commits into from
Closed

Allow admins to search unsearchable users #4190

wants to merge 16 commits into from

Conversation

mattbk
Copy link
Contributor

@mattbk mattbk commented Nov 13, 2016

Closes #3121.

@mattbk
Stub out a list of suspicious accounts.
79372b0 
Part of #557. This covers the logic; it’s mostly a duplicate of
`dashboard/index` with the buttons removed (admins can mark/unmark
suspicious on the profile itself).

Obviously needs to be put into a site template for ~users to see, and
only needs the list, not the other frame.
@mattbk
Stub out public-facing suspicious list
f42b5e6
@mattbk
Clean up public suspicious list
173be9c
@mattbk
Tweak word.
00640e5
@mattbk
Allow admins to search unsearchable users
2aef46c
@mattbk mattbk added the Review label Nov 13, 2016
@mattbk mattbk mentioned this pull request Nov 13, 2016
Closed
@nobodxbodon
Copy link
Contributor

Could you build the query in the block above (16-26) conditionally to avoid duplicated code?

@nobodxbodon
Copy link
Contributor

nobodxbodon commented Nov 14, 2016
edited
Loading

I was in a hurry. In case it wasn't clear enough, something like (excuse my python grammar):

    if action in (None, 'search_usernames'):
         results['usernames'] = website.db.all("""
             SELECT username, avatar_url, similarity(username, %(q)s) AS rank
               FROM participants
              WHERE username %% %(q)s
                AND claimed_time IS NOT NULL
                """ 
               + (user.ADMIN ? "" : "AND is_searchable")
               + " AND NOT is_closed"
           ORDER BY rank DESC, username
              LIMIT 10
         """, locals())

@chadwhitacre
Copy link
Contributor

Yay for Python from @nobodxbodon! 💃 🐍

@mattbk
Copy link
Contributor Author

mattbk commented Nov 14, 2016

I get what you're saying, just hitting a learning curve on how to work your example in so it works.

@mattbk
Copy link
Contributor Author

mattbk commented Nov 15, 2016

I was confused because I didn't realize the + signs were literal.

    if action in (None, 'search_usernames'):
         results['usernames'] = website.db.all("""
             SELECT username, avatar_url, similarity(username, %(q)s) AS rank
               FROM participants
              WHERE username %% %(q)s
                AND claimed_time IS NOT NULL
                """
                +("" if user.ADMIN else " AND is_searchable")
                +""" AND NOT is_closed
           ORDER BY rank DESC, username
              LIMIT 10
         """, locals())

@mattbk
Copy link
Contributor Author

mattbk commented Nov 17, 2016

Something is still wrong with this, I need to look at it again.

@mattbk mattbk removed the Review label Nov 17, 2016
@mattbk mattbk added the Review label Nov 17, 2016
@mattbk
Copy link
Contributor Author

mattbk commented Nov 17, 2016

Okay @nobodxbodon, ready for review again with a simpler diff. Thanks for the help.

chadwhitacre
chadwhitacre suggested changes Nov 21, 2016
View reviewed changes
Copy link
Contributor

@chadwhitacre chadwhitacre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also needs tests.

www/search.spt
@@ -14,16 +14,17 @@ if query:
q = strip_accents(query)

if action in (None, 'search_usernames'):
results['usernames'] = website.db.all("""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why change the indentation here? It makes the diff harder to read.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Accident.

www/search.spt
WHERE username %% %(q)s
AND claimed_time IS NOT NULL
"""
+("" if user.ADMIN else " AND is_searchable")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm ... could we find a way to do this without string interpolation? (Tbh this is the achilles heel of our db wiring; it's bad practice to construct SQL from strings because of the danger of SQL injection, but it's hard to avoid without a full-blown SQL model in Python, aka SQLAlchemy.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The first commit didn't work like that, FWIW.

@mattbk
Copy link
Contributor Author

mattbk commented Nov 21, 2016

After thrashing about, I cleaned up the indents.

@mattbk
Copy link
Contributor Author

mattbk commented Jan 1, 2017

This functionality seems to exist...investigating.

There's a commit (6230342) in #4157 that is even called "Allow admins to search unsearchable users," but it doesn't have the string interpolation version--because it was introduced earlier, in a277c5d. I image this made it in there after I neglected to properly stash files when switching branches.

As such, I am closing this PR and the original ticket.

@mattbk mattbk closed this Jan 1, 2017
@mattbk mattbk deleted the admin-search-unsearchable branch January 1, 2017 04:06
@chadwhitacre
Copy link
Contributor

!m @mattbk

@mattbk mattbk mentioned this pull request Jan 9, 2017
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@chadwhitacre chadwhitacre chadwhitacre requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mattbk @nobodxbodon @chadwhitacre