-
-
Notifications
You must be signed in to change notification settings - Fork 38
/
dashboard.html
109 lines (101 loc) · 3.79 KB
/
dashboard.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
{% extends "django_sql_dashboard/base.html" %}
{% load django_sql_dashboard %}
{% block title %}{{ html_title }}{% endblock %}
{% block content %}
<h1>{{ title }}</h1>
{% if too_long_so_use_post %}
<p style="background-color: pink; padding: 0.5em 1em 1em 1em; border: 2px solid red; margin-bottom: 1em">
This SQL is too long to bookmark, so sharing a link to this page will not work for these queries.
</p>
{% endif %}
{% if unverified_sql_queries %}
<div style="background-color: pink; padding: 0.5em 1em 1em 1em; border: 2px solid red; margin-bottom: 1em">
<h2 style="margin-top: 0.5em">Unverified SQL</h2>
<p>The link you followed here included SQL that was missing its verification signatures.</p>
<p>If this link was provided to you by an untrusted source, they may be trying to trick you into executing queries that you do not want to execute.</p>
<p>Review these queries and copy and paste them once you have confirmed them:</p>
{% for query in unverified_sql_queries %}
<p><textarea>{{ query }}</textarea></p>
{% endfor %}
</div>
{% endif %}
<form action="{{ request.path }}" method="POST">
{% csrf_token %}
{% if query_results %}
<p>↓ <a href="#save-dashboard">Save this dashboard</a> | <a href="{{ request.path }}">Remove all queries</a></p>
{% endif %}
{% if parameter_values %}
<h3>Query parameters</h3>
<div class="query-parameters">
{% for name, value in parameter_values %}
<label for="qp{{ forloop.counter }}">{{ name }}</label>
<input type="text" id="qp{{ forloop.counter }}" name="{{ name }}" value="{{ value }}">
{% endfor %}
</div>
<input
class="btn"
type="submit"
value="Run quer{% if query_results|length > 1 %}ies{% else %}y{% endif %}"
/>
{% endif %}
{% for result in query_results %}
{% include result.templates with result=result %}
{% endfor %}
<p>Add {% if not query_results %}a{% else %}another{% endif %} query:</p>
<textarea
style="
width: 60%;
height: 10em;
border: 2px solid #666;
padding: 0.5em;
"
name="sql"
></textarea>
<p>
<input
class="btn"
type="submit"
value="Run quer{% if query_results|length > 1 %}ies{% else %}y{% endif %}"
/>
</p>
{% if query_results %}
<h2 id="save-dashboard">Save this dashboard</h2>
<p>Saved dashboards get their own URL, which can be bookmarked and shared with others.</p>
<div class="save-dashboard-form">
{{ save_form.non_field_errors }}
{{ save_form.as_p }}
<p><input
class="btn"
type="submit"
name="_save"
value="Save dashboard"
/></p>
</div>
{% endif %}
</form>
{% if saved_dashboards %}
<h2>Saved dashboards</h2>
<ul style="column-count: 2">
{% for dashboard, can_edit in saved_dashboards %}
<li style="break-inside: avoid;">
<a href="{{ dashboard.get_absolute_url }}" title="{{ dashboard.description }}">{{ dashboard }}</a>
<br><span style="text-indent: 1em; color: #666; font-size: 0.8em">
By <strong>{{ dashboard.owned_by }}</strong>,
Visibility: {{ dashboard.view_summary }}
{% if can_edit %}
- <a href="{{ dashboard.get_edit_url }}">edit</a>
{% endif %}
</span>
</li>
{% endfor %}
</ul>
{% endif %}
<h2>Available tables</h2>
<ul style="column-count: 2">
{% for table in available_tables %}
<li style="break-inside: avoid;"><a href="?sql={% filter sign_sql|urlencode %}select count(*) from {{ table.name }}{% endfilter %}&sql={% filter sign_sql|urlencode %}select * from {{ table.name }}{% endfilter %}">{{ table.name }}</a>
<br><span style="text-indent: 1em; color: #666; font-size: 0.8em">{{ table.columns }}</span></li>
{% endfor %}
</ul>
{% include "django_sql_dashboard/_script.html" %}
{% endblock %}