fix(sqlexportsubmit):数据导出页面修复#3196
Conversation
1、多数据库引擎支持:当前由于数据导出前端做了select和with开头的sql强校验,导致非SQL引擎实际无法使用导出功能。将sql校验由前端改至后端,并区分引擎。 2、优化查询语句的行数判断。 3、优化导出页面的提示词:导出功能可能是基于原上线工单做的,提示词更改。 3、去掉导出页面的备份逻辑:前后端都去掉导出页面的备份逻辑,is_backup默认为False。
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3196 +/- ##
==========================================
- Coverage 84.66% 84.60% -0.06%
==========================================
Files 141 141
Lines 25015 25187 +172
==========================================
+ Hits 21179 21310 +131
- Misses 3836 3877 +41 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b930d84b80
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| tag_codes = ( | ||
| ["can_read"] if workflow_data["is_offline_export"] else ["can_write"] | ||
| ) |
There was a problem hiding this comment.
When is_offline_export is true, this path now admits any instance with only the can_read tag and then proceeds directly to pre_count_check/workflow creation; it never runs query_priv_check like the normal /query/ endpoint does before executing a read. In the case where a user can see an instance through a resource group but does not have QueryPrivileges for the selected database/table, they can submit an offline export for that data and the job will later execute it, bypassing the per-db/table query permission and limit checks. Please apply the same query privilege check before accepting the export.
Useful? React with 👍 / 👎.
| if ";" in sql: | ||
| return [stmt.strip() for stmt in sql.split(";") if stmt.strip()], sql |
There was a problem hiding this comment.
For engines that use native command syntax rather than SQL, this raw sql.split(";") treats semicolons inside string literals as statement separators. For example a valid Mongo/Elasticsearch-style export filtering on a value like "a;b" becomes two entries and is rejected as multiple statements before the engine-specific query_check can parse it, so single native queries containing semicolons in data can no longer be submitted.
Useful? React with 👍 / 👎.
| check_result.full_sql = sql | ||
|
|
||
| try: | ||
| query_check_info = check_engine.query_check(db_name=db_name, sql=sql) |
There was a problem hiding this comment.
Calling each engine's query_check here rejects valid CTE exports for engines whose interactive checker only whitelists select (for example MySQL/PgSQL/MSSQL), even though this offline-export path previously allowed both select and with. A user submitting WITH cte AS (...) SELECT ... against one of those engines now gets an unsupported-syntax error before the count query runs, so existing CTE-based exports can no longer be submitted.
Useful? React with 👍 / 👎.
1 participant
1、多数据库引擎支持:当前由于数据导出前端做了select和with开头的sql强校验,导致非SQL引擎实际无法使用导出功能。将sql校验由前端改至后端,并区分引擎。
2、优化查询语句的行数判断。
3、优化导出页面的提示词:导出功能可能是基于原上线工单做的,提示词更改。
3、去掉导出页面的备份逻辑:前后端都去掉导出页面的备份逻辑,is_backup默认为False。