Fix for columns named after reserved words, closes #134

Author: simonw

django_sql_dashboard/templates/django_sql_dashboard/dashboard.html

@@ -101,7 +101,7 @@ <h2>Available tables</h2>
 <ul class="dashboard-columns">
   {% for table in available_tables %}
   <li>
-    <a href="?sql={% filter sign_sql|urlencode %}select count(*) from {{ table.name }}{% endfilter %}&sql={% filter sign_sql|urlencode %}select {{ table.columns }} from {{ table.name }}{% endfilter %}">{{ table.name }}</a>
+    <a href="?sql={% filter sign_sql|urlencode %}select count(*) from {{ table.name }}{% endfilter %}&sql={% autoescape off %}{% filter sign_sql|urlencode %}select {{ table.sql_columns }} from {{ table.name }}{% endfilter %}{% endautoescape %}">{{ table.name }}</a>
     <p>{{ table.columns }}</p>
   </li>
   {% endfor %}

django_sql_dashboard/utils.py

@@ -93,3 +93,15 @@ def is_valid_base64_json(s):
         return True
     except (json.JSONDecodeError, binascii.Error, UnicodeDecodeError):
         return False
+
+
+_reserved_words = None
+
+
+def postgresql_reserved_words(connection):
+    global _reserved_words
+    if _reserved_words is None:
+        with connection.cursor() as cursor:
+            cursor.execute("select word from pg_get_keywords() where catcode = 'R'")
+            _reserved_words = [row[0] for row in cursor.fetchall()]
+    return _reserved_words

django_sql_dashboard/views.py

@@ -16,12 +16,16 @@
     StreamingHttpResponse,
 )
 from django.shortcuts import get_object_or_404, render
+from django.utils.safestring import mark_safe
+
+from psycopg2.extensions import quote_ident
 
 from .models import Dashboard
 from .utils import (
     check_for_base64_upgrade,
     displayable_rows,
     extract_named_parameters,
+    postgresql_reserved_words,
     sign_sql,
     unsign_sql,
 )
@@ -137,18 +141,24 @@ def _dashboard_index(
     alias = getattr(settings, "DASHBOARD_DB_ALIAS", "dashboard")
     row_limit = getattr(settings, "DASHBOARD_ROW_LIMIT", None) or 100
     connection = connections[alias]
+    reserved_words = postgresql_reserved_words(connection)
     with connection.cursor() as tables_cursor:
         tables_cursor.execute(
             """
             with visible_tables as (
               select table_name
-              from information_schema.tables
-              where table_schema = 'public'
-              order by table_name
+                from information_schema.tables
+                where table_schema = 'public'
+                order by table_name
+            ),
+            reserved_keywords as (
+              select word
+                from pg_get_keywords()
+                where catcode = 'R'
             )
             select
               information_schema.columns.table_name,
-              string_agg(column_name, ', ' order by ordinal_position) as columns
+              array_to_json(array_agg(column_name order by ordinal_position)) as columns
             from
               information_schema.columns
             join
@@ -162,8 +172,19 @@ def _dashboard_index(
               information_schema.columns.table_name
         """
         )
+        fetched = tables_cursor.fetchall()
         available_tables = [
-            {"name": t[0], "columns": t[1]} for t in tables_cursor.fetchall()
+            {
+                "name": row[0],
+                "columns": ", ".join(row[1]),
+                "sql_columns": ", ".join(
+                    [
+                        '"{}"'.format(column) if column in reserved_words else column
+                        for column in row[1]
+                    ]
+                ),
+            }
+            for row in fetched
         ]
 
     parameters = []

test_project/config/settings.py

@@ -22,6 +22,7 @@
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "django_sql_dashboard",
+    "extra_models",
 ]
 
 MIDDLEWARE = [

test_project/extra_models/models.py

@@ -0,0 +1,9 @@
+from django.db import models
+
+
+class Switch(models.Model):
+    name = models.SlugField()
+    on = models.BooleanField(default=False)
+
+    class Meta:
+        db_table = "switches"

test_project/test_dashboard.py

@@ -199,22 +199,38 @@ def test_saved_dashboard_errors_sql_not_in_textarea(admin_client, saved_dashboar
     assert '<pre class="sql">this is bad</pre>' in html
 
 
-def test_dashboard_show_available_tables(admin_client, dashboard_db):
+def test_dashboard_show_available_tables(admin_client):
     response = admin_client.get("/dashboard/")
     soup = BeautifulSoup(response.content, "html5lib")
     lis = soup.find("ul").findAll("li")
     details = [
-        {"table": li.find("a").text, "columns": li.find("p").text}
+        {
+            "table": li.find("a").text,
+            "columns": li.find("p").text,
+            "href": li.find("a")["href"],
+        }
         for li in lis
         if li.find("a").text.startswith("django_sql_dashboard")
+        or li.find("a").text == "switches"
     ]
+    # Decode the href in each one into a SQL query
+    for detail in details:
+        href = detail.pop("href")
+        detail["href_sql"] = urllib.parse.parse_qs(href)["sql"][0].rsplit(":", 1)[0]
     assert details == [
         {
             "table": "django_sql_dashboard_dashboard",
             "columns": "id, slug, title, description, created_at, edit_group_id, edit_policy, owned_by_id, view_group_id, view_policy",
+            "href_sql": "select id, slug, title, description, created_at, edit_group_id, edit_policy, owned_by_id, view_group_id, view_policy from django_sql_dashboard_dashboard",
         },
         {
             "table": "django_sql_dashboard_dashboardquery",
             "columns": "id, sql, dashboard_id, _order",
+            "href_sql": "select id, sql, dashboard_id, _order from django_sql_dashboard_dashboardquery",
+        },
+        {
+            "table": "switches",
+            "columns": "id, name, on",
+            "href_sql": 'select id, name, "on" from switches',
         },
     ]