Skip to content

Commit

Permalink
Fix issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidtsuk
davidtsuk committed Jun 27, 2023
1 parent a8a35ea commit 6e7ac53
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 5 deletions.
9 changes: 4 additions & 5 deletions snuba/admin/production_queries/prod_queries.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

from flask import Response

from snuba import settings
from snuba.admin.audit_log.query import audit_log
from snuba.clickhouse.query_dsl.accessors import get_object_ids_in_query_ast
from snuba.datasets.dataset import Dataset
Expand All @@ -13,10 +14,6 @@
from snuba.utils.metrics.timer import Timer
from snuba.web.views import dataset_query

# For now, we only allow project_id = 1 for all queries.
# This is a temporary variable and will be replaced by a role based system in the future.
ALLOWED_PROJECT_IDS = [3]


def run_snql_query(body: Dict[str, Any], user: str) -> Response:
"""
Expand Down Expand Up @@ -45,7 +42,9 @@ def validate_projects_in_query(body: Dict[str, Any], dataset: Dataset) -> None:
if project_ids is None:
raise InvalidQueryException("Missing project ID")

disallowed_project_ids = project_ids.difference(set(ALLOWED_PROJECT_IDS))
disallowed_project_ids = project_ids.difference(
set(settings.ADMIN_ALLOWED_PROD_PROJECTS)
)
if len(disallowed_project_ids) > 0:
raise InvalidQueryException(
f"Cannot access the following project ids: {disallowed_project_ids}"
Expand Down
2 changes: 2 additions & 0 deletions snuba/settings/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@
os.environ.get("ADMIN_REPLAYS_SAMPLE_RATE_ON_ERROR", 1.0)
)

ADMIN_ALLOWED_PROD_PROJECTS: Sequence[int] = []

######################
# End Admin Settings #
######################
Expand Down

0 comments on commit 6e7ac53

Please sign in to comment.