SIMSBIOHUB-647: Create Observations Page #1444
Conversation
|
Openshift URLs for the PR Deployment: |
mauberti-bc
added
Early Feedback Welcome
mauberti-bc
added
Ready For Review
app/src/features/surveys/observations/create/CreateObservationPage.tsx
Outdated
Show resolved
Hide resolved
|
I pushed up a few misc changes. Mostly just some component cleanup and addressing a few react dependency complaints, etc. |
NickPhura
force-pushed
the
SIMSBIOHUB-647b
branch
from
a9ff7b5 to
def7139
Compare
NickPhura
added
Early Feedback Welcome
wip wip: create location and date sections on form wip: style subcount form wip: adding measurements to subcounts add dual autocomplete subcount form subcount table on create observation page fix measurement search show measurement options in subcount table on create observation page wip: formik validation add subcount sign placeholder to create request wip: environments incorrectly formatted in handlesubmit fix incorrect key fix environments on create observations page fix measurement interfaces SIMSBIOHUB-659: Add Pagination to System Alerts on Admin Page (#1459) Add Pagination to System Alerts on Admin Page --------- Co-authored-by: Nick Phura <[email protected]> Update CSV Error Import Dialog Styling (#1456) - update csv import error dialog - replace failure snackbar & add frontend pagination to csv import errors BugFix: Fix Type for Capture Attachments (#1460) - modifying critter index file --------- Co-authored-by: Macgregor Aubertin-Young <[email protected]> Co-authored-by: Macgregor Aubertin-Young <[email protected]> BugFix: Method Attributes SQL (#1462) - fix sql Added DualAutocompleteUnitField.tsx to help reduce the size of the DualAutocompleteField.tsx. Renamed some of the dual autocomplete field props, just to make them more consistent/predictable. Fixed missing props in create/edit technique vantages (missing category data type prop). Add formik snackbar error component to observation form. Addressed a few react missing dependency warnings. Update missed jsdoc comments. Update missed jsdoc comments 2. WIP: Add create observation sampling fields. Working sampling fields. Enhancements to sampling fields
NickPhura
force-pushed
the
SIMSBIOHUB-647b
branch
from
e0b3dde to
4683f3f
Compare
- WIP: observation db migrations. - Add database-models.
Fix subcount types. Fix existing unit tests.
…nto SIMSBIOHUB-647b
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
NickPhura
added
Ready For Review
| if (pagination.sort && pagination.order) { | ||
| if (pagination.sort === 'subcount') { | ||
| const knex = getKnex(); | ||
| query.orderByRaw(knex.raw(`(subcount->>?)::numeric ${pagination.order}`, [pagination.sort])); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
| if (pagination.sort && pagination.order) { | ||
| if (pagination.sort === 'subcount') { | ||
| const knex = getKnex(); | ||
| query.orderByRaw(knex.raw(`(subcount->>?)::numeric ${pagination.order}`, [pagination.sort])); |
Check failure
Code scanning / CodeQL
Database query built from user-controlled sources High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 23 hours ago
To fix the problem, we need to ensure that the user-provided pagination.order value is safely embedded into the SQL query. This can be achieved by using parameterized queries or by explicitly validating and sanitizing the input before using it in the query.
The best way to fix this issue without changing existing functionality is to validate the pagination.order value to ensure it is either 'asc' or 'desc' before using it in the query. This can be done by using a conditional check and throwing an error if the value is invalid.
| @@ -293,2 +293,5 @@ | ||
| const knex = getKnex(); | ||
| if (pagination.order !== 'asc' && pagination.order !== 'desc') { | ||
| throw new Error('Invalid order value'); | ||
| } | ||
| query.orderByRaw(knex.raw(`(subcount->>?)::numeric ${pagination.order}`, [pagination.sort])); |
There was a problem hiding this comment.
question: Do you think we should name this directory database-units or something like database-types / database-enums. I see in the database there is an additional type / enum for alert_severity would this also be a database-unit?
There was a problem hiding this comment.
Open to any name for the folder. Can't remember how I landed on unit. Probably just trying to pick something generic that could cover database enums (but also any other enum-like concept, if there are others?), and which aren't specifically table models.
| ], | ||
| properties: { | ||
| observation_environment_qualitative_id: { | ||
| type: 'integer' |
| required: ['observation_environment_quantitative_id', 'environment_quantitative_id', 'value'], | ||
| properties: { | ||
| observation_environment_quantitative_id: { | ||
| type: 'integer' |
| required: ['observation_subcount_id', 'subcount', 'comment', 'qualitative_measurements', 'quantitative_measurements'], | ||
| properties: { | ||
| observation_subcount_id: { | ||
| type: 'integer' |
| schema: { | ||
| type: 'array', | ||
| items: { | ||
| type: 'integer' |
| description: 'ITIS TSN number', | ||
| required: false, | ||
| schema: { | ||
| type: 'integer', |
Links to Jira Tickets
Description of Changes
Testing Notes
TODO