Export by safer element's filename or id #19702
Conversation
|
…export work with id
…s to make export work with id
lib/task_helpers/exports.rb
Outdated
| # CustomizationTemplate Hash | ||
| if my_object[:class].include?("CustomizationTemplate") | ||
| image_type_name = my_object.fetch_path(:pxe_image_type, :name) || "Examples" | ||
| tmp_filename = "#{image_type_name}-#{object[:name]}" |
| elsif description_types.include?(my_object.class) | ||
| tmp_filename = my_object.description | ||
| # Handle specifically crafted Hashes | ||
| elsif my_object.class == Hash |
There was a problem hiding this comment.
I think we tend to prefer is_a? or kind_of?
| @@ -1,7 +1,7 @@ | |||
| module TaskHelpers | |||
| class Exports | |||
| class CustomizationTemplates | |||
| EXCLUDE_ATTRS = %i(created_at updated_at id pxe_image_type_id class).freeze | |||
| EXCLUDE_ATTRS = %i(created_at updated_at pxe_image_type_id).freeze | |||
There was a problem hiding this comment.
This change makes me think that this maybe isn't the right way to do this.
There was a problem hiding this comment.
Could you elaborate your thoughts? Whats the point in removing these attributes anyway? You can still throw them away while importing.
|
Hey @inazir, thanks for the PR. I've a couple comments but I've concerns about the approach. |
|
Checked commits inazir/manageiq@5bc8971~...cb01e28 with ruby 2.5.5, rubocop 0.69.0, haml-lint 0.20.0, and yamllint 1.10.0 lib/task_helpers/exports/customization_templates.rb
lib/task_helpers/exports/provision_dialogs.rb
lib/task_helpers/exports/roles.rb
|
|
Hey @d-m-u, could you elaborate your concerns? We're currently very concerned about the state of the export/import function as well. |
|
I'd rather see this added as functionality that's part of the optimist options so you could specify something like |
We already built our implementation upon optimist with a parameter called "super_safe_filenames". The funny thing is that every export is currently handled by a function ".safe_filename" which sadly does not produce properly safe filenames. So, you mean, you would prefer activesupport's parameterize for filename generation and sanitation instead of the proposed implementation of manageiq id's? Are you aware that parameterize is supposed to sanitize url's and not filenames? I do not understand why an ugly textstring which could never be used for re-importing should be taken as filename. Your argument is that less code is needed. Did you think about edge cases?
My point is: relying on a non-unique text string for creating filenames is not a good idea. Is using mangeiq id's the best thing to do? I definitely don't know and I guess not but it ensures a consistent and unique and as far as I can tell safer naming for exported files. |
|
This pull request is not mergeable. Please rebase and repush. |
|
This pull request has been automatically closed because it has not been updated for at least 3 months. Feel free to reopen this pull request if these changes are still valid. Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation. |
Background
If someone puts special characters in the service dialog (for example) name, we will end up with special characters in filenames which will break our repository - at least if we import the repo onto a windows system. This issue is described in details here: rhtconsulting/cfme-rhconsulting-scripts#140
This pull request is supposed to generate a safer filename either by some string fields or by object id.
There is no handling of CustomButtons because safe_filename function is not called from there.
Links