django-sql-dashboard/django_sql_dashboard/templates/django_sql_dashboard/dashboard.html
{% extends "django_sql_dashboard/base.html" %}
{% load django_sql_dashboard %}
{% block title %}{{ html_title }}{% endblock %}
{% block content %}
<h1>{{ title }}</h1>
{% if too_long_so_use_post %}
<p style="background-color: pink; padding: 0.5em 1em 1em 1em; border: 2px solid red; margin-bottom: 1em">
This SQL is too long to bookmark, so sharing a link to this page will not work for these queries.
</p>
{% endif %}
{% if unverified_sql_queries %}
<div style="background-color: pink; padding: 0.5em 1em 1em 1em; border: 2px solid red; margin-bottom: 1em">
<h2 style="margin-top: 0.5em">Unverified SQL</h2>
<p>The link you followed here included SQL that was missing its verification signatures.</p>
<p>If this link was provided to you by an untrusted source, they may be trying to trick you into executing queries that you do not want to execute.</p>
<p>Review these queries and copy and paste them once you have confirmed them:</p>
{% for query in unverified_sql_queries %}
<p><textarea>{{ query }}</textarea></p>
{% endfor %}
</div>
{% endif %}
<form action="{{ request.path }}" method="POST">
{% csrf_token %}
{% if query_results %}
<p>↓ <a href="#save-dashboard">Save this dashboard</a> | <a href="{{ request.path }}">Remove all queries</a></p>
{% endif %}
{% if parameter_values %}
<h3>Query parameters</h3>
<div class="query-parameters">
{% for name, value in parameter_values %}
<label for="qp{{ forloop.counter }}">{{ name }}</label>
<input type="text" id="qp{{ forloop.counter }}" name="{{ name }}" value="{{ value }}">
{% endfor %}
</div>
<input
class="btn"
type="submit"
value="Run quer{% if query_results|length > 1 %}ies{% else %}y{% endif %}"
/>
{% endif %}
{% for result in query_results %}
{% include result.templates with result=result %}
{% endfor %}
<p>Add {% if not query_results %}a{% else %}another{% endif %} query:</p>
<textarea
style="
width: 60%;
height: 10em;
border: 2px solid #666;
padding: 0.5em;
"
name="sql"
></textarea>
<p>
<input
class="btn"
type="submit"
value="Run quer{% if query_results|length > 1 %}ies{% else %}y{% endif %}"
/>
</p>
{% if query_results %}
<h2 id="save-dashboard">Save this dashboard</h2>
<p>Saved dashboards get their own URL, which can be bookmarked and shared with others.</p>
<div class="save-dashboard-form">
{{ save_form.non_field_errors }}
{{ save_form.as_p }}
<p><input
class="btn"
type="submit"
name="_save"
value="Save dashboard"
/></p>
</div>
{% endif %}
</form>
{% if saved_dashboards %}
<h2>Saved dashboards</h2>
<ul class="dashboard-columns">
{% for dashboard, can_edit in saved_dashboards %}
<li>
<a href="{{ dashboard.get_absolute_url }}" title="{{ dashboard.description }}">{{ dashboard }}</a>
<p>
By <strong>{{ dashboard.owned_by }}</strong>,
Visibility: {{ dashboard.view_summary }}
{% if can_edit %}
- <a href="{{ dashboard.get_edit_url }}">edit</a>
{% endif %}
</p>
</li>
{% endfor %}
</ul>
{% endif %}
<h2>Available tables</h2>
<ul class="dashboard-columns">
{% for table in available_tables %}
<li>
<a href="?sql={% filter sign_sql|urlencode %}select count(*) from {{ table.name }}{% endfilter %}&sql={% autoescape off %}{% filter sign_sql|urlencode %}select {{ table.sql_columns }} from {{ table.name }}{% endfilter %}{% endautoescape %}">{{ table.name }}</a>
<p>{{ table.columns }}</p>
</li>
{% endfor %}
</ul>
{% include "django_sql_dashboard/_script.html" %}
{% endblock %}