Reports Filter Form

Question

Reports Filter Form

Parthian opened this issue a year ago · 3 comments

I have a model with a number of FK and 1to1 fields.
user, department etc.

Reports automatically show these as filters. Awesome.
However, is there a way to not allow 'user' to be a filter?

I have reports where I've set the get_queryset to only allow is_staff to see their own Employee details.

    def get_queryset(self): # show only the users own employee record. Superuser can see all.
        qs = super().get_queryset() # Can't pass in request without error about too many parameters.
        if self.request.user.is_superuser:
            logMessage(f'Reports g_qs IS Superuser = {self.request.user}')
            return qs # just return everything
        adminuser = self.request.user
        return qs.filter(user=adminuser)

The Filters at the top of the report show all Users via the Select2.
This is potentially a minor security concern. All Admin users will be a minimum of staff but they can see all the usernames as is.
Also, as they can only see their own record there is no need for this User Filter. It affords a capability they can't use.

I've had an epic 3 day battle using form_class = EmployeeForm where I've built a Custom Form. But I couldn't get it working properly (too many issues to relate) and the change to the Report Filters is quite minor so I don't really need a Custom Form with all the extra work and complexity.

Is there a way of stating in my @register_report_view class EmployeeList(ReportView): to not show a filter?

Answer 1 · 2023-07-21T19:47:43.000Z

Hello hello 👋!

Check out the docs on how to use your form
https://django-slick-reporting.readthedocs.io/en/latest/howto/index.html

Let me know how it goes ,

Answer 2 · 2023-07-21T20:02:55.000Z

Yeah, that was what I was trying.
I did have a stupid bug in my ReportView where I had this:

report_model = Employee
base_model = Employee # saw my-shop example with both the same

Everything was running twice which was a major issue and only after day 3 was nearly over did I spot the above.
Not sure which my-shop did it (same class twice). May have been a legit reason for your use-case.
But endless other problems mostly when trying to get the logged in User into the FilterForm.

I'm taking a break from this task for a while. May come back to it with a fresh mind.

There may be one concrete thing for you to think about. I had to add the following after the get_end_date methods:
Errors without them. Again, it could be because of other mad things I was doing.

    def get_crispy_helper(self):
        return FormHelper()
    
    def get_crosstab_compute_remainder(self):
        return False # lots of complaints about this being missing.

Have a good weekend.

Answer 3 · 2023-07-21T20:49:18.000Z

I appreciate your work and your reports.
I will look into this

Have a lovely weekend