Service fetch: variables are always string, allow access to data as list, dict etc. #3672
Comments
LaurensBurger
added
triage
Bluntly casting everything to str gives "lists" like `"[1, 2, 3]"`.
and `{{mylist.0}}` results in `"["`, not `1`.
Unsure if `datetime.*` should be cast to string or kept in tact,
because I don't know exactly what's meant with:
# Explicitly cast values to strings to avoid localization
which was added in the switch from simple `{ }` interpolation to the
Django template double bracket `{{ }}`
Maybe it was just to avoid 1.1 -> "1,1"?
I guess neither this `str(datetime.datetime.now())` nor the default that
Django template rendering gives, are the iso form an api probably wants.
But strings don't play well with the `|date` filter in the templates.
|
Refinement: This needs a stakeholder. We rely on feedback to make this feature better but are not going to do it on our own. Small discussion about the use case for service fetch (SF): Joeri: SF should be used a last resort; If a service/usage is crafted multiple times, this should evolve a separate plugin. |
joeribekker
removed
the
triage
|
The fix to avoid localization while still allowing template expressions to post-process variables is too complicated to figure out in safe way. The inputs (template context) need to be escaped properly for the context where they will be used (request headers, query params or request URL), but that intrinsically causes However, only doing the escaping on the result of the template evaluation does also not work since unsafe characters can be injected and we can no longer see the individual bits that they're made up of. This implementation is flawed because it was built with python string formatting in mind and not the django template engine, and this is amplified by some variables sometimes being a JSON type (e.g. a date in |
|
I had some time to let this sink in, and came to these conclusions:
To progress this, let's make the private You can then update service fetch to call That allows users to access deep nested keys/lists, while making sure we can avoid data localization and can sanitize the data according to the usage context (query, header, path). We then need to document that a limitation of service fetch is that its context variables are always strings. |
This fix is done deliberately in this way. As mentioned in the ticket itself, service fetch has more issues than the templating aspect. With this we allow users to have access to nested values and avoid localization when the flag transform_leaf is set to True.
…etch-allow-access-to-list-dict [#3672] Allow access to data as list, dict in service fetch
Thema / Theme
Form designer
Omschrijving / Description
Currently all variables used in service fetch as query/header parameters are string, this does not allow a form builder to retrieve elements from list, dicts etc.
list =
["foo", "bar"]When using {{ list.0 }} i expect "foo" in my query, but instead i get "["
Workaround currently is to first store list.0 in a separate string variable to be used as "foo" in my request.
The text was updated successfully, but these errors were encountered: