Allow groups to access queries (PR #36)

In Javascript code we use camelCase not snake_case for variables.

                {{multi-select values=selectedItem.group_ids content=groupOptions}}
              {{#if runDisabled}}

Again quite weird indentation here.

{{group-reports-nav-item group = this.group}}

Does this work properly? You shouldn’t need to use this in a hbs template.

Can you use {{link-to}} here? If not this link will need to be aware of subfolder installations of Discourse. (usually a call to Discourse.getURL

          return render(status: 404, json: {}) unless user_included_in_group(group)
          return render(status: 404, json: {}) unless user_can_access_query(query)

Agreed!

:+1:

Great idea. I will do that.

It does work, but I can certainly remove this.

@eviltrout Prettier is forcing it onto multiple line

We can!

All of this is unnecessary, and has been removed.

Overall this looks great, I also love the UX and positioning! great job

General pattern though it is a bit hard for me to review every line of the spec file, but can you confirm the new public controller actions all have an integration test to ensure users who are not allowed have no access and one’s allowed do.

@SamSaffron I have added integration tests (before I had filters, and tested those, but never actually hitting the endpoint that use the filters), and removed the stubbing.

Thanks for the big piece of work. I’ve provided feedback.

@eviltrout I addressed all your comments. Thanks for the thorough review!

There are lots of places in this PR that use .set no need really.

this.showReportsTab = response.queries.length > 0; reads much better (there are quite a few similar places in the PR)

probably worth renaming this to queryPromise and so on … p1,p2,p3 is somewhat confusing.