Fix 12 bugs found in full-source audit of main#140
Merged
Conversation
Backend (Python):
- ponyorm: use get_model_pk_name in search instead of hardcoded `id`
(search 500'd for models with a non-`id` primary key)
- ponyorm: build ordering in a single order_by() call so mixed asc/desc
fields keep their declared priority (Pony prepends per-call)
- sqlalchemy: filter m2m/relationship fields via any()/has() on the related
pk instead of a scalar comparison that raised InvalidRequestError (500)
- flask: return a real HTTP 500 with a generic message (was HTTP 200 leaking
the exception text), and emit API errors as JSON {"detail": ...} matching
the Django/FastAPI integrations instead of werkzeug HTML pages
- api: make sanitize_filter_value type-aware so text fields keep the literal
"true"/"false"/"null" strings; add shared build_query_filters helper
- base: correct the self-contradictory sortable_by docstring
Frontend (React/TS):
- transform: detect dayjs with dayjs.isDayjs() instead of truthy `value.date`
(a plain object with a `date` key crashed form submission)
- transform: parse date/time strings to dayjs only for date widgets, threaded
through change/inline/async-select so text fields are no longer corrupted
- form-container: Checkbox.Group binds via `value`, not `checked`
- dashboard-action-widget: handle errors on run/refresh actions
- change/add: use the react-query v5 invalidateQueries({ queryKey }) signature
Adds unit tests for the type-aware filter value, build_query_filters, the
widget-aware transforms, and the updated invalidateQueries calls.
Covers the new m2m/to-one relationship filter branch in orm_get_list (any() for collections with exact/in, has() for to-one relations).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Full-source bug audit of the
mainbranch across the Python backend (models, service, ORM adapters, framework integrations) and the React/TS frontend. 12 confirmed bugs, each fixed with tests where applicable.High severity
idprimary keys —ponyorm.pyhardcoded.id; now usesget_model_pk_name, so search no longer 500s for models with a custom PK.datekey breaks form save —transform.tsxdetected dayjs via truthyvalue.date; now usesdayjs.isDayjs(), so a plain object no longer throws on submit.Checkbox.Groupis controlled viavalue, notchecked; removed it from thevaluePropName="checked"list.Medium severity
.any()/.has()on the related pk instead of a scalar comparison that raisedInvalidRequestError.order_by()call, inverting priority; now built in a single call preserving declared order.{"detail": ...}matching the Django/FastAPI integrations, so the shared frontend can read the message.transformValueFromServercoerced by shape alone; now widget-aware (only date widgets parse to dayjs), threaded through change/inline/async-select.Low severity
sortable_bydocstring — corrected the self-contradictory documentation to match code behavior."true"/"false"/"null"coerced for all field types —sanitize_filter_valueis now type-aware so text fields keep the literal strings; added a sharedbuild_query_filtershelper.invalidateQueriesover-invalidated — updated to the react-query v5{ queryKey }signature.Validation
ruffandtyclean.tsc,biome, andeslintclean.