Exact

Exact Union RegExp

Bannon Tanner 44bac11628 SECURITY: Group report details expose raw Data Explorer SQL to non-admin group members (#40919) ... ## Summary Prevent the exposure of raw Data Explorer SQL to non-admin group members when viewing report details. The sql attribute is now correctly gated to administrators within the query details serializer. ## Source - Patch Triage: https://patch.discourse.org/patch-triage/1290 - Affected file: https://github.com/discourse/discourse/blob/main/plugins/discourse-data-explorer/app/serializers/discourse_data_explorer/query_details_serializer.rb --- 🤖 Auto-generated from the patch diff via Patch Triage. Review carefully before merging. Co-authored-by: discourse-patch-triage <272280883+discourse-patch-triage[bot]@users.noreply.github.com>		2026-06-16 13:46:19 -05:00
..
automation	DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073)	2025-10-06 16:11:01 +02:00
fabricators
integration	DEV: Tidy plugin API key scope resource names (#38640)	2026-03-17 13:03:42 +11:00
jobs	DEV: Switch DE agent to use tools for structure and accuracy (#40315)	2026-06-03 22:08:44 +08:00
lib	DEV: Switch DE agent to use tools for structure and accuracy (#40315)	2026-06-03 22:08:44 +08:00
models
requests	SECURITY: Group report details expose raw Data Explorer SQL to non-admin group members (#40919)	2026-06-16 13:46:19 -05:00
system	DEV: Persist dashboard configuration in table and *not* on closure of the dialog (#40546)	2026-06-04 10:53:59 +08:00
tasks	DEV: Fix deprecations in plugins specs and silence output (#39257)	2026-04-15 00:00:46 +02:00
data_explorer_spec.rb	FIX: Data Explorer post relations expose private post excerpts to group report users (#39819)	2026-05-07 14:41:16 +10:00
guardian_spec.rb	PERF: Add Users to Group Pt. 1 (#38737)	2026-03-26 09:11:22 -05:00
report_generator_spec.rb	SECURITY: Check for no group assignments in data-explorer queries	2026-02-26 12:22:54 +00:00
result_format_converter_spec.rb
result_to_markdown_spec.rb