Filter in a shared chart

viz-centric / flair-bi

Flair BI - Open source Business Intelligence (BI) & Analytics platform

https://www.vizcentric.com/product.html

Apache License 2.0

28 stars 23 forks source link

Filter in a shared chart #452

Open fabiofilz opened 4 years ago

fabiofilz commented 4 years ago

Hi Vizcentric team,

We would like to apply a filter in a shared chart so it would be possible to place the chart into a webpage and apply filters without the need to use the flair-bi screen.

For example: A CRM screen which contains customer details could have the historic data and also a chart from flair-bi with real time data. It would require to to apply parameters filters through the url for a specify customer or any other field available in the flair-bi source.

Kind regards, Fabio

admin-vizcentric commented 4 years ago

Hi @fabiofilz

Applying filter through iFrame URL is not recommended as it’s prone to SQL injections. Due to this security vulnerability Flair BI platform will not support applying filter parameters through the iFrame URL.

However, If you want to apply filters on the visualization and then iFrame it on external site that’s possible, you can apply filters on visualization through data constraints on the Visualization widget menu.

pasted image 0

You can apply the filters on dimension values that will reflect in the iFrame widget however it is static selection.

pasted image 0 (1)

At the moment the constraints can only be applied on non-date type fields, we plan to release feature in March which lets users apply filters on Dynamic date range like Last 7 days, Month to date, Year to date, Custom X days etc.

Thanks, Vizcentric Team

fabiofilz commented 4 years ago

Hi @admin-vizcentric,

Sorry for the late response.

1 - I see the issue. Is there any way that we could apply pre-defined filters using iFrame URL from an external application or deal with the SQL injection? It would create a powerful way to use the shared graphic if we could filter the data dynamically from other front end. Not sure if would be possible to enable it when using cors with allowed-origins?

2 - I am not able to edit the SQL statement in the Data constraints screen.

Thank you. Fabio

admin-vizcentric commented 4 years ago

Hi @fabiofilz

1) Yes, its possible for us to provide the functionality to pass filter parameters through the URL, however, that will be open doors for SQL injection as you stated. It is possible to avoid SQL injections as well and for which we need to do some development from our side. At this point we can not give an estimate on when this will be available, but we will keep you posted. 2) The SQL which shows up in Data Constraints is only for you view and understand how, flair engine transforms your inputs into queries and is not meant for user input. Allowing a user to input SQL will raise SQL Injection concerns.

Thanks, Vizcentric Team

fabiofilz commented 4 years ago

Hi @admin-vizcentric,

1 - Ok, that's great. Thank you for considering this alternative and for the positive feedback.

2 - Would it be possible to include "order by"? My understanding is that this screen will be available only to the administrator/developer and not for everybody. Am I right? PS.: We created a read only user to connect to the Database.

Kind regards, Fabio