parseablehq · nitisht · Jul 7, 2025 · Jun 30, 2025 · Jun 30, 2025 · Jul 1, 2025
diff --git a/src/cli.rs b/src/cli.rs
@@ -451,7 +451,7 @@ pub struct Options {
         help = "Object store sync threshold in seconds"
     )]
     pub object_store_sync_threshold: u64,
-    // the oidc scope 
+    // the oidc scope
     #[arg(
         long = "oidc-scope",
         name = "oidc-scope",

diff --git a/src/handlers/http/modal/server.rs b/src/handlers/http/modal/server.rs
@@ -300,6 +300,20 @@ impl Server {
                             .authorize(Action::ListDashboard),
                     ),
             )
+            .service(
+                web::resource("/list_tags").route(
+                    web::get()
+                        .to(dashboards::list_tags)
+                        .authorize(Action::ListDashboard),
+                ),
+            )
+            .service(
+                web::resource("/list_by_tag/{tag}").route(
+                    web::get()
+                        .to(dashboards::list_dashboards_by_tag)
+                        .authorize(Action::ListDashboard),
+                ),
+            )
             .service(
                 web::scope("/{dashboard_id}")
                     .service(

diff --git a/src/handlers/http/oidc.rs b/src/handlers/http/oidc.rs
@@ -77,7 +77,13 @@ pub async fn login(
     let session_key = extract_session_key_from_req(&req).ok();
     let (session_key, oidc_client) = match (session_key, oidc_client) {
         (None, None) => return Ok(redirect_no_oauth_setup(query.redirect.clone())),
-        (None, Some(client)) => return Ok(redirect_to_oidc(query, client, PARSEABLE.options.scope.to_string().as_str())),
+        (None, Some(client)) => {
+            return Ok(redirect_to_oidc(
+                query,
+                client,
+                PARSEABLE.options.scope.to_string().as_str(),
+            ))
+        }
         (Some(session_key), client) => (session_key, client),
     };
     // try authorize
@@ -113,7 +119,11 @@ pub async fn login(
             } else {
                 Users.remove_session(&key);
                 if let Some(oidc_client) = oidc_client {
-                    redirect_to_oidc(query, oidc_client, PARSEABLE.options.scope.to_string().as_str())
+                    redirect_to_oidc(
+                        query,
+                        oidc_client,
+                        PARSEABLE.options.scope.to_string().as_str(),
+                    )
                 } else {
                     redirect_to_client(query.redirect.as_str(), None)
                 }

diff --git a/src/handlers/http/users/dashboards.rs b/src/handlers/http/users/dashboards.rs
@@ -16,6 +16,8 @@
  *
  */
 
+use std::collections::HashMap;
+
 use crate::{
     handlers::http::rbac::RBACError,
     storage::ObjectStorageError,
@@ -68,37 +70,88 @@ pub async fn create_dashboard(
 pub async fn update_dashboard(
     req: HttpRequest,
     dashboard_id: Path<String>,
-    Json(mut dashboard): Json<Dashboard>,
+    dashboard: Option<Json<Dashboard>>,
 ) -> Result<impl Responder, DashboardError> {
     let user_id = get_hash(&get_user_from_request(&req)?);
     let dashboard_id = validate_dashboard_id(dashboard_id.into_inner())?;
+    let mut existing_dashboard = DASHBOARDS
+        .get_dashboard_by_user(dashboard_id, &user_id)
+        .await
+        .ok_or(DashboardError::Metadata(
+            "Dashboard does not exist or user is not authorized",
+        ))?;
 
-    // Validate all tiles have valid IDs
-    if let Some(tiles) = &dashboard.tiles {
-        if tiles.iter().any(|tile| tile.tile_id.is_nil()) {
-            return Err(DashboardError::Metadata("Tile ID must be provided"));
-        }
+    let query_map = web::Query::<HashMap<String, String>>::from_query(req.query_string())
+        .map_err(|_| DashboardError::InvalidQueryParameter)?;
+
+    // Validate: either query params OR body, not both
+    let has_query_params = !query_map.is_empty();
+    let has_body_update = dashboard
+        .as_ref()
+        .is_some_and(|d| d.title != existing_dashboard.title || d.tiles.is_some());
+
+    if has_query_params && has_body_update {
+        return Err(DashboardError::Metadata(
+            "Cannot use both query parameters and request body for updates",
+        ));
     }
 
-    // Check if tile_id are unique
-    if let Some(tiles) = &dashboard.tiles {
-        let unique_tiles: Vec<_> = tiles
-            .iter()
-            .map(|tile| tile.tile_id)
-            .collect::<std::collections::HashSet<_>>()
-            .into_iter()
-            .collect();
-
-        if unique_tiles.len() != tiles.len() {
-            return Err(DashboardError::Metadata("Tile IDs must be unique"));
+    let mut final_dashboard = if has_query_params {
+        // Apply partial updates from query parameters
+        if let Some(is_favorite) = query_map.get("isFavorite") {
+            existing_dashboard.is_favorite = Some(is_favorite == "true");
         }
-    }
+        if let Some(tags) = query_map.get("tags") {
+            let parsed_tags: Vec<String> = tags
+                .split(',')
+                .map(|s| s.trim())
+                .filter(|s| !s.is_empty())
+                .map(|s| s.to_string())
+                .collect();
+            existing_dashboard.tags = if parsed_tags.is_empty() {
+                None
+            } else {
+                Some(parsed_tags)
+            };
+        }
+        if let Some(rename_to) = query_map.get("renameTo") {
+            let trimmed = rename_to.trim();
+            if trimmed.is_empty() {
+                return Err(DashboardError::Metadata("Rename to cannot be empty"));
+            }
+            existing_dashboard.title = trimmed.to_string();
+        }
+        existing_dashboard
+    } else {
+        let dashboard = dashboard
+            .ok_or(DashboardError::Metadata("Request body is required"))?
+            .into_inner();
+        if let Some(tiles) = &dashboard.tiles {
+            if tiles.iter().any(|tile| tile.tile_id.is_nil()) {
+                return Err(DashboardError::Metadata("Tile ID must be provided"));
+            }
+
+            // Check if tile_id are unique
+            let unique_tiles: Vec<_> = tiles
+                .iter()
+                .map(|tile| tile.tile_id)
+                .collect::<std::collections::HashSet<_>>()
+                .into_iter()
+                .collect();
+
+            if unique_tiles.len() != tiles.len() {
+                return Err(DashboardError::Metadata("Tile IDs must be unique"));
+            }
+        }
+
+        dashboard
+    };
 
     DASHBOARDS
-        .update(&user_id, dashboard_id, &mut dashboard)
+        .update(&user_id, dashboard_id, &mut final_dashboard)
         .await?;
 
-    Ok((web::Json(dashboard), StatusCode::OK))
+    Ok((web::Json(final_dashboard), StatusCode::OK))
 }
 
 pub async fn delete_dashboard(
@@ -145,6 +198,26 @@ pub async fn add_tile(
     Ok((web::Json(dashboard), StatusCode::OK))
 }
 
+pub async fn list_tags() -> Result<impl Responder, DashboardError> {
+    let tags = DASHBOARDS.list_tags().await;
+    Ok((web::Json(tags), StatusCode::OK))
+}
+
+pub async fn list_dashboards_by_tag(tag: Path<String>) -> Result<impl Responder, DashboardError> {
+    let tag = tag.into_inner();
+    if tag.is_empty() {
+        return Err(DashboardError::Metadata("Tag cannot be empty"));
+    }
+
+    let dashboards = DASHBOARDS.list_dashboards_by_tag(&tag).await;
+    let dashboard_summaries = dashboards
+        .iter()
+        .map(|dashboard| dashboard.to_summary())
+        .collect::<Vec<_>>();
+
+    Ok((web::Json(dashboard_summaries), StatusCode::OK))
+}
+
 #[derive(Debug, thiserror::Error)]
 pub enum DashboardError {
     #[error("Failed to connect to storage: {0}")]
@@ -159,6 +232,8 @@ pub enum DashboardError {
     Custom(String),
     #[error("Dashboard does not exist or is not accessible")]
     Unauthorized,
+    #[error("Invalid query parameter")]
+    InvalidQueryParameter,
 }
 
 impl actix_web::ResponseError for DashboardError {
@@ -170,6 +245,7 @@ impl actix_web::ResponseError for DashboardError {
             Self::UserDoesNotExist(_) => StatusCode::NOT_FOUND,
             Self::Custom(_) => StatusCode::INTERNAL_SERVER_ERROR,
             Self::Unauthorized => StatusCode::UNAUTHORIZED,
+            Self::InvalidQueryParameter => StatusCode::BAD_REQUEST,
         }
     }