SCAL-290924 add personalizedViewId parameter in LiveboardEmbedConfig

[fathima-nooha]

JIRA: https://thoughtspot.atlassian.net/browse/SCAL-290924

Earlier, when user had to open a specific personalized view in liveboard, it was passed along with liveboardId
eg:
liveboardId: "9bd202f5-d431-44bf-9a07-b4f7be372125?view=ae4f71bf-d8bc-4219-a15b-54fdec473efe",
This loads correct personlised view, except when activeViewId is present.

With this PR, we add a new Parameter as below.

const embed = new LiveboardEmbed('#container', {
    liveboardId: 'liveboard-guid',
    personalizedViewId: 'view-guid',  // NEW
});

Expectation:

1. When new view ID is passed (as a new line), and old ID is removed:
   New view ID should be honoured
2. When new view ID is passed (as a new line), while retaining the old view ID:
   we can simply ignore, and new view ID should take precedence as it is a deliberate action from the developer to add the new view ID.
3. When new view ID is not passed (i.e. existing untouched cases):
   Old view ID should continue to be used like before

Bug fix - View param will now be correctly placed at end of URL (fixes issue with activeTabId)

Recording for fix: https://www.loom.com/share/1f654c767a134b339531ebc61b8be6cb

[mnk-blr]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[gemini-code-assist]

Summary of Changes

Hello @fathima-nooha, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the Liveboard embedding functionality by introducing a dedicated personalizedViewId parameter. This new parameter provides a cleaner and more robust way to load specific personalized views, improving the clarity of embed configurations and resolving previous URL parsing inconsistencies, particularly concerning the placement of the view parameter when other parameters like activeTabId are present.

Highlights

• New Parameter Introduction: Introduced a new personalizedViewId parameter in LiveboardEmbedConfig to directly specify a personalized view GUID for Liveboard embeds.
• Backward Compatibility & Precedence: Implemented logic to correctly parse and prioritize the new personalizedViewId over legacy view parameters that might be embedded within the liveboardId string (e.g., liveboardId?view=...).
• URL Parameter Placement Fix: Resolved an issue where the view parameter was not consistently placed at the end of the URL, especially when combined with other parameters like activeTabId.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• src/embed/liveboard.spec.ts
  • Added comprehensive unit tests for the new personalizedViewId parameter, covering its interaction with activeTabId, vizId, and runtime filters.
  • Included tests to verify correct backward compatibility behavior, ensuring that personalizedViewId takes precedence over legacy view parameters found in liveboardId.
  • Adjusted existing test calls to navigateToLiveboardSpy to accommodate the new personalizedViewId parameter.
• src/embed/liveboard.ts
  • Extended LiveboardViewConfig with the new personalizedViewId property, including detailed JSDoc documentation.
  • Refactored getIframeSuffixSrc to extract legacy view parameters from liveboardId and to correctly append the effective viewId (prioritizing personalizedViewId) as a URL query parameter.
  • Updated getIFrameSrc, navigateToLiveboard, and beforePrerenderVisible methods to integrate and utilize the new personalizedViewId.
  • Modified getLiveboardUrl to include the personalizedViewId as a query parameter when generating the Liveboard URL.

Activity

• The pull request addresses JIRA ticket SCAL-290924, indicating it's part of a planned feature or bug fix.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/thoughtspot/visual-embed-sdk/@thoughtspot/visual-embed-sdk@421

commit: 969e677

[gemini-code-assist]

Code Review

This pull request introduces a personalizedViewId parameter to the LiveboardEmbedConfig for loading specific personalized views and includes a bug fix for URL parameter placement. However, the changes introduce potential URL and Route injection vulnerabilities due to concatenating unvalidated and unencoded IDs directly into URL strings and paths. Specifically, getLiveboardUrl is vulnerable to parameter pollution via personalizedViewId, and getIframeSuffixSrc is vulnerable to route injection. Additionally, getLiveboardUrl has a bug where it doesn't correctly handle the legacy ?view= parameter in liveboardId or the precedence of personalizedViewId, which could lead to malformed URLs. It is recommended to use encodeURIComponent for query parameters, validate/sanitize IDs, and add more tests to cover these cases.

[sonar-prod-ts]

SonarQube Quality Gate

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication