Limit database query preview to five

Refs #2735
2026-05-27 12:34:37 +02:00 · 2026-05-25 10:18:36 -07:00 · 2026-05-25 10:18:36 -07:00 · 310c36ae94
commit 310c36ae94
parent 4a70b89355
4 changed files with 35 additions and 10 deletions
--- a/datasette/views/database.py
+++ b/datasette/views/database.py
@ -95,7 +95,7 @@ class DatabaseView(View):
        queries_page = await datasette.list_queries(
            database,
            actor=request.actor,
-            limit=20,
+            limit=5,
            include_private=True,
        )
        canned_queries = queries_page["queries"]
--- a/queries-plan.md
+++ b/queries-plan.md
@ -392,7 +392,7 @@ The save form should call `POST /{database}/-/queries/-/insert` and default to `

 If the actor also has `publish-query`, include a publish control. The UI copy should make it clear that publishing allows people without arbitrary SQL permission to run this query.

-On `/{database}`, show a preview of the first 20 visible queries using `list_queries(..., limit=20)`. If the page has `has_more`, show a link to `/{database}/-/queries` rather than rendering hundreds or thousands of query links inline. The full `/{database}/-/queries` page provides search, filters, and cursor pagination.
+On `/{database}`, show a preview of the first 5 visible queries using `list_queries(..., limit=5)`. If the page has `has_more`, show a link to `/{database}/-/queries` rather than rendering hundreds or thousands of query links inline. The full `/{database}/-/queries` page provides search, filters, and cursor pagination.

 ## Dedicated create query UI

--- a/tests/test_canned_queries.py
+++ b/tests/test_canned_queries.py
@ -248,10 +248,9 @@ def test_json_response(canned_write_client, headers, body, querystring):


 def test_canned_query_permissions_on_database_page(canned_write_client):
-    # Without auth only shows three queries
-    query_names = {
-        q["name"] for q in canned_write_client.get("/data.json").json["queries"]
-    }
+    # Without auth shows the five public queries
+    anon_response = canned_write_client.get("/data.json")
+    query_names = {q["name"] for q in anon_response.json["queries"]}
    assert query_names == {
        "add_name_specify_id_with_error_in_on_success_message_sql",
        "update_name",
@ -259,8 +258,9 @@ def test_canned_query_permissions_on_database_page(canned_write_client):
        "canned_read",
        "add_name",
    }
+    assert anon_response.json["queries_more"] is False

-    # With auth shows four
+    # With auth the database page preview shows the first five queries
    response = canned_write_client.get(
        "/data.json",
        cookies={"ds_actor": canned_write_client.actor_cookie({"id": "root"})},
@ -273,6 +273,31 @@ def test_canned_query_permissions_on_database_page(canned_write_client):
        ],
        key=lambda q: q["name"],
    )
+    assert query_names_and_private == [
+        {"name": "add_name", "private": False},
+        {"name": "add_name_specify_id", "private": False},
+        {
+            "name": "add_name_specify_id_with_error_in_on_success_message_sql",
+            "private": False,
+        },
+        {"name": "canned_read", "private": False},
+        {"name": "delete_name", "private": True},
+    ]
+    assert response.json["queries_more"] is True
+
+    # The full query list endpoint includes the remaining query
+    response = canned_write_client.get(
+        "/data/-/queries.json?_size=10",
+        cookies={"ds_actor": canned_write_client.actor_cookie({"id": "root"})},
+    )
+    assert response.status == 200
+    query_names_and_private = sorted(
+        [
+            {"name": q["name"], "private": q["private"]}
+            for q in response.json["queries"]
+        ],
+        key=lambda q: q["name"],
+    )
    assert query_names_and_private == [
        {"name": "add_name", "private": False},
        {"name": "add_name_specify_id", "private": False},
--- a/tests/test_queries.py
+++ b/tests/test_queries.py
@ -267,10 +267,10 @@ async def test_database_page_query_preview_is_limited():
    json_response = await ds.client.get("/data.json")

    assert html_response.status_code == 200
-    assert "Demo query 20" in html_response.text
-    assert "Demo query 21" not in html_response.text
+    assert "Demo query 05" in html_response.text
+    assert "Demo query 06" not in html_response.text
    assert 'href="/data/-/queries"' in html_response.text
-    assert len(json_response.json()["queries"]) == 20
+    assert len(json_response.json()["queries"]) == 5
    assert json_response.json()["queries_more"] is True