Added unlisted queries with #

CHANGELOG.md

@@ -1,5 +1,6 @@
 ## 1.6.2 [unreleased]
 
+- Added basic query permissions
 - Added cancel button for queries
 - Added `lat` and `lng` as map keys
 

README.md

@@ -420,6 +420,14 @@ data_sources:
     url: presto://user@hostname:8080/catalog
 ```
 
+## Permissions [master]
+
+Blazer supports a simple permissions model.
+
+1. Queries without a name are unlisted
+2. Queries whose name starts with `#` are only listed to the creator
+3. Queries whose name starts with `*` can only be edited by the creator
+
 ## Learn SQL
 
 Have team members who want to learn SQL? Here are a few great, free resources.

app/controllers/blazer/queries_controller.rb

@@ -248,8 +248,10 @@ module Blazer
       @queries = @queries.includes(:creator) if Blazer.user_class
       @queries = @queries.limit(limit) if limit
 
+      @queries = (@my_queries + @queries).select { |q| !q.name.to_s.start_with?("#") || q.try(:creator).try(:id) == blazer_user.try(:id) }
+
       @queries =
-        (@my_queries + @queries).map do |q|
+        @queries.map do |q|
           {
             id: q.id,
             name: view_context.link_to(q.name, q),

app/models/blazer/query.rb

@@ -19,7 +19,7 @@ module Blazer
     end
 
     def editable?(user)
-      (name.present? && name.first != "*") || user == creator
+      (name.present? && name.first != "*" && name.first != "#") || user == creator
     end
   end
 end