feat: Data scanner (baserow#4955)

Author: bram2w

backend/src/baserow/api/admin/views.py

@@ -13,6 +13,7 @@
 from baserow.api.exceptions import (
     InvalidSortAttributeException,
     InvalidSortDirectionException,
+    QueryParameterValidationException,
 )
 from baserow.api.mixins import (
     FilterableViewMixin,
@@ -22,6 +23,7 @@
 from baserow.api.pagination import PageNumberPagination
 from baserow.api.schemas import get_error_schema
 from baserow.api.serializers import get_example_pagination_serializer_class
+from baserow.core.utils import split_comma_separated_string
 
 
 class APIListingView(
@@ -46,11 +48,13 @@ def get(self, request):
 
         search = request.GET.get("search")
         sorts = request.GET.get("sorts")
+        ids_param = request.GET.get("ids")
 
         queryset = self.get_queryset(request)
         queryset = self.apply_filters(request.GET, queryset)
         queryset = self.apply_search(search, queryset)
         queryset = self.apply_sorts_or_default_sort(sorts, queryset)
+        queryset = self.apply_ids_filter(ids_param, queryset)
 
         paginator = PageNumberPagination(limit_page_size=100)
         page = paginator.paginate_queryset(queryset, request, self)
@@ -61,6 +65,30 @@ def get(self, request):
     def get_queryset(self, request):
         raise NotImplementedError("The get_queryset method must be set.")
 
+    def apply_ids_filter(self, ids_param, queryset):
+        if not ids_param:
+            return queryset
+
+        record_ids = split_comma_separated_string(ids_param)
+
+        invalid_id = next(
+            (record for record in record_ids if not record.isdigit()), None
+        )
+        if invalid_id is not None:
+            raise QueryParameterValidationException(
+                {
+                    "ids": [
+                        {
+                            "code": "invalid",
+                            "error": f"'{invalid_id}' is not a valid ID. Only positive "
+                            f"integers are accepted.",
+                        }
+                    ]
+                }
+            )
+
+        return queryset.filter(id__in=[int(record_id) for record_id in record_ids])
+
     def get_serializer(self, request, *args, **kwargs):
         if not self.serializer_class:
             raise NotImplementedError(
@@ -134,6 +162,13 @@ def get_extend_schema_parameters(
                     type=OpenApiTypes.INT,
                     description=f"Defines how many {name} should be returned per page.",
                 ),
+                OpenApiParameter(
+                    name="ids",
+                    location=OpenApiParameter.QUERY,
+                    type=OpenApiTypes.STR,
+                    description=f"A comma-separated list of {name} IDs to filter by. "
+                    f"When provided, only {name} with those IDs are returned.",
+                ),
                 *(extra_parameters or []),
             ],
             "responses": {

backend/src/baserow/api/admin/workspaces/serializers.py

@@ -53,3 +53,11 @@ class Meta:
             "free_users",
             "created_on",
         )
+
+
+class AdminWorkspaceOptionsSerializer(serializers.ModelSerializer):
+    value = serializers.CharField(source="name")
+
+    class Meta:
+        model = Workspace
+        fields = ("id", "value")

backend/src/baserow/api/admin/workspaces/urls.py

@@ -1,10 +1,15 @@
 from django.urls import re_path
 
-from baserow.api.admin.workspaces.views import WorkspaceAdminView, WorkspacesAdminView
+from baserow.api.admin.workspaces.views import (
+    WorkspaceAdminView,
+    WorkspaceOptionsAdminView,
+    WorkspacesAdminView,
+)
 
 app_name = "baserow.api.admin.workspaces"
 
 urlpatterns = [
     re_path(r"^$", WorkspacesAdminView.as_view(), name="list"),
+    re_path(r"^options/$", WorkspaceOptionsAdminView.as_view(), name="options"),
     re_path(r"^(?P<workspace_id>[0-9]+)/$", WorkspaceAdminView.as_view(), name="edit"),
 ]

backend/src/baserow/api/admin/workspaces/views.py

@@ -7,7 +7,7 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
-from baserow.api.admin.views import AdminListingView
+from baserow.api.admin.views import AdminListingView, APIListingView
 from baserow.api.decorators import map_exceptions
 from baserow.api.errors import ERROR_GROUP_DOES_NOT_EXIST
 from baserow.api.schemas import get_error_schema
@@ -19,7 +19,10 @@
 from baserow.core.usage.handler import UsageHandler
 
 from .errors import ERROR_CANNOT_DELETE_A_TEMPLATE_GROUP
-from .serializers import WorkspacesAdminResponseSerializer
+from .serializers import (
+    AdminWorkspaceOptionsSerializer,
+    WorkspacesAdminResponseSerializer,
+)
 
 
 class WorkspacesAdminView(AdminListingView):
@@ -62,6 +65,30 @@ def get(self, request):
         return super().get(request)
 
 
+class WorkspaceOptionsAdminView(APIListingView):
+    permission_classes = (IsAdminUser,)
+    serializer_class = AdminWorkspaceOptionsSerializer
+    search_fields = ["name"]
+    default_order_by = "name"
+
+    def get_queryset(self, request):
+        return Workspace.objects.filter(template__isnull=True)
+
+    @extend_schema(
+        tags=["Admin"],
+        operation_id="admin_list_workspaces_as_options",
+        description=(
+            "Lists all workspaces. This endpoint is intended for admin-level "
+            "features that need a workspace dropdown."
+        ),
+        **APIListingView.get_extend_schema_parameters(
+            "workspaces", serializer_class, search_fields, {}
+        ),
+    )
+    def get(self, request):
+        return super().get(request)
+
+
 class WorkspaceAdminView(APIView):
     permission_classes = (IsAdminUser,)
 

backend/src/baserow/contrib/database/locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-03-16 14:50+0000\n"
+"POT-Creation-Date: 2026-03-16 21:52+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

backend/src/baserow/core/locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-03-16 14:50+0000\n"
+"POT-Creation-Date: 2026-03-16 21:52+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

backend/src/baserow/locale/en/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2026-03-16 14:50+0000\n"
+"POT-Creation-Date: 2026-03-16 21:52+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -205,20 +205,24 @@ msgstr ""
 msgid "Widget \"%(widget_title)s\" (%(widget_id)s) deleted"
 msgstr ""
 
-#: src/baserow/contrib/integrations/core/service_types.py:1067
+#: src/baserow/contrib/integrations/core/service_types.py:1062
 msgid "Branch taken"
 msgstr ""
 
-#: src/baserow/contrib/integrations/core/service_types.py:1072
+#: src/baserow/contrib/integrations/core/service_types.py:1067
 msgid "Label"
 msgstr ""
 
-#: src/baserow/contrib/integrations/core/service_types.py:1074
+#: src/baserow/contrib/integrations/core/service_types.py:1069
 msgid "The label of the branch that matched the condition."
 msgstr ""
 
-#: src/baserow/contrib/integrations/core/service_types.py:1418
-msgid "Triggered at"
+#: src/baserow/contrib/integrations/core/service_types.py:1438
+msgid "Previous scheduled run"
+msgstr ""
+
+#: src/baserow/contrib/integrations/core/service_types.py:1442
+msgid "Next scheduled run"
 msgstr ""
 
 #: src/baserow/contrib/integrations/local_baserow/service_types.py:1688

backend/tests/baserow/api/admin/groups/test_workspaces_admin_views.py

@@ -219,3 +219,159 @@ def test_cant_delete_template_workspace(api_client, data_fixture):
     assert response.status_code == HTTP_400_BAD_REQUEST
     assert response.json()["error"] == "ERROR_CANNOT_DELETE_A_TEMPLATE_GROUP"
     assert Workspace.objects.all().count() == 1
+
+
+@pytest.mark.django_db
+@override_settings(DEBUG=True)
+def test_non_admin_list_workspaces_as_options(api_client, data_fixture):
+    (
+        admin_user,
+        admin_token,
+    ) = data_fixture.create_user_and_token()
+
+    # no search query should return all workspaces
+    response = api_client.get(
+        reverse("api:admin:workspaces:options"),
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+@override_settings(DEBUG=True)
+def test_admin_list_workspaces_as_options(api_client, data_fixture):
+    (
+        admin_user,
+        admin_token,
+    ) = data_fixture.create_user_and_token(is_staff=True)
+    workspace_1 = data_fixture.create_workspace(name="workspace 1", user=admin_user)
+    workspace_2 = data_fixture.create_workspace(name="workspace 2", user=admin_user)
+
+    # no search query should return all workspaces
+    response = api_client.get(
+        reverse("api:admin:workspaces:options"),
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_200_OK
+    assert response.json() == {
+        "count": 2,
+        "next": None,
+        "previous": None,
+        "results": [
+            {"id": workspace_1.id, "value": workspace_1.name},
+            {"id": workspace_2.id, "value": workspace_2.name},
+        ],
+    }
+
+    # searching by name should return only the correct workspace
+    response = api_client.get(
+        reverse("api:admin:workspaces:options") + "?search=1",
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_200_OK
+    assert response.json() == {
+        "count": 1,
+        "next": None,
+        "previous": None,
+        "results": [{"id": workspace_1.id, "value": workspace_1.name}],
+    }
+
+
+@pytest.mark.django_db
+@override_settings(DEBUG=True)
+def test_admin_list_workspaces_as_options_filter_by_ids(api_client, data_fixture):
+    (
+        admin_user,
+        admin_token,
+    ) = data_fixture.create_user_and_token(is_staff=True)
+    workspace_1 = data_fixture.create_workspace(name="workspace 1", user=admin_user)
+    workspace_2 = data_fixture.create_workspace(name="workspace 2", user=admin_user)
+    data_fixture.create_workspace(name="workspace 3", user=admin_user)
+
+    # filtering by a single id should return only that workspace
+    response = api_client.get(
+        reverse("api:admin:workspaces:options") + f"?ids={workspace_1.id}",
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_200_OK
+    assert response.json() == {
+        "count": 1,
+        "next": None,
+        "previous": None,
+        "results": [{"id": workspace_1.id, "value": workspace_1.name}],
+    }
+
+    # filtering by multiple ids should return all matching workspaces
+    response = api_client.get(
+        reverse("api:admin:workspaces:options")
+        + f"?ids={workspace_1.id},{workspace_2.id}",
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_200_OK
+    assert response.json() == {
+        "count": 2,
+        "next": None,
+        "previous": None,
+        "results": [
+            {"id": workspace_1.id, "value": workspace_1.name},
+            {"id": workspace_2.id, "value": workspace_2.name},
+        ],
+    }
+
+
+@pytest.mark.django_db
+@override_settings(DEBUG=True)
+def test_admin_list_workspaces_as_options_filter_by_invalid_ids(
+    api_client, data_fixture
+):
+    _, admin_token = data_fixture.create_user_and_token(is_staff=True)
+
+    # Negative IDs should be rejected.
+    response = api_client.get(
+        reverse("api:admin:workspaces:options") + "?ids=-1",
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_400_BAD_REQUEST
+    assert response.json()["error"] == "ERROR_QUERY_PARAMETER_VALIDATION"
+    assert response.json()["detail"]["ids"] == [
+        {
+            "code": "invalid",
+            "error": "'-1' is not a valid ID. Only positive integers are accepted.",
+        }
+    ]
+
+    # Non-numeric values should be rejected.
+    response = api_client.get(
+        reverse("api:admin:workspaces:options") + "?ids=abc",
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_400_BAD_REQUEST
+    assert response.json()["error"] == "ERROR_QUERY_PARAMETER_VALIDATION"
+    assert response.json()["detail"]["ids"] == [
+        {
+            "code": "invalid",
+            "error": "'abc' is not a valid ID. Only positive integers are accepted.",
+        }
+    ]
+
+    # A mix of valid and invalid values should still be rejected.
+    response = api_client.get(
+        reverse("api:admin:workspaces:options") + "?ids=1,-2,3",
+        format="json",
+        HTTP_AUTHORIZATION=f"JWT {admin_token}",
+    )
+    assert response.status_code == HTTP_400_BAD_REQUEST
+    assert response.json()["error"] == "ERROR_QUERY_PARAMETER_VALIDATION"
+    assert response.json()["detail"]["ids"] == [
+        {
+            "code": "invalid",
+            "error": "'-2' is not a valid ID. Only positive integers are accepted.",
+        }
+    ]

changelog/entries/unreleased/feature/data_scanner.json

@@ -0,0 +1,9 @@
+{
+  "type": "feature",
+  "message": "Add instace wide data scanner.",
+  "issue_origin": "github",
+  "issue_number": null,
+  "domain": "database",
+  "bullet_points": [],
+  "created_at": "2026-03-16"
+}

enterprise/backend/pytest.ini

@@ -3,5 +3,6 @@ DJANGO_SETTINGS_MODULE = baserow.config.settings.test
 python_files = test_*.py
 markers =
     eval: mark test as an eval test (requires LLM API key)
+    data_scanner: mark test as a data scanner test
 env =
     DJANGO_SETTINGS_MODULE = baserow.config.settings.test