Skip to content
Snippets Groups Projects
Normal view Permalink
index.js 5.05 KiB
Newer Older
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
1 
import { push } from "react-router-redux";
Kamil Mielnik's avatar
RFC 70 - Automate sorting imports (#33883)  
Kamil Mielnik committed
2 
import { t } from "ttag";
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
3
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
4 
import { DataPermissionValue } from "metabase/admin/permissions/types";
Kamil Mielnik's avatar
RFC 70 - Automate sorting imports (#33883)  
Kamil Mielnik committed
5 6 7 8 
import {
  getDatabaseFocusPermissionsUrl,
  getGroupFocusPermissionsUrl,
} from "metabase/admin/permissions/utils/urls";
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
9 10 11 12 13 
import { ModalRoute } from "metabase/hoc/ModalRoute";
import {
  PLUGIN_REDUCERS,
  PLUGIN_ADVANCED_PERMISSIONS,
  PLUGIN_ADMIN_PERMISSIONS_DATABASE_ROUTES,
github-automation-metabase's avatar
resolves conflicts (#46988)  
github-automation-metabase committed
14 15 
  PLUGIN_ADMIN_PERMISSIONS_TABLE_OPTIONS,
  PLUGIN_ADMIN_PERMISSIONS_TABLE_FIELDS_OPTIONS,
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
16 17 18 19 20 
  PLUGIN_ADMIN_PERMISSIONS_DATABASE_POST_ACTIONS,
  PLUGIN_ADMIN_PERMISSIONS_DATABASE_GROUP_ROUTES,
  PLUGIN_DATA_PERMISSIONS,
  PLUGIN_ADMIN_PERMISSIONS_DATABASE_ACTIONS,
} from "metabase/plugins";
Kamil Mielnik's avatar
RFC 70 - Automate sorting imports (#33883)  
Kamil Mielnik committed
21 22 
import { hasPremiumFeature } from "metabase-enterprise/settings";
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
23 
import { ImpersonationModal } from "./components/ImpersonationModal";
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
24 25 26 27 
import {
  upgradeViewPermissionsIfNeeded,
  shouldRestrictNativeQueryPermissions,
} from "./graph";
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
28 29 30 31 32 
import { getImpersonatedPostAction, advancedPermissionsSlice } from "./reducer";
import { getImpersonations } from "./selectors";

const IMPERSONATED_PERMISSION_OPTION = {
  label: t`Impersonated`,
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
33 
  value: DataPermissionValue.IMPERSONATED,
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
34 35 36 
  icon: "database",
  iconColor: "warning",
};
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
37 38 

const BLOCK_PERMISSION_OPTION = {
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
39 40 
  label: t`Blocked`,
  value: DataPermissionValue.BLOCKED,
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
41 42 43 44 45 
  icon: "close",
  iconColor: "danger",
};

if (hasPremiumFeature("advanced_permissions")) {
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
46 
  const addSelectedAdvancedPermission = (options, value) => {
github-automation-metabase's avatar
resolves conflicts (#46988)  
github-automation-metabase committed
47 48 
    if (value === IMPERSONATED_PERMISSION_OPTION.value) {
      return [...options, IMPERSONATED_PERMISSION_OPTION];
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
49 50 51 52 
    }

    return options;
  };
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
53
github-automation-metabase's avatar
resolves conflicts (#46988)  
github-automation-metabase committed
54 55 56 
  PLUGIN_ADMIN_PERMISSIONS_TABLE_OPTIONS.push(BLOCK_PERMISSION_OPTION);
  PLUGIN_ADMIN_PERMISSIONS_TABLE_FIELDS_OPTIONS.push(BLOCK_PERMISSION_OPTION);
Ryan Laurie's avatar
Update Prettier to v2.7.1 (#23737)  
Ryan Laurie committed
57 
  PLUGIN_ADVANCED_PERMISSIONS.addTablePermissionOptions =
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
58 
    addSelectedAdvancedPermission;
Ryan Laurie's avatar
Update Prettier to v2.7.1 (#23737)  
Ryan Laurie committed
59 
  PLUGIN_ADVANCED_PERMISSIONS.addSchemaPermissionOptions =
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
60 61 62 63 64 
    addSelectedAdvancedPermission;
  PLUGIN_ADVANCED_PERMISSIONS.addDatabasePermissionOptions = (
    options,
    database,
  ) => [
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
65 
    ...options,
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
66 67 68 
    ...(database.hasFeature("connection-impersonation")
      ? [IMPERSONATED_PERMISSION_OPTION]
      : []),
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
69 70 
    BLOCK_PERMISSION_OPTION,
  ];
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 

  PLUGIN_ADMIN_PERMISSIONS_DATABASE_ROUTES.push(
    <ModalRoute
      key="impersonated/group/:groupId"
      path="impersonated/group/:groupId"
      modal={ImpersonationModal}
    />,
  );

  PLUGIN_ADMIN_PERMISSIONS_DATABASE_GROUP_ROUTES.push(
    <ModalRoute
      key="impersonated/database/:impersonatedDatabaseId"
      path="impersonated/database/:impersonatedDatabaseId"
      modal={ImpersonationModal}
    />,
  );
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
88 89 
  PLUGIN_ADVANCED_PERMISSIONS.isBlockPermission = value =>
    value === BLOCK_PERMISSION_OPTION.value;
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
90
Aleksandr Lesnenko's avatar
impersonatied FE fixes (#32025)  
Aleksandr Lesnenko committed
91 
  PLUGIN_ADVANCED_PERMISSIONS.getDatabaseLimitedAccessPermission = value => {
github-automation-metabase's avatar
resolves conflicts (#46988)  
github-automation-metabase committed
92 
    if (value === IMPERSONATED_PERMISSION_OPTION.value) {
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
93 
      return DataPermissionValue.UNRESTRICTED;
Aleksandr Lesnenko's avatar
impersonatied FE fixes (#32025)  
Aleksandr Lesnenko committed
94 95 96 97 
    }

    return null;
  };
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
98 
  PLUGIN_ADVANCED_PERMISSIONS.isAccessPermissionDisabled = (value, subject) => {
github-automation-metabase's avatar
resolves conflicts (#46988)  
github-automation-metabase committed
99 100 101 102 103 
    if (subject === "tables" || subject === "fields") {
      return value === DataPermissionValue.IMPERSONATED;
    } else {
      return false;
    }
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
104 105 
  };
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
106 107 108 109 110 111 112 113 114 115 116 117 
  PLUGIN_ADVANCED_PERMISSIONS.isRestrictivePermission = value => {
    return value === DataPermissionValue.BLOCKED;
  };

  PLUGIN_ADVANCED_PERMISSIONS.shouldShowViewDataColumn = true;

  PLUGIN_ADVANCED_PERMISSIONS.defaultViewDataPermission =
    DataPermissionValue.BLOCKED;

  PLUGIN_ADMIN_PERMISSIONS_DATABASE_POST_ACTIONS[
    DataPermissionValue.IMPERSONATED
  ] = getImpersonatedPostAction;
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
118 119 120 

  PLUGIN_REDUCERS.advancedPermissionsPlugin = advancedPermissionsSlice.reducer;
github-automation-metabase's avatar
Performance: partial data-permissions graph refactor (#44795) (#45056)  
github-automation-metabase committed
121 122 123 124 125 126 127 
  PLUGIN_DATA_PERMISSIONS.permissionsPayloadExtraSelectors.push(
    (state, data) => {
      const impersonations = getImpersonations(state);
      const impersonationGroupIds = impersonations.map(i => `${i.group_id}`);
      return [{ impersonations }, impersonationGroupIds];
    },
  );
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
128 129 130 131 132 

  PLUGIN_DATA_PERMISSIONS.hasChanges.push(
    state => getImpersonations(state).length > 0,
  );
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
133 134 135 
  PLUGIN_ADMIN_PERMISSIONS_DATABASE_ACTIONS[
    DataPermissionValue.IMPERSONATED
  ].push({
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
136 137 138 139 140 141 142 
    label: t`Edit Impersonated`,
    iconColor: "warning",
    icon: "database",
    actionCreator: (entityId, groupId, view) =>
      push(getEditImpersonationUrl(entityId, groupId, view)),
  });
Noah Moss's avatar
[Feature branch] Split data access and query builder access (#41581)  
Noah Moss committed
143 144 145 146 147 
  PLUGIN_DATA_PERMISSIONS.upgradeViewPermissionsIfNeeded =
    upgradeViewPermissionsIfNeeded;

  PLUGIN_DATA_PERMISSIONS.shouldRestrictNativeQueryPermissions =
    shouldRestrictNativeQueryPermissions;
Alexander Lesnenko's avatar
Move block permission under advanced permissions flag (#17927)
Alexander Lesnenko committed
148 
}
Aleksandr Lesnenko's avatar
Feature connection impersonation (#31730)  
Aleksandr Lesnenko committed
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 

const getDatabaseViewImpersonationModalUrl = (entityId, groupId) => {
  const baseUrl = getDatabaseFocusPermissionsUrl(entityId);
  return `${baseUrl}/impersonated/group/${groupId}`;
};

const getGroupViewImpersonationModalUrl = (entityId, groupId) => {
  const baseUrl = getGroupFocusPermissionsUrl(groupId);

  return `${baseUrl}/impersonated/database/${entityId.databaseId}`;
};

const getEditImpersonationUrl = (entityId, groupId, view) =>
  view === "database"
    ? getDatabaseViewImpersonationModalUrl(entityId, groupId)
    : getGroupViewImpersonationModalUrl(entityId, groupId);