display warning that native query access is restricted if a table or schema is...

display warning that native query access is restricted if a table or schema is set to blocked (#47630)

display warning that native query access is restricted if a table or schema is...
0cab39b6 · Sloan Sparger · GitHub · 0857356d · 0cab39b6 · 0cab39b6
Unverified Commit 0cab39b6 authored 6 months ago by Sloan Sparger Committed by GitHub 6 months ago
--- a/e2e/test/scenarios/permissions/view-data.cy.spec.js
+++ b/e2e/test/scenarios/permissions/view-data.cy.spec.js
@@ -58,6 +58,20 @@ describeEE("scenarios > admin > permissions > view data > blocked", () => {
      assertPermissionForItem(g, DOWNLOAD_PERM_IDX, "No", true);
    });

+    cy.log(
+      "assert that user properly sees native query warning related to table level blocking",
+    );
+    getPermissionRowPermissions("All Users")
+      .eq(DATA_ACCESS_PERM_IDX)
+      .findByLabelText("warning icon")
+      .realHover();
+
+    cy.findByRole("tooltip")
+      .findByText(
+        /Users in groups with Blocked on a table can't view native queries on this database/,
+      )
+      .should("exist");
+
    cy.visit(`/admin/permissions/data/database/${SAMPLE_DB_ID}`); // database level

    assertPermissionForItem(g, DATA_ACCESS_PERM_IDX, "Granular", false);

--- a/frontend/src/metabase/admin/permissions/selectors/confirmations.tsx
+++ b/frontend/src/metabase/admin/permissions/selectors/confirmations.tsx
@@ -90,6 +90,24 @@ export function getPermissionWarning(
  return null;
 }

+export function getTableBlockWarning(
+  dbValue: DataPermissionValue,
+  schemaValue: DataPermissionValue,
+  tableValue?: DataPermissionValue,
+) {
+  if (dbValue === DataPermissionValue.BLOCKED) {
+    return;
+  }
+
+  if (schemaValue === DataPermissionValue.BLOCKED) {
+    return t`Users in groups with Blocked on a schema can't view native queries on this database.`;
+  }
+
+  if (tableValue === DataPermissionValue.BLOCKED) {
+    return t`Users in groups with Blocked on a table can't view native queries on this database.`;
+  }
+}
+
 function getEntityTypeFromId(entityId: EntityId): [string, string] {
  return isTableEntityId(entityId)
    ? [t`table`, t`tables`]

--- a/frontend/src/metabase/admin/permissions/selectors/data-permissions/fields.ts
+++ b/frontend/src/metabase/admin/permissions/selectors/data-permissions/fields.ts
@@ -3,6 +3,7 @@ import _ from "underscore";
 import { getNativePermissionDisabledTooltip } from "metabase/admin/permissions/selectors/data-permissions/shared";
 import {
  getFieldsPermission,
+  getSchemasPermission,
  getTablesPermission,
 } from "metabase/admin/permissions/utils/graph";
 import {
@@ -28,6 +29,7 @@ import {
  getPermissionWarning,
  getPermissionWarningModal,
  getRevokingAccessToAllTablesWarningModal,
+  getTableBlockWarning,
  getWillRevokeNativeAccessWarningModal,
 } from "../confirmations";

@@ -53,6 +55,7 @@ const buildAccessPermission = (
    entityId,
    DataPermission.VIEW_DATA,
  );
+
  const defaultGroupValue = getFieldsPermission(
    permissions,
    defaultGroup.id,
@@ -60,7 +63,21 @@ const buildAccessPermission = (
    DataPermission.VIEW_DATA,
  );

-  const warning = getPermissionWarning(
+  const dbValue = getSchemasPermission(
+    originalPermissions,
+    groupId,
+    entityId,
+    DataPermission.VIEW_DATA,
+  );
+
+  const schemaValue = getTablesPermission(
+    originalPermissions,
+    groupId,
+    entityId,
+    DataPermission.VIEW_DATA,
+  );
+
+  const permissionWarning = getPermissionWarning(
    value,
    defaultGroupValue,
    "fields",
@@ -68,6 +85,10 @@ const buildAccessPermission = (
    groupId,
  );

+  const blockWarning = getTableBlockWarning(dbValue, schemaValue, value);
+
+  const warning = permissionWarning || blockWarning;
+
  const confirmations = (newValue: DataPermissionValue) => [
    getPermissionWarningModal(
      newValue,

--- a/frontend/src/metabase/admin/permissions/selectors/data-permissions/tables.ts
+++ b/frontend/src/metabase/admin/permissions/selectors/data-permissions/tables.ts
@@ -25,6 +25,7 @@ import {
 import {
  getPermissionWarning,
  getPermissionWarningModal,
+  getTableBlockWarning,
  getViewDataPermissionsTooRestrictiveWarningModal,
  getWillRevokeNativeAccessWarningModal,
 } from "../confirmations";
@@ -58,7 +59,14 @@ const buildAccessPermission = (
    DataPermission.VIEW_DATA,
  );

-  const warning = getPermissionWarning(
+  const dbValue = getSchemasPermission(
+    originalPermissions,
+    groupId,
+    entityId,
+    DataPermission.VIEW_DATA,
+  );
+
+  const permissionWarning = getPermissionWarning(
    value,
    defaultGroupValue,
    "tables",
@@ -66,6 +74,10 @@ const buildAccessPermission = (
    groupId,
  );

+  const blockWarning = getTableBlockWarning(dbValue, value);
+
+  const warning = permissionWarning || blockWarning;
+
  const confirmations = (newValue: DataPermissionValue) => [
    getPermissionWarningModal(
      newValue,