Check can_write() on upload db, e2e test (#32400)

* Check can_write() on upload db, e2e test * test change * simplifying e2e test

Check can_write() on upload db, e2e test (#32400)
3623fe9c · Nick Fitzpatrick · GitHub · 09590ce3 · 3623fe9c · 3623fe9c
Unverified Commit 3623fe9c authored 1 year ago by Nick Fitzpatrick Committed by GitHub 1 year ago
--- a/e2e/test/scenarios/collections/uploads.cy.spec.js
+++ b/e2e/test/scenarios/collections/uploads.cy.spec.js
@@ -7,6 +7,7 @@ import {
  expectNoBadSnowplowEvents,
  resetSnowplow,
  enableTracking,
+  setTokenFeatures,
 } from "e2e/support/helpers";

 import { WRITABLE_DB_ID } from "e2e/support/cypress_data";
@@ -161,6 +162,51 @@ describeWithSnowplow(
  },
 );

+describe("permissions", () => {
+  it("should not snow you upload buttons if you are a sandboxed user", () => {
+    restore("postgres-12");
+    cy.signInAsAdmin();
+
+    setTokenFeatures("all");
+    enableUploads("postgres");
+
+    //Deny access for all users to wriable DB
+    cy.updatePermissionsGraph({
+      1: {
+        [WRITABLE_DB_ID]: {
+          data: {
+            schemas: "block",
+          },
+        },
+      },
+    });
+
+    cy.request("GET", `/api/database/${WRITABLE_DB_ID}/schema/public`).then(
+      ({ body: tables }) => {
+        cy.request("GET", `/api/database/${WRITABLE_DB_ID}/fields`).then(
+          ({ body: fields }) => {
+            // Sandbox a table so that the sandboxed user will have read access to a table
+            cy.sandboxTable({
+              table_id: tables[0].id,
+              attribute_remappings: {
+                attr_uid: ["dimension", ["field", fields[0].id, null]],
+              },
+            });
+          },
+        );
+      },
+    );
+
+    cy.signInAsSandboxedUser();
+    cy.visit("/collection/root");
+    // No upload icon should appear for the sandboxed user
+    cy.findByTestId("collection-menu").within(() => {
+      cy.get(".Icon-calendar").should("exist");
+      cy.findByLabelText("Upload data").should("not.exist");
+    });
+  });
+});
+
 function uploadFile(testFile, valid = true) {
  cy.get("@collectionId").then(collectionId =>
    cy.visit(`/collection/${collectionId}`),

--- a/frontend/src/metabase/collections/containers/CollectionContent.jsx
+++ b/frontend/src/metabase/collections/containers/CollectionContent.jsx
@@ -60,9 +60,11 @@ function mapStateToProps(state, props) {
  const canAccessUploadsDb =
    uploadsEnabled &&
    uploadDbId &&
-    !!Databases.selectors.getObject(state, {
-      entityId: uploadDbId,
-    });
+    Databases.selectors
+      .getObject(state, {
+        entityId: uploadDbId,
+      })
+      ?.canWrite();

  return {
    isAdmin: getUserIsAdmin(state),