Skip to content
Snippets Groups Projects
Unverified Commit 5dee3b82 authored by Cal Herries's avatar Cal Herries Committed by GitHub
Browse files

Fix missing permissions for sample DB (#41724)

parent 3a7d5775
No related branches found
No related tags found
No related merge requests found
......@@ -51,6 +51,42 @@
:created_at #t "2024-04-11T12:41:25.429317Z",
:public_uuid nil,
:points_of_interest nil}),
:data_permissions
({:id 1,
:group_id 1,
:perm_type "perms/view-data",
:db_id 1,
:schema_name nil,
:table_id nil,
:perm_value "unrestricted"}
{:id 2,
:group_id 1,
:perm_type "perms/create-queries",
:db_id 1,
:schema_name nil,
:table_id nil,
:perm_value "query-builder-and-native"}
{:id 3,
:group_id 1,
:perm_type "perms/download-results",
:db_id 1,
:schema_name nil,
:table_id nil,
:perm_value "one-million-rows"}
{:id 4,
:group_id 1,
:perm_type "perms/manage-table-metadata",
:db_id 1,
:schema_name nil,
:table_id nil,
:perm_value "no"}
{:id 5,
:group_id 1,
:perm_type "perms/manage-database",
:db_id 1,
:schema_name nil,
:table_id nil,
:perm_value "no"}),
:metabase_table
({:description
"Piespace does some anonymous analytics tracking on how users interact with their platform. They’ve only had time to implement a few events, but you know how it is. Pies come first.",
......
......@@ -1199,12 +1199,15 @@
:report_dashboard
:dashboard_tab
:report_dashboardcard
:dashboardcard_series]]
:dashboardcard_series
:permissions_group
:data_permissions]]
(when-let [values (seq (table-name->rows table-name))]
(t2/query {:insert-into table-name :values values})))
(t2/query {:insert-into :permissions
:values [{:object (format "/collection/%s/" example-collection-id)
:group_id (:id (t2/query-one {:select :id :from :permissions_group :where [:= :name "All Users"]}))}]})
(let [group-id (:id (t2/query-one {:select :id :from :permissions_group :where [:= :name "All Users"]}))]
(t2/query {:insert-into :permissions
:values [{:object (format "/collection/%s/" example-collection-id)
:group_id group-id}]}))
(t2/query {:insert-into :setting
:values [{:key "example-dashboard-id"
:value (str example-dashboard-id)}]})))))))
......@@ -1230,7 +1233,8 @@
:report_card
:parameter_card
:dashboard_tab
:dashboardcard_series]
:dashboardcard_series
:data_permissions]
:let [query (cond-> {:select [:*] :from table-name}
(= table-name :collection) (assoc :where [:and
[:= :namespace nil] ; excludes the analytics namespace
......
......@@ -57,13 +57,7 @@
(mdb/setup-db! :create-sample-content? true)
(testing "The example-dashboard-id setting should be set if the example content is loaded"
(is (= 1
(public-settings/example-dashboard-id))))
(testing "Rasta (as a member of 'All Users') should have sufficient privileges to edit the example content"
(mt/with-current-user (mt/user->id :rasta)
(let [dashboard (t2/select-one :model/Dashboard (public-settings/example-dashboard-id))
collection (t2/select-one :model/Collection (:collection_id dashboard))]
(mi/can-write? dashboard)
(mi/can-write? collection)))))
(public-settings/example-dashboard-id)))))
(testing "The example-dashboard-id setting should be nil if the example content isn't loaded"
(mt/with-temp-empty-app-db [_conn :h2]
(mdb/setup-db! :create-sample-content? false)
......@@ -75,3 +69,31 @@
(public-settings/example-dashboard-id)))
(t2/update! :model/Dashboard 1 {:archived true})
(is (nil? (public-settings/example-dashboard-id))))))
(deftest sample-content-permissions-test
(mt/with-temp-empty-app-db [_conn :h2]
(mdb/setup-db! :create-sample-content? true)
(let [dashboard (t2/select-one :model/Dashboard :creator_id config/internal-mb-user-id)
collection (t2/select-one :model/Collection (:collection_id dashboard))
card (t2/select-one :model/Card :creator_id config/internal-mb-user-id)]
(testing "Rasta (as a member of 'All Users') should have sufficient privileges to edit the example content"
(mt/with-current-user (mt/user->id :rasta)
(is (true? (mi/can-write? dashboard)))
(is (true? (mi/can-write? card)))
(is (true? (mi/can-write? collection))))))
(let [sample-db (t2/select-one :model/Database :is_sample true)
sample-db-table (t2/select-one :model/Table :db_id (:id sample-db))
sample-db-field (t2/select-one :model/Field :table_id (:id sample-db-table))]
(testing "Rasta (as a member of 'All Users') should have read but not write privileges to the sample database"
(mt/with-current-user (mt/user->id :rasta)
(is (true? (mi/can-read? sample-db)))
(is (true? (mi/can-read? sample-db-table)))
(is (true? (mi/can-read? sample-db-field)))
(is (false? (mi/can-write? sample-db)))
(is (false? (mi/can-write? sample-db-table)))
(is (false? (mi/can-write? sample-db-field)))))
(testing "Crowberto (as an admin member of 'All Users') should have write privileges to the sample database"
(mt/with-current-user (mt/user->id :crowberto)
(is (true? (mi/can-write? sample-db)))
(is (true? (mi/can-write? sample-db-table)))
(is (true? (mi/can-write? sample-db-field))))))))
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment