diff --git a/e2e/support/commands/permissions/updatePermissions.ts b/e2e/support/commands/permissions/updatePermissions.ts
index b389d92d3fbe4de319cc2ff7bd11b03fb61c5f06..8f802cc12a0a037026eb48e9e0bcfa9c9c493a98 100644
--- a/e2e/support/commands/permissions/updatePermissions.ts
+++ b/e2e/support/commands/permissions/updatePermissions.ts
@@ -4,7 +4,7 @@ import type {
CollectionPermissionsGraph,
DatabaseId,
GroupId,
- GroupPermissions,
+ GroupsPermissions,
Impersonation,
PermissionsGraph,
SchemasPermissions,
@@ -29,7 +29,7 @@ declare global {
namespace Cypress {
interface Chainable {
updatePermissionsGraph(
- groupsPermissionsObject: GroupPermissions,
+ groupsPermissionsObject: GroupsPermissions,
impersonations?: Impersonation[],
): void;
updatePermissionsSchemas(options?: UpdatePermissionsSchemasParams): void;
@@ -57,7 +57,7 @@ const { COLLECTION_GROUP } = USER_GROUPS;
Cypress.Commands.add(
"updatePermissionsGraph",
(
- groupsPermissionsObject: GroupPermissions,
+ groupsPermissionsObject: GroupsPermissions,
impersonations?: Impersonation[],
) => {
cy.log("Fetch permissions graph");
diff --git a/e2e/test/scenarios/question/notebook-link-to-data-source.cy.spec.ts b/e2e/test/scenarios/question/notebook-link-to-data-source.cy.spec.ts
index 5e737139eaccfa6c265bc444e140c7e2e8c85c86..3fba17ff5d4b5d0c876af636346f572209599e1b 100644
--- a/e2e/test/scenarios/question/notebook-link-to-data-source.cy.spec.ts
+++ b/e2e/test/scenarios/question/notebook-link-to-data-source.cy.spec.ts
@@ -2,6 +2,7 @@ import { SAMPLE_DB_ID } from "e2e/support/cypress_data";
import { SAMPLE_DATABASE } from "e2e/support/cypress_sample_database";
import {
ADMIN_PERSONAL_COLLECTION_ID,
+ ALL_USERS_GROUP_ID,
ORDERS_COUNT_QUESTION_ID,
ORDERS_MODEL_ID,
} from "e2e/support/cypress_sample_instance_data";
@@ -13,17 +14,30 @@ import {
openReviewsTable,
popover,
restore,
+ setTokenFeatures,
tableInteractive,
visitModel,
visitQuestion,
visitQuestionAdhoc,
visualize,
+ describeEE,
type NativeQuestionDetails,
+ openProductsTable,
+ entityPickerModal,
+ entityPickerModalTab,
} from "e2e/support/helpers";
+import { DataPermissionValue } from "metabase/admin/permissions/types";
import { METAKEY } from "metabase/lib/browser";
-const { ORDERS, PRODUCTS_ID, REVIEWS, REVIEWS_ID, PEOPLE_ID, PRODUCTS } =
- SAMPLE_DATABASE;
+const {
+ ORDERS,
+ ORDERS_ID,
+ PRODUCTS_ID,
+ REVIEWS,
+ REVIEWS_ID,
+ PEOPLE_ID,
+ PRODUCTS,
+} = SAMPLE_DATABASE;
// https://docs.cypress.io/api/cypress-api/platform
const macOSX = Cypress.platform === "darwin";
@@ -471,6 +485,66 @@ describe("scenarios > notebook > link to data source", () => {
// cy.visit(`/question/${nestedQuestion.id}/notebook`);
});
});
+
+ describeEE("sandboxing", () => {
+ beforeEach(() => {
+ setTokenFeatures("all");
+
+ cy.updatePermissionsGraph({
+ [ALL_USERS_GROUP_ID]: {
+ [SAMPLE_DB_ID]: {
+ "view-data": DataPermissionValue.BLOCKED,
+ },
+ },
+ });
+
+ // @ts-expect-error - Non-trivial types in `sandboxTable` that should be addressed separately
+ cy.sandboxTable({
+ table_id: ORDERS_ID,
+ attribute_remappings: {
+ attr_uid: [
+ "dimension",
+ ["field", ORDERS.USER_ID, { "base-type": "type/Integer" }],
+ ],
+ },
+ });
+
+ cy.signInAsSandboxedUser();
+ });
+
+ it("should work for sandboxed users when opening a table/question/model", () => {
+ visitModel(ORDERS_MODEL_ID);
+ cy.findByTestId("question-row-count").should(
+ "have.text",
+ "Showing 11 rows",
+ );
+ openNotebook();
+ getNotebookStep("data").findByText("Orders Model").click(clickConfig);
+ cy.findByTestId("question-row-count").should(
+ "have.text",
+ "Showing 11 rows",
+ );
+ });
+
+ it("should work for sandboxed users when joined table is sandboxed", () => {
+ openProductsTable({ mode: "notebook" });
+ cy.findByTestId("action-buttons").button("Join data").click();
+ entityPickerModal().within(() => {
+ entityPickerModalTab("Tables").click();
+ cy.findByText("Orders").click();
+ });
+
+ getNotebookStep("join")
+ .findByLabelText("Right table")
+ .should("have.text", "Orders")
+ .click(clickConfig);
+
+ cy.findByTestId("question-row-count").should(
+ "have.text",
+ "Showing 11 rows",
+ );
+ });
+ });
});
context("joins", () => {