Make chain filters viewable when collection permissions allow it (#28581)
* Adds tests for chain filters security issue * add another test * Users with collection permissions can view chained filters for dashboard - this obeys sandboxing * Users with collection access should be allowed to view chain filters * add test + fix case for block filters * check with premium features * check premium features + revert with-premium-features in tests * remove block check * respond to review comments * ensure data-perms are there + check blocked * rewrite e2e test so that it actually tests chain filters * properly toggle linked filters on - don't use random classes, etc * rename *param-values-query* dynamic var * update chain-filter docstring * token-features should still be private
Showing
- enterprise/backend/test/metabase_enterprise/sandbox/api/dashboard_test.clj 14 additions, 10 deletions...d/test/metabase_enterprise/sandbox/api/dashboard_test.clj
- frontend/test/metabase/scenarios/dashboard-filters/reproductions/16112-nodata-should-use-dashboard-filters.cy.spec.js 24 additions, 8 deletions...ions/16112-nodata-should-use-dashboard-filters.cy.spec.js
- frontend/test/metabase/scenarios/dashboard/dashboard_data_permissions.cy.spec.js 17 additions, 1 deletion...scenarios/dashboard/dashboard_data_permissions.cy.spec.js
- src/metabase/api/dashboard.clj 16 additions, 17 deletionssrc/metabase/api/dashboard.clj
- src/metabase/api/field.clj 1 addition, 2 deletionssrc/metabase/api/field.clj
- src/metabase/models/params/custom_values.clj 4 additions, 4 deletionssrc/metabase/models/params/custom_values.clj
- src/metabase/query_processor/middleware/permissions.clj 17 additions, 3 deletionssrc/metabase/query_processor/middleware/permissions.clj
- test/metabase/api/dashboard_test.clj 40 additions, 5 deletionstest/metabase/api/dashboard_test.clj
Loading
Please register or sign in to comment