'All Users' greater permissions warning tooltip

c6d127a7 · Tom Robinson · 7e173ab7 · c6d127a7 · c6d127a7
Unverified Commit c6d127a7 authored 8 years ago by Tom Robinson
--- a/frontend/src/metabase/admin/permissions/components/PermissionsGrid.jsx
+++ b/frontend/src/metabase/admin/permissions/components/PermissionsGrid.jsx
@@ -161,6 +161,7 @@ class GroupPermissionCell extends Component {

        const value = permission.getter(group.id, entity.id);
        const options = permission.options(group.id, entity.id);
+        const warning = permission.warning && permission.warning(group.id, entity.id);

        let isEditable = this.props.isEditable && options.filter(option => option !== value).length > 0;

@@ -173,7 +174,7 @@ class GroupPermissionCell extends Component {
                        <Tooltip tooltip={getOptionUi(value).tooltip}>
                            <div
                                className={cx(
-                                    'flex-full flex layout-centered',
+                                    'flex-full flex layout-centered relative',
                                    { 'cursor-pointer' : isEditable }
                                )}
                                style={{
@@ -198,6 +199,13 @@ class GroupPermissionCell extends Component {
                                        />
                                    </Modal>
                                }
+                                { warning &&
+                                    <div className="absolute top right p1">
+                                        <Tooltip tooltip={warning} maxWidth="24em">
+                                            <Icon name="warning2" className="text-slate" />
+                                        </Tooltip>
+                                    </div>
+                                }
                            </div>
                        </Tooltip>
                   }

--- a/frontend/src/metabase/admin/permissions/selectors.js
+++ b/frontend/src/metabase/admin/permissions/selectors.js
@@ -76,6 +76,12 @@ export const getIsDirty = createSelector(

 export const getSaveError = (state) => state.permissions.saveError;

+const DEFAULT_PERMISSIONS_WARNING = "The All Users group has a higher level of access than this, which is overriding this setting. You should limit or revoke the All Users group's access to this item."
+
+function hasGreaterPermissions(a, b, levels = ["all", "controlled", "none"]) {
+    return (levels.indexOf(a) - levels.indexOf(b)) > 0
+}
+
 export const getTablesPermissionsGrid = createSelector(
    getMetadata, getGroups, getPermissions, getDatabaseId, getSchemaName,
    (metadata: Metadata, groups: Array<Group>, permissions: GroupsPermissions, databaseId: DatabaseId, schemaName: SchemaName) => {
@@ -86,6 +92,7 @@ export const getTablesPermissionsGrid = createSelector(
        }

        const tables = database.tablesInSchema(schemaName || null);
+        const defaultGroupId = _.find(groups, isDefaultGroup).id;

        return {
            type: "table",
@@ -116,6 +123,11 @@ export const getTablesPermissionsGrid = createSelector(
                                title: "Changing this database to limited access"
                            };
                        }
+                    },
+                    warning(groupId, entityId) {
+                        if (hasGreaterPermissions(getTablesPermission(permissions, groupId, entityId), getTablesPermission(permissions, defaultGroupId, entityId))) {
+                            return DEFAULT_PERMISSIONS_WARNING;
+                        }
                    }
                }
            },
@@ -142,6 +154,7 @@ export const getSchemasPermissionsGrid = createSelector(
        }

        const schemaNames = database.schemaNames();
+        const defaultGroupId = _.find(groups, isDefaultGroup).id;

        return {
            type: "schema",
@@ -173,6 +186,11 @@ export const getSchemasPermissionsGrid = createSelector(
                                title: "Changing this database to limited access"
                            };
                        }
+                    },
+                    warning(groupId, entityId) {
+                        if (hasGreaterPermissions(getTablesPermission(permissions, groupId, entityId), getTablesPermission(permissions, defaultGroupId, entityId))) {
+                            return DEFAULT_PERMISSIONS_WARNING;
+                        }
                    }
                }
            },
@@ -196,6 +214,7 @@ export const getDatabasesPermissionsGrid = createSelector(
        }

        const databases = metadata.databases();
+        const defaultGroupId = _.find(groups, isDefaultGroup).id;

        return {
            type: "database",
@@ -225,6 +244,11 @@ export const getDatabasesPermissionsGrid = createSelector(
                            }
                        }
                    },
+                    warning(groupId, entityId) {
+                        if (hasGreaterPermissions(getSchemasPermission(permissions, groupId, entityId), getSchemasPermission(permissions, defaultGroupId, entityId))) {
+                            return DEFAULT_PERMISSIONS_WARNING;
+                        }
+                    }
                },
                "native": {
                    options(groupId, entityId) {
@@ -251,6 +275,11 @@ export const getDatabasesPermissionsGrid = createSelector(
                                message: "This will also change this group's data access to Unrestricted for this database."
                            };
                        }
+                    },
+                    warning(groupId, entityId) {
+                        if (hasGreaterPermissions(getNativePermission(permissions, groupId, entityId), getNativePermission(permissions, defaultGroupId, entityId), ["write", "read", "none"])) {
+                            return DEFAULT_PERMISSIONS_WARNING;
+                        }
                    }
                },
            },