Remove permission path validation from specific functions to preserve downgradability (#21040)

dd854970 · Noah Moss · GitHub · 2f822f05 · dd854970 · dd854970
Unverified Commit dd854970 authored 3 years ago by Noah Moss Committed by GitHub 3 years ago
--- a/src/metabase/models/collection.clj
+++ b/src/metabase/models/collection.clj
@@ -245,7 +245,7 @@
  Because the result may include `nil` for the Root Collection, or may be `:all`, MAKE SURE YOU HANDLE THOSE
  SITUATIONS CORRECTLY before using these IDs to make a DB call. Better yet, use
  [[visible-collection-ids->honeysql-filter-clause]] to generate appropriate HoneySQL."
-  [permissions-set :- #{perms/Path}]
+  [permissions-set]
  (if (contains? permissions-set "/")
    :all
    (set

--- a/src/metabase/models/permissions.clj
+++ b/src/metabase/models/permissions.clj
@@ -477,18 +477,18 @@

 (s/defn set-has-full-permissions-for-set? :- s/Bool
  "Do the permissions paths in `permissions-set` grant *full* access to all the object paths in `paths-set`?"
-  [permissions-set :- #{Path} paths-set :- #{Path}]
+  [permissions-set paths-set]
  (every? (partial set-has-full-permissions? permissions-set)
          paths-set))

 (s/defn set-has-partial-permissions-for-set? :- s/Bool
  "Do the permissions paths in `permissions-set` grant *partial* access to all the object paths in `paths-set`?
   (`permissions-set` must grant partial access to *every* object in `paths-set` set)."
-  [permissions-set :- #{Path}, paths-set :- #{Path}]
+  [permissions-set paths-set]
  (every? (partial set-has-partial-permissions? permissions-set)
          paths-set))

-(s/defn perms-objects-set-for-parent-collection :- #{Path}
+(s/defn perms-objects-set-for-parent-collection
  "Implementation of `IModel` `perms-objects-set` for models with a `collection_id`, such as Card, Dashboard, or Pulse.
  This simply returns the `perms-objects-set` of the parent Collection (based on `collection_id`) or for the Root
  Collection if `collection_id` is `nil`."

--- a/test/metabase/models/permissions_test.clj
+++ b/test/metabase/models/permissions_test.clj
@@ -463,18 +463,7 @@
          [perms paths] inputs]
    (testing (pr-str (list 'set-has-full-permissions-for-set? perms paths))
      (is (= expected
-             (perms/set-has-full-permissions-for-set? perms paths)))))
-
-  (testing "If either set is invalid, it should throw an exception"
-    (doseq [[perms paths] [[#{"/" "/toucans/"}           #{"/db/1/"}]
-                           [#{"/db/1/" "//"}             #{"/db/1/"}]
-                           [#{"/db/1/table/2/" "/db/1/"} #{"/db/1/"}]
-                           [#{"/db/1/"}                  #{"/db/1/native/schema/"}]
-                           [#{"/db/1/"}                  #{"/db/1/schema/public/" "/kanye/"}]
-                           [#{"/db/1/"}                  #{"/ocean/" "/db/1/schema/public/table/1/"}]]]
-      (is (thrown?
-           clojure.lang.ExceptionInfo
-           (perms/set-has-full-permissions-for-set? perms paths))))))
+             (perms/set-has-full-permissions-for-set? perms paths))))))


 ;;; -------------------------------------- set-has-partial-permissions-for-set? --------------------------------------