From eb16b9772bd1f0e0cc10dff6e018c217317df891 Mon Sep 17 00:00:00 2001
From: Cam Saul <cammsaul@gmail.com>
Date: Tue, 20 Nov 2018 16:40:55 -0800
Subject: [PATCH] Fix non-admins w/ perms not able to create new collection in
 root :unlock:

---
 src/metabase/api/collection.clj       |  8 +++-----
 test/metabase/api/collection_test.clj | 25 ++++++++++++++++++++++---
 2 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/metabase/api/collection.clj b/src/metabase/api/collection.clj
index 240979442b8..672d053d997 100644
--- a/src/metabase/api/collection.clj
+++ b/src/metabase/api/collection.clj
@@ -171,11 +171,9 @@
   "Check that you're allowed to write Collection with `collection-id`; if `collection-id` is `nil`, check that you have
   Root Collection perms."
   [collection-id]
-  (if collection-id
-    (api/write-check Collection collection-id)
-    ;; if the Collection is going to go in the Root Collection, for the time being we'll just check that you're a
-    ;; superuser. Once we merge in Root Collection permissions we'll need to change this !
-    (api/check-superuser)))
+  (api/write-check (if collection-id
+                     (Collection collection-id)
+                     collection/root-collection)))
 
 (api/defendpoint POST "/"
   "Create a new Collection."
diff --git a/test/metabase/api/collection_test.clj b/test/metabase/api/collection_test.clj
index 59f31d776ee..8b89454e1e7 100644
--- a/test/metabase/api/collection_test.clj
+++ b/test/metabase/api/collection_test.clj
@@ -486,11 +486,30 @@
          {:name "Stamp Collection", :color "#123456"})
         (dissoc :id))))
 
-;; test that non-admins aren't allowed to create a collection
+;; test that non-admins aren't allowed to create a collection in the root collection
 (expect
   "You don't have permissions to do that."
-  ((user->client :rasta) :post 403 "collection"
-   {:name "Stamp Collection", :color "#123456"}))
+  (tu/with-non-admin-groups-no-root-collection-perms
+    ((user->client :rasta) :post 403 "collection"
+     {:name "Stamp Collection", :color "#123456"})))
+
+;; Can a non-admin user with Root Collection perms add a new collection to the Root Collection? (#8949)
+(expect
+  {:name              "Stamp Collection"
+   :description       nil
+   :color             "#123456"
+   :archived          false
+   :location          "/"
+   :personal_owner_id nil
+   :slug              "stamp_collection"}
+  (tu/with-model-cleanup [Collection]
+    (tu/with-non-admin-groups-no-root-collection-perms
+      (-> (tt/with-temp* [PermissionsGroup           [group]
+                          PermissionsGroupMembership [_ {:user_id (user->id :rasta), :group_id (u/get-id group)}]]
+            (perms/grant-collection-readwrite-permissions! group collection/root-collection)
+            ((user->client :rasta) :post 200 "collection"
+             {:name "Stamp Collection", :color "#123456"}))
+          (dissoc :id)))))
 
 ;; Can I create a Collection as a child of an existing collection?
 (expect
-- 
GitLab