Co-authored-by: Noah Moss <noahbmoss@gmail.com>
Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>
Co-authored-by: Nick Fitzpatrick <nick@metabase.com>
Co-authored-by: John Swanson <john.swanson@metabase.com>
Co-authored-by: Sloan Sparger <sloansparger@users.noreply.github.com>
Co-authored-by: Sloan Sparger <sloansparger@gmail.com>

This reverts commit e0e4ade0.

Co-authored-by: Noah Moss <noahbmoss@gmail.com>
Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>
Co-authored-by: Nick Fitzpatrick <nick@metabase.com>
Co-authored-by: John Swanson <john.swanson@metabase.com>
Co-authored-by: Sloan Sparger <sloansparger@users.noreply.github.com>
Co-authored-by: Sloan Sparger <sloansparger@gmail.com>

Co-authored-by: bryan <bryan.maass@gmail.com>
Co-authored-by: Bryan Maass <bryan.maass@gmail.com>
Co-authored-by: Jerry Huang <jhuang37050@gmail.com>
Co-authored-by: Noah Moss <noahbmoss@gmail.com>
Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>
Co-authored-by: John Swanson <john.swanson@metabase.com>

* Adds a new `metabase.permissions.test-util` namespace
* Adds a new `with-restored-perms!` macro which ensures that permissions are reset after the test body runs
* Updates `with-all-user-data-perms` to use `with-restored-perms!` under the hood, and renames it to `with-all-user-data-perms!`

This is my attempt to fix the state issues with permission tests in a more robust way. Generally, the `permissions` and `sandboxes` tables aren't too large, so it shouldn't be a ton of overhead to just fully reset these tables after a test runs—and certainly doesn't compare with the time lost to debugging state issues between perms tests. (I actually saw this test namespace run one second _faster_ with these changes, in a very unscientific test.)

I'm planning on adding more utils to the `metabase.permissions.test-util` namespace to make perms tests easier to write. But want to keep this PR focused on the change that will (hopefully) fix the tests failing on master.

* audit-log only when hosted or has-feature: audit

* lint fix

* check for the right feature name, and test better

* fix metabase.api.setting-test

* fix a bunch of tests

* fix a couple more tests

* bit of cleanup

* lint fixes

* fix testing function

* fix whitespace

* linter fix

* fix so many tests

* fix the rest of the tests, IIUC

* fix the last test

* lint fix

* remove outdated tests (from the merge conflict)

* disable-other-sso-types needs to _reset_ premium features.

- patches in the audit-app feature by default.

* Just need to re-add :audit-app as a premium feature

* try improving disable-other-sso-types

Co-authored-by: Ryan Laurie <iethree@gmail.com>
Co-authored-by: Luiz Arakaki <luiz.arakaki@metabase.com>
Co-authored-by: bryan <bryan.maass@gmail.com>
Co-authored-by: Noah Moss <32746338+noahmoss@users.noreply.github.com>
Co-authored-by: Ryan Laurie <30528226+iethree@users.noreply.github.com>
Co-authored-by: Nick Fitzpatrick <nick@metabase.com>
Co-authored-by: Nick Fitzpatrick <nickfitz.582@gmail.com>
Co-authored-by: Noah Moss <noahbmoss@gmail.com>
Co-authored-by: Case Nelson <case@metabase.com>
Co-authored-by: Jerry Huang <jhuang37050@gmail.com>
Co-authored-by: Bryan Maass <bryan.maass@gmail.com>
Co-authored-by: Jerry Huang <34140255+qwef@users.noreply.github.com>
Co-authored-by: adam-james <21064735+adam-james-v@users.noreply.github.com>
Co-authored-by: Adam James <adam.vermeer2@gmail.com>
Co-authored-by: John Swanson <john.swanson@metabase.com>

* Migrate collection and permissions namespaces to Malli

* Fix docstring

* Fix Kondo warnings

* Prevent malicious H2 connection string properties

* Disallow new H2 connections

* Fix Kondo lint warning

* Test fix 



---------

Co-authored-by: dan sutton <dan@dpsutton.com>

[Fixes #32265]

* Restrict uploading to people with correct perms

[Fixes #30322]

* Add `include_only_uploadable?` flag to database endpoint

Useful for populating the list of DBs in /admin/settings/uploads

* Remove deprecated 'include_tables' flag

* Remove deprecated 'include_cards' flag

* allow non-actions-enabled DBs for uploads on the frontend

* allow settings manager access

* Only show uploads DBs if EE user has 'manage' access

* Properly handle perms for Settings Managers changing the uploads DB


---------

Co-authored-by: Ryan Laurie <iethree@gmail.com>

* Ban `tt/with-temp` and convert usages to Toucan 2

* Ban `tt/with-temp*` and convert usages to Toucan 2

* Revert changes not meant for this PR

* Ban `mt/with-temp` and replace usages with `t2.with-temp/with-temp`

* Fixes 



* Fix indentation

* fix syntax in models.secret_test

---------

Co-authored-by: Ngoc Khuat <qn.khuat@gmail.com>

* convert db\/insert! to t2

* db/select-one -> t2/select-one

* db/select-one-field -> t2/select-one-fn

* add discourage var

* Users can execute actions if they can read the model and the DB is not blocked

[Fixes #28425]

* standardize ns formatting in all src/ namespaces

* small fixes

* test formatting

* enterprise files

* fix whitespace linter error

* fix kondo error

* bin files

* reformat shared files

* fix errors

* fix another error

* mostly fix import to use parenthesis and have it at a new line

* fix wrong spacing

Co-authored-by: Ngoc Khuat <qn.khuat@gmail.com>

* make auth settings adminOnly on FE

* WIP backend changes

* Update relevant settings

* address lint warning

* new tests, and a bunch of reorganization

* remove broken EE settings test, and fix validation in google & ldap endpoints

* fix cypress tests

* add clarifying table to setting docs