Snippets Groups Projects

Fix coll permissions for audit collection (#46351)

John Swanson authored 8 months ago

* Fix coll permissions for audit collection

We've had a function in `models.collection` for a while that has taken a
permissions set and returned a set of collection IDs that the user has
permissions on. I refactored this recently, but didn't notice that it
was actually doing the permissions checks slightly incorrectly.
Specifically, because it only looks at the user's permissions and the
collection IDs and doesn't use `mi/can-read?` or `mi/can-write?`, it's
completely indifferent to whether a collection is an audit collection or
not.

This is arguably not a *permissions* issue: the two errors that could
come about here are:

- someone sees the audit collection even though the audit feature is
disabled, or

- someone is presented with the audit collection in a context where only
writable collections should be present - when they try to actually write
to it, it fails (since then we're doing the real permissions check).

The primary motivation for this fix was to prevent audit dashboards and
cards from appearing in the list of stale items.

* Fix hardcoded collection ID

We were creating a timeline in a fixed collection ID, that in tests
happened to be the ID of the Metabase Analytics collection.

7e826d72

7e826d72 8 months ago

Name	Last commit	Last update
.babel_cache
.clj-kondo
.devcontainer
.github
.husky
.loki
.lsp
.storybook
.vscode
bin
dev
docs
e2e
enterprise
frontend
hooks
locales
modules/drivers
patches
release
resources
snowplow
src/metabase
test/metabase
test_config
test_modules/drivers
test_resources
.cljfmt.edn
.dir-locals.el
.dockerignore
.editorconfig
.eslintignore
.eslintrc.js
.gitignore
.mlc_config.json
.nvmrc
.pre-commit-config.yaml
.prettierignore
.prettierrc
.stylelintrc.json
.yarnrc
Dockerfile
LICENSE-AGPL.txt
LICENSE-EMBEDDING.txt
LICENSE-MCL.txt
LICENSE.txt
README.md
SECURITY.md
babel.config.json
codecov.yml
deps.edn
jest.config.js
jest.tz.unit.conf.json
loki.config.js
package.json
postcss.config.js
shadow-cljs.edn
tsconfig.base.json
tsconfig.json
tsconfig.sdk.json
webpack.config.js
webpack.embedding-sdk-cli.config.js
webpack.embedding-sdk.config.js
webpack.shared.config.js
webpack.static-viz.config.js
yarn.lock
zen.md

Metabase

Metabase is the easy, open-source way for everyone in your company to ask questions and learn from data.

Get started

The easiest way to get started with Metabase is to sign up for a free trial of Metabase Cloud. You get support, backups, upgrades, an SMTP server, SSL certificate, SoC2 Type 2 security auditing, and more (plus your money goes toward improving Metabase). Check out our quick overview of cloud vs self-hosting. If you need to, you can always switch to self-hosting Metabase at any time (or vice versa).

Features

Set up in five minutes (we're not kidding).
Let anyone on your team ask questions without knowing SQL.
Use the SQL editor for more complex queries.
Build handsome, interactive dashboards with filters, auto-refresh, fullscreen, and custom click behavior.
Create models that clean up, annotate, and/or combine raw tables.
Define canonical segments and metrics for your team to use.
Send data to Slack or email on a schedule with dashboard subscriptions.
Set up alerts to have Metabase notify you when your data changes.
Embed charts and dashboards in your app, or even your entire Metabase.

Take a tour of Metabase.

Supported databases

Installation

Metabase can be run just about anywhere. Check out our Installation Guides.

Contributing

Quick Setup: Dev environment

In order to spin up a development environment, you need to start the front end and the backend as follows:

Frontend quick setup

The following command will install the Javascript dependencies:

$ yarn install

To build and run without watching changes:

$ yarn build

To build and run with hot-reload:

$ yarn build-hot

Backend quick setup

In order to run the backend, you'll need to build the drivers first, and then start the backend:

$ ./bin/build-drivers.sh
$ clojure -M:run

For a more detailed setup of a dev environment for Metabase, check out our Developers Guide.

Internationalization

We want Metabase to be available in as many languages as possible. See which translations are available and help contribute to internationalization using our project over at POEditor. You can also check out our policies on translations.

Extending Metabase

Hit our Query API from Javascript to integrate analytics. Metabase enables your application to:

Build moderation interfaces.
Export subsets of your users to third party marketing automation software.
Provide a custom customer lookup application for the people in your company.

Check out our guide, Working with the Metabase API.

Security Disclosure

See SECURITY.md for details.

License

This repository contains the source code for both the Open Source edition of Metabase, released under the AGPL, as well as the commercial editions of Metabase, which are released under the Metabase Commercial Software License.

See LICENSE.txt for details.

Unless otherwise noted, all files © 2024 Metabase, Inc.

Metabase Experts

If you’d like more technical resources to set up your data stack with Metabase, connect with a Metabase Expert.