Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot view SQL question when accessing via dashboard with filters connected to modified card without SQL permissions #15163

Closed
Tracked by #21485
flamber opened this issue Mar 13, 2021 · 4 comments
Closed
Tracked by #21485

Cannot view SQL question when accessing via dashboard with filters connected to modified card without SQL permissions #15163

flamber opened this issue Mar 13, 2021 · 4 comments
Assignees
@daltojohnso
Labels
Administration/Data Sandboxes Enterprise Sandboxing Administration/Permissions Collection or Data permissions Priority:P2 Average run of the mill bug Querying/Native The SQL/native query editor Querying/Parameters & Variables Filter widgets, field filters, variables etc. Reporting/Dashboards .Reproduced Issues reproduced in test (usually Cypress) Type:Bug Product defects
Milestone
0.42

Comments

@flamber
Copy link
Contributor

flamber commented Mar 13, 2021
edited
Loading

Describe the bug
When a SQL question on a dashboard is modified (Click Behavior, different title, etc) and is connected with dashboard filters, then it's not possible to click the question without SQL permissions. Errors with You do not have permissions to run this query..

To Reproduce

  1. Admin > Users > create user "U1"
  2. Admin > Permissions > revoke data-access to "All users"
  3. Native query > Sample Dataset > SELECT COUNT(*) FROM "PRODUCTS" WHERE {{cat}} and set variable to Field Filter of Products.Category, and save question as "Q1"
  4. Add "Q1" to a dashboard and connect a Categories filter to card
  5. Edit the card - example change the title via Visualization Options or add Click Behavior - and save the dashboard
  6. Login as "U1" and go to dashboard - change filter value to "Gizmo" and click the card title.
    image
  7. The URL is /question?filter=Gizmo#hash... ("dirty"/unsaved) and errors with Sorry, you don’t have permission to see that. - log You don't have permissions to do that.
    image
  8. ( as Admin, Admin > Permissions > grant data-access to "All users", but not SQL )
  9. As "U1" do step 6 again with Sandboxed, now the error is slightly different, but the same as with Sandboxing - and the SQL editor is visible too:
    image
    And the log will now have a stacktrace error :missing-required-permissions
Full stacktrace 
2021-03-13 18:26:45,808 ERROR middleware.catch-exceptions :: Error processing query: null
{:database_id 4,
 :started_at #t "2021-03-13T18:26:45.547454+01:00[Europe/Copenhagen]",
 :error_type :missing-required-permissions,
 :json_query
 {:type "native",
  :native
  {:query "SELECT COUNT(*) FROM PRODUCTS WHERE {{filter}}",
   :template-tags
   {:filter
    {:id "2d8afc5c-6890-b657-8878-0d3d2f3d1e5f",
     :name "filter",
     :display-name "Filter",
     :type "dimension",
     :dimension ["field-id" 107],
     :widget-type "category",
     :default nil}}},
  :database 4,
  :parameters [{:type "category", :target ["dimension" ["template-tag" "filter"]], :value ["Gizmo"]}],
  :middleware {:js-int-to-string? true, :add-default-userland-constraints? true}},
 :status :failed,
 :class clojure.lang.ExceptionInfo,
 :stacktrace
 ["--> query_processor.middleware.permissions$perms_exception.invokeStatic(permissions.clj:34)"
  "query_processor.middleware.permissions$perms_exception.invoke(permissions.clj:33)"
  "query_processor.middleware.permissions$fn__45485$check_ad_hoc_query_perms__45490$fn__45494.invoke(permissions.clj:54)"
  "query_processor.middleware.permissions$fn__45485$check_ad_hoc_query_perms__45490.invoke(permissions.clj:43)"
  "query_processor.middleware.permissions$fn__45522$check_query_permissions_STAR___45527$fn__45528.invoke(permissions.clj:65)"
  "query_processor.middleware.permissions$fn__45522$check_query_permissions_STAR___45527.invoke(permissions.clj:58)"
  "query_processor.middleware.permissions$check_query_permissions$fn__45541.invoke(permissions.clj:74)"
  "query_processor.middleware.pre_alias_aggregations$pre_alias_aggregations$fn__47102.invoke(pre_alias_aggregations.clj:40)"
  "query_processor.middleware.cumulative_aggregations$handle_cumulative_aggregations$fn__45739.invoke(cumulative_aggregations.clj:60)"
  "query_processor.middleware.resolve_joined_fields$resolve_joined_fields$fn__47415.invoke(resolve_joined_fields.clj:94)"
  "query_processor.middleware.resolve_joins$resolve_joins$fn__47720.invoke(resolve_joins.clj:178)"
  "query_processor.middleware.add_implicit_joins$add_implicit_joins$fn__44064.invoke(add_implicit_joins.clj:181)"
  "query_processor.middleware.large_int_id$convert_id_to_string$fn__46375.invoke(large_int_id.clj:44)"
  "query_processor.middleware.format_rows$format_rows$fn__46355.invoke(format_rows.clj:74)"
  "query_processor.middleware.desugar$desugar$fn__45805.invoke(desugar.clj:21)"
  "query_processor.middleware.binning$update_binning_strategy$fn__44830.invoke(binning.clj:228)"
  "query_processor.middleware.resolve_fields$resolve_fields$fn__45348.invoke(resolve_fields.clj:24)"
  "query_processor.middleware.add_dimension_projections$add_remapping$fn__43694.invoke(add_dimension_projections.clj:314)"
  "query_processor.middleware.add_implicit_clauses$add_implicit_clauses$fn__43925.invoke(add_implicit_clauses.clj:146)"
  "query_processor.middleware.upgrade_field_literals$upgrade_field_literals$fn__48150.invoke(upgrade_field_literals.clj:45)"
  "query_processor.middleware.add_source_metadata$add_source_metadata_for_source_queries$fn__44217.invoke(add_source_metadata.clj:122)"
  "query_processor.middleware.reconcile_breakout_and_order_by_bucketing$reconcile_breakout_and_order_by_bucketing$fn__47299.invoke(reconcile_breakout_and_order_by_bucketing.clj:97)"
  "query_processor.middleware.auto_bucket_datetimes$auto_bucket_datetimes$fn__44417.invoke(auto_bucket_datetimes.clj:139)"
  "query_processor.middleware.resolve_source_table$resolve_source_tables$fn__45395.invoke(resolve_source_table.clj:45)"
  "query_processor.middleware.parameters$substitute_parameters$fn__47084.invoke(parameters.clj:111)"
  "query_processor.middleware.resolve_referenced$resolve_referenced_card_resources$fn__45447.invoke(resolve_referenced.clj:79)"
  "query_processor.middleware.expand_macros$expand_macros$fn__46061.invoke(expand_macros.clj:155)"
  "query_processor.middleware.add_timezone_info$add_timezone_info$fn__44226.invoke(add_timezone_info.clj:15)"
  "query_processor.middleware.splice_params_in_response$splice_params_in_response$fn__48086.invoke(splice_params_in_response.clj:32)"
  "query_processor.middleware.resolve_database_and_driver$resolve_database_and_driver$fn__47310$fn__47314.invoke(resolve_database_and_driver.clj:31)"
  "driver$do_with_driver.invokeStatic(driver.clj:60)"
  "driver$do_with_driver.invoke(driver.clj:56)"
  "query_processor.middleware.resolve_database_and_driver$resolve_database_and_driver$fn__47310.invoke(resolve_database_and_driver.clj:25)"
  "query_processor.middleware.fetch_source_query$resolve_card_id_source_tables$fn__46301.invoke(fetch_source_query.clj:274)"
  "query_processor.middleware.store$initialize_store$fn__48095$fn__48096.invoke(store.clj:11)"
  "query_processor.store$do_with_store.invokeStatic(store.clj:44)"
  "query_processor.store$do_with_store.invoke(store.clj:38)"
  "query_processor.middleware.store$initialize_store$fn__48095.invoke(store.clj:10)"
  "query_processor.middleware.validate$validate_query$fn__48157.invoke(validate.clj:10)"
  "query_processor.middleware.normalize_query$normalize$fn__46427.invoke(normalize_query.clj:22)"
  "query_processor.middleware.add_rows_truncated$add_rows_truncated$fn__44082.invoke(add_rows_truncated.clj:35)"
  "query_processor.middleware.results_metadata$record_and_return_metadata_BANG_$fn__48071.invoke(results_metadata.clj:147)"
  "query_processor.middleware.constraints$add_default_userland_constraints$fn__45682.invoke(constraints.clj:42)"
  "query_processor.middleware.process_userland_query$process_userland_query$fn__47173.invoke(process_userland_query.clj:135)"
  "query_processor.middleware.catch_exceptions$catch_exceptions$fn__45625.invoke(catch_exceptions.clj:173)"
  "query_processor.reducible$async_qp$qp_STAR___37428$thunk__37429.invoke(reducible.clj:103)"
  "query_processor.reducible$async_qp$qp_STAR___37428.invoke(reducible.clj:109)"
  "query_processor.reducible$sync_qp$qp_STAR___37437$fn__37440.invoke(reducible.clj:135)"
  "query_processor.reducible$sync_qp$qp_STAR___37437.invoke(reducible.clj:134)"
  "query_processor$process_userland_query.invokeStatic(query_processor.clj:237)"
  "query_processor$process_userland_query.doInvoke(query_processor.clj:233)"
  "query_processor$fn__48203$process_query_and_save_execution_BANG___48212$fn__48215.invoke(query_processor.clj:249)"
  "query_processor$fn__48203$process_query_and_save_execution_BANG___48212.invoke(query_processor.clj:241)"
  "query_processor$fn__48247$process_query_and_save_with_max_results_constraints_BANG___48256$fn__48259.invoke(query_processor.clj:261)"
  "query_processor$fn__48247$process_query_and_save_with_max_results_constraints_BANG___48256.invoke(query_processor.clj:254)"
  "api.dataset$run_query_async$fn__54361.invoke(dataset.clj:56)"
  "query_processor.streaming$streaming_response_STAR_$fn__54340$fn__54341.invoke(streaming.clj:72)"
  "query_processor.streaming$streaming_response_STAR_$fn__54340.invoke(streaming.clj:71)"
  "async.streaming_response$do_f_STAR_.invokeStatic(streaming_response.clj:65)"
  "async.streaming_response$do_f_STAR_.invoke(streaming_response.clj:63)"
  "async.streaming_response$do_f_async$fn__16055.invoke(streaming_response.clj:84)"],
 :context :ad-hoc,
 :error "You do not have permissions to run this query.",
 :row_count 0,
 :running_time 0,
 :ex-data
 {:type :missing-required-permissions,
  :required-permissions #{"/db/4/native/"},
  :actual-permissions
  #{"/collection/4/read/" "/collection/33/read/" "/collection/20/read/" "/collection/25/read/" "/collection/22/read/"
    "/collection/28/read/" "/collection/root/read/" "/collection/10/read/" "/collection/26/read/"
    "/collection/23/read/" "/collection/31/read/" "/collection/32/read/" "/collection/16/read/" "/collection/3/"
    "/collection/19/read/" "/db/4/schema/" "/collection/15/read/" "/collection/21/read/" "/collection/5/read/"
    "/collection/8/read/" "/collection/30/read/" "/collection/34/read/" "/collection/12/read/" "/collection/9/read/"
    "/collection/24/read/" "/collection/2/read/" "/collection/35/read/" "/collection/36/read/" "/collection/18/read/"
    "/collection/17/read/" "/collection/29/read/"},
  :card-id nil,
  :permissions-error? true},
 :data {:rows [], :cols []}}

Information about your Metabase Installation:
Tested 0.36.8 thru 0.38.1, and 1.37.9 with sandboxing

Additional context
Related to #13595 and #12720
@flamber flamber added Type:Bug Product defects Priority:P2 Average run of the mill bug Reporting/Dashboards Administration/Permissions Collection or Data permissions Querying/Parameters & Variables Filter widgets, field filters, variables etc. Querying/Native The SQL/native query editor labels Mar 13, 2021
nemanjaglumac added a commit that referenced this issue Mar 15, 2021
@nemanjaglumac
Add repro for #15163
bf0bee7
@nemanjaglumac nemanjaglumac mentioned this issue Mar 15, 2021
Merged
nemanjaglumac added a commit that referenced this issue Mar 15, 2021
@nemanjaglumac
#15163 Repro: Cannot view SQL question when accessing via dashboard w…
ce6a23b 
…ith filters connected to modified card without SQL permissions (#15169)

* Expand test to include "nosql" scenario

* Add additional check for native query editor
@nemanjaglumac nemanjaglumac added the .Reproduced Issues reproduced in test (usually Cypress) label Mar 15, 2021
@daltojohnso

This comment has been minimized.

Sign in to view
nemanjaglumac added a commit that referenced this issue Jul 6, 2021
@nemanjaglumac
Extract repro for #15163 into a separate file
6ac7f79
nemanjaglumac added a commit that referenced this issue Jul 6, 2021
@nemanjaglumac
[SQL filters coverage] Group reproductions (#16898)
6724855 
* Extract repro for #12228 into a separate file

* Extract repro for #15444 into a separate file

* Extract repro for #15460 into a separate file

* Extract repro for #15700 into a separate file

* Extract repro for #15981 into a separate file

* Extract repro for #16739 into a separate file

* Extract repro for #13961 into a separate file

* Extract repro for #14145 into a separate file

* Extract repro for #12581 into a separate file

* Extract repro for #14302 into a separate file

* Extract repro for #15163 into a separate file

* Extract repro for #11580 into a separate file

* Extract repro for #11480 into a separate file

* Extract repro for #9357 into a separate file
@flamber flamber added the Administration/Data Sandboxes Enterprise Sandboxing label Nov 15, 2021
@daltojohnso
Copy link
Contributor

@flamber -- Seems like this particular issue may be fixed by #19027.

When a card is a native question, clicking the card's title on a dashboard now directly navigates to /question/:cardId plus any additional parameter values in the search query. This is the behavior for all users with access to the dashboard and card.

GUI question are an entirely different problem at this point.

@daltojohnso
Copy link
Contributor

One downside to this is that viz changes made to a dashcard can't be seen in the query builder. I don't know if this is desired or not. If it is, I think one option is to build an entirely new query builder "mode" specific to dashcards, not unlike what we're doing for datasets right now. This way, we'd skip the saved card <-> dashcard comparison that happens that breaks due to dashcard viz settings changes.

@flamber
Copy link
Contributor Author

flamber commented Dec 9, 2021

@daltojohnso Yeah, I don't know, but until #13595 is fixed, then I don't think we can do much. Then I prefer having this working without it parsing on the dashcard viz stuff - like #19027 implemented.
I'm okay with closing this issue and then let's make another about that lack of information - once we've fixed more filter issues in the next couple of weeks.

@flamber flamber closed this as completed Dec 9, 2021
@flamber flamber added this to the 0.42 milestone Dec 9, 2021
@diogormendes diogormendes mentioned this issue Apr 6, 2022
Open
26 tasks
@flamber flamber mentioned this issue Jun 11, 2022
Closed
@deploysentinel deploysentinel bot mentioned this issue Sep 19, 2023
Merged
1 task
@deploysentinel deploysentinel bot mentioned this issue Nov 8, 2023
Merged
This was referenced Jan 11, 2024
Merged
Merged
Merged
Merged
Merged
This was referenced Feb 5, 2024
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Merged
Closed
Merged
Merged
Merged
Merged
Merged
Merged
Open
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@replay-io replay-io bot mentioned this issue Feb 13, 2024
Merged
@replay-io replay-io bot mentioned this issue Apr 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@daltojohnso daltojohnso

Labels
Administration/Data Sandboxes Enterprise Sandboxing Administration/Permissions Collection or Data permissions Priority:P2 Average run of the mill bug Querying/Native The SQL/native query editor Querying/Parameters & Variables Filter widgets, field filters, variables etc. Reporting/Dashboards .Reproduced Issues reproduced in test (usually Cypress) Type:Bug Product defects
Projects
None yet
Milestone
0.42
Development

No branches or pull requests
3 participants
@flamber @daltojohnso @nemanjaglumac