Users with read permissions are offered to save new dashboard in collections they only have read access to #15281
Assignees
Labels
Administration/Permissions
Collection or Data permissions
Organization/Collections
Priority:P3
Cosmetic bugs, minor bugs with a clear workaround
.Reproduced
Issues reproduced in test (usually Cypress)
Type:Bug
Product defects
Projects
Milestone
Comments
flamber
added
Administration/Permissions
|
This gets even more weird with nested collections. We have the following structure In the test snapshot:
Read only user has READ permissions for ALL these collections.
|
|
It's some of the missing stuff on #7881 |
nemanjaglumac
added a commit
that referenced
this issue
Mar 22, 2021
…hboard in collections they only have read access to (#15282)
kulyk
added a commit
that referenced
this issue
May 6, 2021
…ess to (#15613) * Test adding question to dashboard * Test collections filtering when adding a question When adding a question to dashboard, we need to display collections a user has "write" access to. Collection with "read" access have to be hidden * Fix adding question to dashboard without access * Add a note about permissions test suite * Move question permission tests to collection suite * Revert initial collections filtering * Fix adding question to dashboard without access * Remove redundant state field * Enable #15281 issue repro test * Remove requireCollectionWritePermission prop * Filter items user doesn't have `write` access to * Fix permission tests * Fix dashboard test * Fix part of permission tests disabled for nodata user * Bring back issue reference to Cypress test * Remove underscore prefixes for component methods * Test offers saving dashboard to opened collection * Fix tests nested incorrectly * Split dashboard permission test * Fix suggest saving items to read-only collections * Fix collection permission filtering See comment: #15613 (comment) * Move comment * Fix test failing due to fixed collection suggestion * Remove `should("exist")` from Cypress tests * Merge "adding question to dashboard" tests * Merge similar permission tests * Merge similar tests into one * Use sidebar test ID in permissions test * Select by .AdminSelect * Remove redundant search test case * Revert native query test * Add React list key to ItemPicker items * Add collection suggestions tests * Configure Form's `overwriteOnInitialValuesChange` * Wrap CollectionSelect with `@Collection.loadList` When suggesting an initial collection, we need to check a user has `write` access to it. For that, collection objects have to be present in Redux store, so we can retrieve a collection by ID and check the `can_write` flag * Allow modifying CreateDashboardModal's onSave prop * Fix collection suggestsions for new dashboard * Fix collection suggestions when copying dashboards * Add defaultProps to Form * Fix SaveQuestionModal unit test * Fix SaveQuestionModal collection suggestion * Simplify CollectionSelect wrapper * Fix dashboard header test selector * Rename permission tests * Mock HTTP requests at SaveQuestionModal test * Pass correct params to initialCollectionId
This was referenced Dec 1, 2022
Merged
This was referenced Feb 5, 2024
Merged
Open
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Users with read permissions are offered to save new dashboard in collections they only have read access to. That leads to confusion and an error.
NOTE:
Logs
403error in the console.To Reproduce
Steps to reproduce the behavior:
+icon in the header and choose "New dashboard"Expected behavior
Search shouldn't return collections users don't have curate access to
Screenshots
Initial UI
After searching for a collection user has read access to, and trying to save in it
Information about your Metabase Installation:
Severity
P3
Additional context
Realated to #14052 and to #15280
The text was updated successfully, but these errors were encountered: