"Our analytics" can be confusing when user does not have access to that collection

[flamber]

Describe the bug
"Our analytics" can be confusing when user does not have access to that collection.

To Reproduce

1. Admin > Permissions > Collections - set "Our analytics" to No access for All Users
2. Login as user
3. The homepage should probably not show the Your teams’ most important dashboards go here (this is new in 0.42) and perhaps not show the text Access dashboards, questions, and collections in "Our analytics"
   
4. Click "Browse all items" - that will take you to collections hierarchy page, but it should probably hide the "Our analytics" in the sidebar and auto-select the first available collection by default:
   
   Example with a few collections available to the user:
   

Information about your Metabase Installation:
Tested 0.41.6 thru 0.42.1

Additional context
Related to #19070 and #8747

[kulyk]

This requires both frontend and backend work. For non-root collections, the BE responds with 403 on GET /api/collection/:id. However, it returns 200 for GET /api/collection/root even if a user doesn't have permission to it at all (aka "No access" permission). At the same time, the FE can't distinguish the "View" and "No access" permissions for the root collection. Perhaps we should better do #19070 and close this issue together with it

[nemanjaglumac]

This issue became much worse with the addition of some features from v43.
The existence of "Our analytics" is not only confusing, but it also leads user to some dead-end pages and it prompts one to perform actions which they are not allowed to.

This is how /collection/root looks for a user with no access now:

1. It prompts you to click on events (which is not allowed) and only leads to weird errors and empty modals
2. It also completely unnecessarily sends requesst to:
   • /api/collection/root/timelines - returns 200 (wrong)
   • api/timeline/1?include=eventswhich (correctly) returns 403
3. It prompts you to create new:
   • Dashboard (ok)
   • Collection (can result in a weird state error and a blank page in production!)

This is how it looks like in the local dev environment:

Clicking on events:

[calherries]

While working on this I came across two other smaller bugs with users without root permissions.

When joining a table with a saved question, "Our analytics" appears as an empty collection:

When saving a question, "Our analytics" appears on the search header:

@flamber do these need separate issues made?

[calherries]

I've closed this issue and created a separate issue for the last screenshot in my comment above.

[nemanjaglumac]

Note to @calherries and probably to @luizarakaki or @brunobergher

This issue was planned for the end of 43 cycle. We're already in the next cycle and will most likely not issue another 43.x release.
Should this be moved to the 44 cycle Project? If so, #23887 needs to be backported.

[nemanjaglumac]

I've closed this issue and created a separate issue for the last screenshot in my comment above.

There is one more bug that's not solved and it seems like a frontend not handling exceptions.
I warned about it here, but now I filed it as a separate issue - #24015

[calherries]

@nemanjaglumac Yes, it should have been backported to 44. Here's the backport PR #24048