Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

If you don't have access to the root collection but inner collections, you get permission errors in QuestionPicker #44316

Closed
ranquild opened this issue Jun 17, 2024 · 0 comments · Fixed by #44327
Closed

If you don't have access to the root collection but inner collections, you get permission errors in QuestionPicker #44316

ranquild opened this issue Jun 17, 2024 · 0 comments · Fixed by #44327
Assignees
@npfitz
Labels
Administration/Permissions Collection or Data permissions .Escalation .Frontend Organization/Collections Priority:P1 Security holes w/o exploit, crashing, setup/upgrade, login, broken common features, correctness .Regression Bugs that were previously fixed and/or bugs unintentionally shipped with new features. .Team/AdminWebapp Admin and Webapp team Type:Bug Product defects
Milestone
0.50.6

Comments

@ranquild
Copy link
Contributor

ranquild commented Jun 17, 2024
edited
Loading

Describe the bug

If you have mixed collection access you won't be able to select a collection if you don't have access to all parent collections.

To Reproduce

  1. Create several subcollections in Our analytics, like A -> B -> C
  2. Go to Admin -> Permissions and revoke access from Our analytics collection; grant access to B
  3. Log in as a regular user
  4. Try selecting any descendant collection of Our analytics in the product now and see permission errors (QuestionPicker)

Note - the collection sidebar on the left handles this case correctly.

Screenshot 2024-06-17 at 12 30 26 Screenshot 2024-06-17 at 12 30 22 Screenshot 2024-06-17 at 13 58 55 Screenshot 2024-06-17 at 12 32 32

Expected behavior

I should be able to select collections that I have access to without permission errors.

Logs

No relevant logs

Information about your Metabase installation

v50

Severity

P1

Additional context

No response
@ranquild ranquild added Type:Bug Product defects .Needs Triage Priority:P1 Security holes w/o exploit, crashing, setup/upgrade, login, broken common features, correctness .Team/AdminWebapp Admin and Webapp team .Frontend .Regression Bugs that were previously fixed and/or bugs unintentionally shipped with new features. Organization/Collections and removed .Needs Triage labels Jun 17, 2024
@dosubot dosubot bot added the Administration/Permissions Collection or Data permissions label Jun 17, 2024
@ranquild ranquild changed the title If don't have access to the root collection but inner collections, you cannot pick them in QuestionPicker If you don't have access to the root collection but inner collections, you cannot pick them in QuestionPicker Jun 17, 2024
@npfitz npfitz assigned npfitz and unassigned npfitz Jun 17, 2024
@ranquild ranquild changed the title If you don't have access to the root collection but inner collections, you cannot pick them in QuestionPicker If you don't have access to the root collection but inner collections, you get permission errors in QuestionPicker Jun 17, 2024
@npfitz npfitz self-assigned this Jun 17, 2024
@npfitz npfitz mentioned this issue Jun 17, 2024
Merged
1 task
@ranquild ranquild added this to the 0.50.6 milestone Jun 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@npfitz npfitz

Labels
Administration/Permissions Collection or Data permissions .Escalation .Frontend Organization/Collections Priority:P1 Security holes w/o exploit, crashing, setup/upgrade, login, broken common features, correctness .Regression Bugs that were previously fixed and/or bugs unintentionally shipped with new features. .Team/AdminWebapp Admin and Webapp team Type:Bug Product defects
Projects
None yet
Milestone
0.50.6
Development

Successfully merging a pull request may close this issue.

[Bug Fix] Use effective location when building initial path in entity picker metabase/metabase
3 participants
@npfitz @paoliniluis @ranquild