-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up deprecated data permission types #40545
Clean up deprecated data permission types #40545
Conversation
|
43db7b5
to
d5544d4
Compare
feb5f5a
to
d32026d
Compare
6976adf
to
ec4295c
Compare
This stack of pull requests is managed by Graphite. Learn more about stacking. |
950a0b9
to
6e3bda6
Compare
ec4295c
to
6cd0d75
Compare
6e3bda6
to
f030141
Compare
6cd0d75
to
f3a6c7f
Compare
f030141
to
7b4db54
Compare
4536e3f
to
a7e1a7d
Compare
7b4db54
to
438e735
Compare
6509eaa
to
3d42ab1
Compare
e66246e
to
42c32c7
Compare
bfe1635
to
a352a2d
Compare
a352a2d
to
8fac4cd
Compare
;; Remove native query access to the DB when saving a sandbox | ||
(when (= (data-perms/table-permission-for-group group_id :perms/create-queries db-id table_id) :query-builder-and-native) | ||
(data-perms/set-database-permission! group_id db-id :perms/create-queries :query-builder))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's a spot that still needed to be migrated — we need to ensure that when you save a sandbox, we correctly revoke native access
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice find, whoops.
changes: | ||
- sql: | ||
sql: > | ||
DELETE FROM data_permissions where perm_type = 'perms/data-access' OR perm_type = 'perms/native-query-editing'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's the new migration
For permissions which can be set at the table-level or the database-level, this function will return the database-level | ||
permission if the user has it." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed this as it is inaccurate
@@ -383,12 +312,34 @@ | |||
(when new-db-perms | |||
(data-perms/set-database-permission! group-id db-id :perms/create-queries new-db-perms)))) | |||
|
|||
(defn- update-table-level-view-data-permissions! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are needed to support setting legacy-no-self-service
at the table-level. It shouldn't be set in practice (and should be disallowed by the FE) but the BE should allow it for testing purposes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎉 nice!
@@ -25,7 +25,7 @@ Cypress.Commands.add( | |||
[db_id]: { | |||
"view-data": { | |||
[schema]: { | |||
[table_id]: "segmented", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, good catch.
(throw (ex-info (str (tru "No current user found")) | ||
{:status-code 403})))))) | ||
(if *current-user-id* | ||
(let [enforced-sandboxes (enforced-sandboxes-for *current-user-id*)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this functionally different than before?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nope — I think I changed this while trying to fix a different issue and didn't revert it. I'll switch it back.
;; Remove native query access to the DB when saving a sandbox | ||
(when (= (data-perms/table-permission-for-group group_id :perms/create-queries db-id table_id) :query-builder-and-native) | ||
(data-perms/set-database-permission! group_id db-id :perms/create-queries :query-builder))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice find, whoops.
8fac4cd
to
3c15764
Compare
Codenotify: Notifying subscribers in CODENOTIFY files for diff 28b97c8...3c15764.
|
3c15764
to
e100732
Compare
0df3b50
to
1784393
Compare
This PR removes the old
data-access
andnative-query-editing
permissions entirely: from the DB and from the code. This ensures that everything is migrated over toview-data
andcreate-queries
.I've also updated a couple small spots that were still using the old permissions which slipped through the cracks, and updated a lot of tests that were still relying on the old permission types.