metabase icon indicating copy to clipboard operation
metabase copied to clipboard

Published 20 hours ago verified publisher icon metabase

Fix report download for users with limited data access

Open kanobi opened this issue 3 years ago • 2 comments

Fix for the issue #20868

I've disabled the validate-card-parameters function for "cards" that are run in the context of data export (csv, xlsx, json). Not sure if this is complete fix and the validation would need to work for these 3 cases as well. There might be some underlying bug in the validate-card-parameters which is not working for data download context (and users with limited access).

How to test:

  • Create user with no "self-service" and no "native query" data permissions
  • Create dashboard with questions connected to dashboard filters
  • Login with no "self-service" user and open the dashboard
  • Use filter in the dashboard and then click specific question to open question view
  • Export the data

kanobi avatar Jun 27 '22 21:06 kanobi

Codecov Report

Merging #23581 (a6e1366) into master (f353e69) will increase coverage by 0.07%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master   #23581      +/-   ##
==========================================
+ Coverage   64.32%   64.39%   +0.07%     
==========================================
  Files        2691     2673      -18     
  Lines       83506    83339     -167     
  Branches    10350    10320      -30     
==========================================
- Hits        53716    53668      -48     
+ Misses      25551    25439     -112     
+ Partials     4239     4232       -7
Flag Coverage Δ
back-end 85.34% <100.00%> (+0.01%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/metabase/query_processor/card.clj 76.56% <100.00%> (+0.37%) :arrow_up:
...rontend/src/metabase-enterprise/embedding/index.js 36.36% <0.00%> (-20.78%) :arrow_down:
.../src/metabase-lib/lib/queries/structured/Filter.ts 71.07% <0.00%> (-2.48%) :arrow_down:
frontend/src/metabase/lib/query/filter.js 76.92% <0.00%> (-1.93%) :arrow_down:
.../query_builder/components/view/QuestionFilters.jsx 47.36% <0.00%> (-1.29%) :arrow_down:
...ery_builder/components/notebook/steps/JoinStep.jsx 16.08% <0.00%> (-1.25%) :arrow_down:
frontend/src/metabase/lib/schema_metadata.js 86.93% <0.00%> (-1.01%) :arrow_down:
frontend/src/metabase/lib/query/query.js 93.10% <0.00%> (-0.87%) :arrow_down:
...lder/components/notebook/steps/JoinStep.styled.jsx 80.00% <0.00%> (-0.65%) :arrow_down:
...nd/src/metabase-lib/lib/queries/StructuredQuery.ts 70.06% <0.00%> (-0.22%) :arrow_down:
... and 67 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update f353e69...a6e1366. Read the comment docs.

codecov[bot] avatar Jun 27 '22 21:06 codecov[bot]

Hi @kanobi Thank you for the contribution. The devs will have to look at this. I think there needs to be a test for this. Also the PR should be able to pass all existing tests (besides external database tests, which are not executed on third-party PRs).

flamber avatar Jul 01 '22 10:07 flamber

Closing this PR, because it didn't fix the underlying problem as @camsaul mentioned. I'll try investigating more to see if I can fix the parameter validation, but I'll need to understand that part more. In nay case it would be another PR later on.

kanobi avatar Aug 13 '22 17:08 kanobi