function getRawQueryWarningModal(permissions, groupId, entityId, value) { if (value === "write" && getNativePermission(permissions, groupId, entityId) !== "write" && getSchemasPermission(permissions, groupId, entityId) !== "all" ) { return { title: "Allow Raw Query Writing?", message: "This will also change this group's data access to Unrestricted for this database.", confirmButtonText: "Allow", cancelButtonText: "Cancel" }; } }
// If the user is revoking an access to every single table of a database for a specific user group, // warn the user that the access to raw queries will be revoked as well. // This warning will only be shown if the user is editing the permissions of individual tables. function getRevokingAccessToAllTablesWarningModal( database, permissions, groupId, entityId, value, ) { if ( value === "none" && getSchemasPermission(permissions, groupId, entityId) === "controlled" && getNativePermission(permissions, groupId, entityId) !== "none" ) { // allTableEntityIds contains tables from all schemas const allTableEntityIds = database.tables.map(table => ({ databaseId: table.db_id, schemaName: table.schema || "", tableId: table.id, })); // Show the warning only if user tries to revoke access to the very last table of all schemas const afterChangesNoAccessToAnyTable = _.every( allTableEntityIds, id => getFieldsPermission(permissions, groupId, id) === "none" || _.isEqual(id, entityId), ); if (afterChangesNoAccessToAnyTable) { return { title: t`Revoke access to all tables?`, message: t`This will also revoke this group's access to raw queries for this database.`, confirmButtonText: t`Revoke access`, cancelButtonText: t`Cancel`, }; } } }
(metadata: Metadata, groups: Array<Group>, permissions: GroupsPermissions) => { if (!groups || !permissions || !metadata) { return null; } const databases = metadata.databases(); const defaultGroup = _.find(groups, isDefaultGroup); return { type: "database", groups, permissions: { "schemas": { header: "Data Access", options(groupId, entityId) { return [OPTION_ALL, OPTION_CONTROLLED, OPTION_NONE] }, getter(groupId, entityId) { return getSchemasPermission(permissions, groupId, entityId); }, updater(groupId, entityId, value) { MetabaseAnalytics.trackEvent("Permissions", "schemas", value); return updateSchemasPermission(permissions, groupId, entityId, value, metadata) }, postAction(groupId, { databaseId }, value) { if (value === "controlled") { let database = metadata.database(databaseId); let schemas = database ? database.schemaNames() : []; if (schemas.length === 0 || (schemas.length === 1 && schemas[0] === "")) { return push(`/admin/permissions/databases/${databaseId}/tables`); } else if (schemas.length === 1) { return push(`/admin/permissions/databases/${databaseId}/schemas/${schemas[0]}/tables`); } else { return push(`/admin/permissions/databases/${databaseId}/schemas`); } } }, confirm(groupId, entityId, value) { return [ getPermissionWarningModal(getSchemasPermission, "schemas", defaultGroup, permissions, groupId, entityId, value) ]; }, warning(groupId, entityId) { return getPermissionWarning(getSchemasPermission, "schemas", defaultGroup, permissions, groupId, entityId); } }, "native": { header: "SQL Queries", options(groupId, entityId) { if (getSchemasPermission(permissions, groupId, entityId) === "none") { return [OPTION_NONE]; } else { return [OPTION_NATIVE_WRITE, OPTION_NATIVE_READ, OPTION_NONE]; } }, getter(groupId, entityId) { return getNativePermission(permissions, groupId, entityId); }, updater(groupId, entityId, value) { MetabaseAnalytics.trackEvent("Permissions", "native", value); return updateNativePermission(permissions, groupId, entityId, value, metadata); }, confirm(groupId, entityId, value) { return [ getPermissionWarningModal(getNativePermission, null, defaultGroup, permissions, groupId, entityId, value), getRawQueryWarningModal(permissions, groupId, entityId, value) ]; }, warning(groupId, entityId) { return getPermissionWarning(getNativePermission, null, defaultGroup, permissions, groupId, entityId); } }, }, entities: databases.map(database => { let schemas = database.schemaNames(); return { id: { databaseId: database.id }, name: database.name, link: schemas.length === 0 || (schemas.length === 1 && schemas[0] === "") ? { name: "View tables", url: `/admin/permissions/databases/${database.id}/tables` } : schemas.length === 1 ? { name: "View tables", url: `/admin/permissions/databases/${database.id}/schemas/${schemas[0]}/tables` } : { name: "View schemas", url: `/admin/permissions/databases/${database.id}/schemas`} } }) } }
(metadata: Metadata, groups: Array<Group>, permissions: GroupsPermissions) => { if (!groups || !permissions || !metadata) { return null; } const databases = metadata.databases(); return { type: "database", groups, permissions: { "schemas": { options(groupId, entityId) { return ["all", "controlled", "none"] }, getter(groupId, entityId) { return getSchemasPermission(permissions, groupId, entityId); }, updater(groupId, entityId, value) { return updateSchemasPermission(permissions, groupId, entityId, value, metadata) }, postAction(groupId, { databaseId }, value) { if (value === "controlled") { let database = metadata.database(databaseId); let schemas = database ? database.schemaNames() : []; if (schemas.length === 0 || (schemas.length === 1 && schemas[0] === "")) { return push(`/admin/permissions/databases/${databaseId}/tables`); } else if (schemas.length === 1) { return push(`/admin/permissions/databases/${databaseId}/schemas/${schemas[0]}/tables`); } else { return push(`/admin/permissions/databases/${databaseId}/schemas`); } } }, }, "native": { options(groupId, entityId) { if (getSchemasPermission(permissions, groupId, entityId) === "none") { return ["none"]; } else { return ["write", "read", "none"]; } }, getter(groupId, entityId) { return getNativePermission(permissions, groupId, entityId); }, updater(groupId, entityId, value) { return updateNativePermission(permissions, groupId, entityId, value, metadata); }, confirm(groupId, entityId, value) { if (value === "write" && getNativePermission(permissions, groupId, entityId) !== "write" && getSchemasPermission(permissions, groupId, entityId) !== "all" ) { return { title: "Allow Raw Query Writing", message: "This will also change this group's data access to Unrestricted for this database." }; } } }, }, entities: databases.map(database => { let schemas = database.schemaNames(); return { id: { databaseId: database.id }, name: database.name, subtitle: database.details.dbname, link: schemas.length === 0 || (schemas.length === 1 && schemas[0] === "") ? { name: "View tables", url: `/admin/permissions/databases/${database.id}/tables` } : schemas.length === 1 ? { name: "View tables", url: `/admin/permissions/databases/${database.id}/schemas/${schemas[0]}/tables` } : { name: "View schemas", url: `/admin/permissions/databases/${database.id}/schemas`} } }) } }