-
Notifications
You must be signed in to change notification settings - Fork 455
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates RunQueries permission checks on front end #2550
Conversation
… test queries, as well.
Your preview environment pr-2550-bttf has been deployed. Preview environment endpoints are available at: |
NOTE: I've also updated the underlying policies that resulted in this issue in PR 2551 - That likely removes most of the need for this PR, but I still think adding this protection on the frontend makes sense, especially since these errors caused the app to crash. |
If the app was crashing, it's not because we were missing permission checks. It's because we're making an async call in a click handler without catching errors. Adding permission checks is good, but we should also fix the underlying issue. Otherwise, the crashing bug will still happen if the network request fails for any other reason. |
Good call - after looking into it further, we weren't awaiting the response in the See the change in this commit. |
Features and Changes
While doing some testing, I found that we weren't doing any permission checks before trying to generate or re-generate an information schema for a particular datasource, resulting in not only permission errors, but permission errors that weren't being handled and causing the app to crash.
Now, we are checking for permission on the frontend before we attempt to generate/regenerate a datasource's information schema.
Additionally, we didn't have any protections around the
Test Queries
permissions - now, in the EditSQLModal we are disabling theTest Query
button and adding a tooltip if the user doesn't havecanRunTestQueries
permission.Likewise, we are automatically unchecking the
Test queries before saving
if the user doesn't have test query permissions, and disabling the input + wrapping it in a tooltip.Reproduction steps / Testing
DatasourcesFullAccess
,DataSourceConfiguration
, andMetricsFullAccess
.Edit SQL
button and see that there is no information schema or the info schema for the connected datasource is out of date and needs to be refreshed.Screenshots
Screenshot of the info schema table refresh button when user doesn't have permission
![Screen Shot 2024-05-20 at 9 13 16 AM](https://private-user-images.githubusercontent.com/75274610/332077689-b3d81ba2-e433-4290-adc1-63569090fb90.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgyNjAwOTYsIm5iZiI6MTcxODI1OTc5NiwicGF0aCI6Ii83NTI3NDYxMC8zMzIwNzc2ODktYjNkODFiYTItZTQzMy00MjkwLWFkYzEtNjM1NjkwOTBmYjkwLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjEzVDA2MjMxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTAxYWZkZjUzOWY5MmQ3ODczNjU3NWU0YTVmNTcxOGUyOTI4ZDRlMWU3MDk3ODNiMTdkZDcyMGEwNzM2OTMyNGQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.nzWOEn-0wqcelDmcwnU9V7NKjDNsPbwe2j-UKvmWNgQ)
Screenshot of the info schema databaes refresh button when user doesn't have permission
![Screen Shot 2024-05-20 at 9 13 09 AM](https://private-user-images.githubusercontent.com/75274610/332078067-7da3c840-6733-457c-b7c2-54070d0d09c3.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgyNjAwOTYsIm5iZiI6MTcxODI1OTc5NiwicGF0aCI6Ii83NTI3NDYxMC8zMzIwNzgwNjctN2RhM2M4NDAtNjczMy00NTdjLWI3YzItNTQwNzBkMGQwOWMzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjEzVDA2MjMxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTFlNzAzMTk2NDJmMWU0MTI3ZGVjNTVmYzI4YjE3MTU1N2Y5ZTVmNjlmYWQ3NDNmZmRhYmNlMjAxYTJlZmJlOWImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.CWoUULCUkhnTvjT_DebPhwmon_ZTwPVKRr9aSg0kLYE)
Screenshot of the disabled input when user doesn't have test queries permission
![Screen Shot 2024-05-20 at 9 12 29 AM](https://private-user-images.githubusercontent.com/75274610/332078168-5013afcb-aa11-4613-83bd-e51d5076173e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgyNjAwOTYsIm5iZiI6MTcxODI1OTc5NiwicGF0aCI6Ii83NTI3NDYxMC8zMzIwNzgxNjgtNTAxM2FmY2ItYWExMS00NjEzLTgzYmQtZTUxZDUwNzYxNzNlLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjEzVDA2MjMxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTI0NTFlNGM1MmViMTI5ODBiNDEwNGYyNWY3NGQwMDcwOGYzMDUyOGNmYWQ1MGY2MzM4N2EwYTAxNjI1ZmMzZDYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.LtVrySbfOyxpbPAmGPH03U-ICdi3_TczfBB7pAbBoa4)
Screenshot of the disabled Test Query button if the user doesn't have test queries permission
![Screen Shot 2024-05-20 at 9 08 24 AM](https://private-user-images.githubusercontent.com/75274610/332078469-ea5f624f-e60c-4998-9598-e14c8cc1640a.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgyNjAwOTYsIm5iZiI6MTcxODI1OTc5NiwicGF0aCI6Ii83NTI3NDYxMC8zMzIwNzg0NjktZWE1ZjYyNGYtZTYwYy00OTk4LTk1OTgtZTE0YzhjYzE2NDBhLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjEzVDA2MjMxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWViMDZlY2E0MThkYWQ4ZjE4NGNjNTkyOThhMjk0MzRjN2EzNGZlODIwNDkyNjc2YjJjZWE0NjliYzI1N2VhMTgmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.NvIL99Z1ebwYD2UMhaiwFmyXVUqy5jIcw_-ivJ0JVJY)
Screenshot of the disabled retry button when the user doesn't have canRunSchemaQueries permission
![Screen Shot 2024-05-20 at 9 08 28 AM](https://private-user-images.githubusercontent.com/75274610/332078309-fb8432a5-076e-44f5-9282-04b77552d5fe.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgyNjAwOTYsIm5iZiI6MTcxODI1OTc5NiwicGF0aCI6Ii83NTI3NDYxMC8zMzIwNzgzMDktZmI4NDMyYTUtMDc2ZS00NGY1LTkyODItMDRiNzc1NTJkNWZlLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjEzVDA2MjMxNlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTE3MzMyZjdjZDM5YmE3OGYwMDQ4MmJlZWE0ZmY5ZmQyZWRhN2MzNDVkYzMwZWU1ZWJlOTE0NzVmZmIyZWQxOTQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.eLhJpIEP8iz1abb7bTnSl5R-6AIBOKwZLT6ot2xICjs)