metabase-enterprise.snippet-collections.models.native-query-snippet.permissions

toc

EE implementation of NativeQuerySnippet permissions.

?
(ns metabase-enterprise.snippet-collections.models.native-query-snippet.permissions
  (:require
   [metabase.models.interface :as mi]
   [metabase.models.native-query-snippet.permissions :as snippet.perms]
   [metabase.permissions.models.permissions :as perms]
   [metabase.permissions.util :as perms-util]
   [metabase.premium-features.core :refer [defenterprise]]
   [metabase.util.malli :as mu]
   [metabase.util.malli.schema :as ms]
   [toucan2.core :as t2]))
?
(mu/defn- has-parent-collection-perms?
  [snippet       :- [:map [:collection_id [:maybe ms/PositiveInt]]]
   read-or-write :- [:enum :read :write]]
  (mi/current-user-has-full-permissions? (perms/perms-objects-set-for-parent-collection "snippets" snippet read-or-write)))

Can the current User read this snippet?

?
(defenterprise can-read?
  :feature :snippet-collections
  ([snippet]
   (and
    (not (perms-util/sandboxed-user?))
    (snippet.perms/has-any-native-permissions?)
    (has-parent-collection-perms? snippet :read)))
  ([model id]
   (can-read? (t2/select-one [model :collection_id] :id id))))

Can the current User edit this snippet?

?
(defenterprise can-write?
  :feature :snippet-collections
  ([snippet]
   (and
    (not (perms-util/sandboxed-user?))
    (snippet.perms/has-any-native-permissions?)
    (has-parent-collection-perms? snippet :write)))
  ([model id]
   (can-write? (t2/select-one [model :collection_id] :id id))))

Can the current User save a new Snippet with the values in m?

?
(defenterprise can-create?
  :feature :snippet-collections
  [_model m]
  (and
   (not (perms-util/sandboxed-user?))
   (snippet.perms/has-any-native-permissions?)
   (has-parent-collection-perms? m :write)))

Can the current User apply a map of changes to a snippet?

?
(defenterprise can-update?
  :feature :snippet-collections
  [snippet changes]
  (and
   (not (perms-util/sandboxed-user?))
   (snippet.perms/has-any-native-permissions?)
   (has-parent-collection-perms? snippet :write)
   (or (not (contains? changes :collection_id))
       (has-parent-collection-perms? changes :write))))
 
Generated by Marginalia.  Syntax highlighting provided by Alex Gorbatchev's SyntaxHighlighter