413 Response too long when updating a collection's permission

[thomas-mannschott]

Describe the bug When trying to update a collection's permission in the Admin panel > Permissions > Collections, I get a 413 Reponse too long (c.f. below for more details). I have a bit more than a hundred user groups and also hundreds of collections. I also have the same issue when calling PUT /api/collection/graph by hand and could not find an endpoint to only update one collection's permission without having to send the whole graph.

Logs

Find below the Request headers of the API call that is being made while trying to save my permission's changes (huge Content-Length which results in the http 413)

Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 1523793
Content-Type: application/json
Host: metabase.alan.com
Origin: https://metabase.alan.com
Referer: https://metabase.alan.com/admin/permissions/collections/1616
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36

To Reproduce Not sure how this can be easily reproductible, I guess you would need to create hundreds of User groups and collections and try to update a collection's permission.

Expected behavior I am able to update my collection's permission using the UI or having an endpoint to do so.

Information about your Metabase Installation:

{
  "browser-info": {
    "language": "en-US",
    "platform": "MacIntel",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36",
    "vendor": "Google Inc."
  },
  "system-info": {
    "file.encoding": "UTF-8",
    "java.runtime.name": "OpenJDK Runtime Environment",
    "java.runtime.version": "11.0.16+8-LTS",
    "java.vendor": "Amazon.com Inc.",
    "java.vendor.url": "https://aws.amazon.com/corretto/",
    "java.version": "11.0.16",
    "java.vm.name": "OpenJDK 64-Bit Server VM",
    "java.vm.version": "11.0.16+8-LTS",
    "os.name": "Linux",
    "os.version": "4.14.294-220.533.amzn2.x86_64",
    "user.language": "en",
    "user.timezone": "UTC"
  },
  "metabase-info": {
    "databases": [
      "postgres",
      "snowflake"
    ],
    "hosting-env": "unknown",
    "application-database": "postgres",
    "application-database-details": {
      "database": {
        "name": "PostgreSQL",
        "version": "12.8"
      },
      "jdbc-driver": {
        "name": "PostgreSQL JDBC Driver",
        "version": "42.3.5"
      }
    },
    "run-mode": "prod",
    "version": {
      "date": "2022-08-04",
      "tag": "v0.44.0",
      "branch": "release-x.44.x",
      "hash": "d3700f5"
    },
    "settings": {
      "report-timezone": null
    }
  }
}

We host Metabase on an EC2 instance with an Internal Postgres database.

Severity This is not extremely severe (just a bit annoying) as I can reduce the number of groups I am working with but it won't match our company's organisation so I'll have to do some workarounds.

[flamber]

Essentially the same as #18377, but leaving this as bug. The error 413 Request Entity Too Large is coming from your Nginx, where you can change the Nginx config from the default 1MB to something larger: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size

[sloansparger]

This will be fixed in the next release (v50.14). The collection permissions page will skip fetching the updated collection permissions graph on save. If you're making use of the API, you can set skip_graph to true in the request body to PUT /api/collection/graph to achieve this.