fix: For a public app, do not export the default permission group (#16409)

* For a public app, do not export the default permission group * Adding test to assert that exported application JSON is not public.
2022-08-31 10:44:32 +05:30 · 2022-08-31 10:44:32 +05:30 · 0163c22003
commit 0163c22003
parent 4c9484935b
2 changed files with 34 additions and 0 deletions
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/Application.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/Application.java
@ -192,6 +192,7 @@ public class Application extends BaseDomain {
        this.setServerSchemaVersion(null);
        this.setIsManualUpdate(false);
        this.sanitiseToExportBaseObject();
+        this.setDefaultPermissionGroup(null);
    }

    public List<ApplicationPage> getPages() {
--- a/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ImportExportApplicationServiceTests.java
+++ b/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ImportExportApplicationServiceTests.java
@ -106,6 +106,7 @@ import static com.appsmith.server.acl.AclPermission.MANAGE_PAGES;
 import static com.appsmith.server.acl.AclPermission.READ_ACTIONS;
 import static com.appsmith.server.acl.AclPermission.READ_APPLICATIONS;
 import static com.appsmith.server.acl.AclPermission.READ_PAGES;
+import static com.appsmith.server.acl.AclPermission.READ_WORKSPACES;
 import static com.appsmith.server.constants.FieldName.DEFAULT_PAGE_LAYOUT;
 import static org.assertj.core.api.Assertions.assertThat;

@ -292,6 +293,38 @@ public class ImportExportApplicationServiceTests {
            .verify();
    }

+    @Test
+    @WithUserDetails(value = "api_user")
+    public void exportPublicApplicationTest() {
+
+        Application application = new Application();
+        application.setName("exportPublicApplicationTest-Test");
+
+        Application createdApplication = applicationPageService.createApplication(application, workspaceId).block();
+
+        Mono<Workspace> workspaceResponse = workspaceService.findById(workspaceId, READ_WORKSPACES);
+
+        ApplicationAccessDTO applicationAccessDTO = new ApplicationAccessDTO();
+        applicationAccessDTO.setPublicAccess(true);
+
+        // Make the application public
+        applicationService.changeViewAccess(createdApplication.getId(), applicationAccessDTO).block();
+
+        Mono<ApplicationJson> resultMono =
+                importExportApplicationService.exportApplicationById(createdApplication.getId(), "");
+
+        StepVerifier
+                .create(resultMono)
+                .assertNext(applicationJson -> {
+                    Application exportedApplication = applicationJson.getExportedApplication();
+                    assertThat(exportedApplication).isNotNull();
+                    // Assert that the exported application is NOT public
+                    assertThat(exportedApplication.getDefaultPermissionGroup()).isNull();
+                    assertThat(exportedApplication.getPolicies()).isNullOrEmpty();
+                })
+                .verifyComplete();
+    }
+
    @Test
    @WithUserDetails(value = "api_user")
    public void exportApplication_withInvalidApplicationId_throwNoResourceFoundException() {