From 0163c220031dfa4d08cad31e5cbc187330c18386 Mon Sep 17 00:00:00 2001 From: Trisha Anand Date: Wed, 31 Aug 2022 10:44:32 +0530 Subject: [PATCH] fix: For a public app, do not export the default permission group (#16409) * For a public app, do not export the default permission group * Adding test to assert that exported application JSON is not public. --- .../appsmith/server/domains/Application.java | 1 + .../ImportExportApplicationServiceTests.java | 33 +++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/Application.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/Application.java index 9a10a803d7..c474b4c66e 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/Application.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/domains/Application.java @@ -192,6 +192,7 @@ public class Application extends BaseDomain { this.setServerSchemaVersion(null); this.setIsManualUpdate(false); this.sanitiseToExportBaseObject(); + this.setDefaultPermissionGroup(null); } public List getPages() { diff --git a/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ImportExportApplicationServiceTests.java b/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ImportExportApplicationServiceTests.java index 5977c14c7b..8c1ff3724f 100644 --- a/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ImportExportApplicationServiceTests.java +++ b/app/server/appsmith-server/src/test/java/com/appsmith/server/solutions/ImportExportApplicationServiceTests.java @@ -106,6 +106,7 @@ import static com.appsmith.server.acl.AclPermission.MANAGE_PAGES; import static com.appsmith.server.acl.AclPermission.READ_ACTIONS; import static com.appsmith.server.acl.AclPermission.READ_APPLICATIONS; import static com.appsmith.server.acl.AclPermission.READ_PAGES; +import static com.appsmith.server.acl.AclPermission.READ_WORKSPACES; import static com.appsmith.server.constants.FieldName.DEFAULT_PAGE_LAYOUT; import static org.assertj.core.api.Assertions.assertThat; @@ -292,6 +293,38 @@ public class ImportExportApplicationServiceTests { .verify(); } + @Test + @WithUserDetails(value = "api_user") + public void exportPublicApplicationTest() { + + Application application = new Application(); + application.setName("exportPublicApplicationTest-Test"); + + Application createdApplication = applicationPageService.createApplication(application, workspaceId).block(); + + Mono workspaceResponse = workspaceService.findById(workspaceId, READ_WORKSPACES); + + ApplicationAccessDTO applicationAccessDTO = new ApplicationAccessDTO(); + applicationAccessDTO.setPublicAccess(true); + + // Make the application public + applicationService.changeViewAccess(createdApplication.getId(), applicationAccessDTO).block(); + + Mono resultMono = + importExportApplicationService.exportApplicationById(createdApplication.getId(), ""); + + StepVerifier + .create(resultMono) + .assertNext(applicationJson -> { + Application exportedApplication = applicationJson.getExportedApplication(); + assertThat(exportedApplication).isNotNull(); + // Assert that the exported application is NOT public + assertThat(exportedApplication.getDefaultPermissionGroup()).isNull(); + assertThat(exportedApplication.getPolicies()).isNullOrEmpty(); + }) + .verifyComplete(); + } + @Test @WithUserDetails(value = "api_user") public void exportApplication_withInvalidApplicationId_throwNoResourceFoundException() {