Bug Fix : When role changes from developer to admin, the user was not being given make application public permission for the application (#302)

* During add role to an organziation, the application was only inheriting from subset of the organization permissions. Generalized this code to ensure that this doesnt happen again in the future when more permissions are introduced. Refactored some code as well.
2020-08-13 18:53:00 +05:30 · 2020-08-13 18:53:00 +05:30 · 52e7ed4f02
commit 52e7ed4f02
parent 1b09c02f2e
5 changed files with 27 additions and 62 deletions
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/PolicyGenerator.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/acl/PolicyGenerator.java
@ -176,11 +176,11 @@ public class PolicyGenerator {
        return childPolicySet;
    }

-    public Set<Policy> getAllChildPolicies(Set<Policy> policySet, Class inheritingEntity, Class destinationEntity) {
+    public Set<Policy> getAllChildPolicies(Set<Policy> policySet, Class sourceEntity, Class destinationEntity) {
        Set<Policy> policies = policySet.stream()
                .map(policy -> {
                    AclPermission aclPermission = AclPermission
-                            .getPermissionByValue(policy.getPermission(), inheritingEntity);
+                            .getPermissionByValue(policy.getPermission(), sourceEntity);
                    // Get all the child policies for the given policy and aclPermission
                    return getChildPolicies(policy, aclPermission, destinationEntity);
                }).flatMap(Collection::stream)
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/PolicyUtils.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/PolicyUtils.java
@ -7,7 +7,6 @@ import com.appsmith.server.acl.PolicyGenerator;
 import com.appsmith.server.domains.Action;
 import com.appsmith.server.domains.Application;
 import com.appsmith.server.domains.Datasource;
-import com.appsmith.server.domains.Organization;
 import com.appsmith.server.domains.Page;
 import com.appsmith.server.domains.User;
 import com.appsmith.server.repositories.ActionRepository;
@ -27,13 +26,6 @@ import java.util.Set;
 import java.util.function.Function;
 import java.util.stream.Collectors;

-import static com.appsmith.server.acl.AclPermission.MANAGE_APPLICATIONS;
-import static com.appsmith.server.acl.AclPermission.MANAGE_PAGES;
-import static com.appsmith.server.acl.AclPermission.ORGANIZATION_MANAGE_APPLICATIONS;
-import static com.appsmith.server.acl.AclPermission.ORGANIZATION_READ_APPLICATIONS;
-import static com.appsmith.server.acl.AclPermission.READ_APPLICATIONS;
-import static com.appsmith.server.acl.AclPermission.READ_PAGES;
-
@Component
 public class PolicyUtils {

@ -148,18 +140,6 @@ public class PolicyUtils {
                .collect(Collectors.toMap(Policy::getPermission, Function.identity()));
    }

-    public Map<String, Policy> generateChildrenPoliciesFromOrganizationPolicies(Map<String, Policy> orgPolicyMap, Class destinationEntity) {
-        Set<Policy> extractedInterestingPolicySet = new HashSet<>(orgPolicyMap.values())
-                .stream()
-                .filter(policy -> policy.getPermission().equals(ORGANIZATION_MANAGE_APPLICATIONS.getValue())
-                        || policy.getPermission().equals(ORGANIZATION_READ_APPLICATIONS.getValue()))
-                .collect(Collectors.toSet());
-
-        return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, Organization.class, destinationEntity)
-                .stream()
-                .collect(Collectors.toMap(Policy::getPermission, Function.identity()));
-    }
-
    public Flux<Datasource> updateWithNewPoliciesToDatasourcesByOrgId(String orgId, Map<String, Policy> newPoliciesMap, boolean addPolicyToObject) {

        return datasourceRepository
@ -194,18 +174,6 @@ public class PolicyUtils {
                .flatMapMany(updatedApplications -> applicationRepository.saveAll(updatedApplications));
    }

-    public Map<String, Policy> generatePagePoliciesFromApplicationPolicies(Map<String, Policy> applicationPolicyMap) {
-        Set<Policy> extractedInterestingPolicySet = new HashSet<>(applicationPolicyMap.values())
-                .stream()
-                .filter(policy -> policy.getPermission().equals(MANAGE_APPLICATIONS.getValue())
-                        || policy.getPermission().equals(READ_APPLICATIONS.getValue()))
-                .collect(Collectors.toSet());
-
-        return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, Application.class, Page.class)
-                .stream()
-                .collect(Collectors.toMap(Policy::getPermission, Function.identity()));
-    }
-
    public Flux<Page> updateWithApplicationPermissionsToAllItsPages(String applicationId, Map<String, Policy> newPagePoliciesMap, boolean addPolicyToObject) {

        return pageRepository
@ -222,18 +190,6 @@ public class PolicyUtils {
                .flatMapMany(updatedPages -> pageRepository.saveAll(updatedPages));
    }

-    public Map<String, Policy> generateActionPoliciesFromPagePolicies(Map<String, Policy> pagePolicyMap) {
-        Set<Policy> extractedInterestingPolicySet = new HashSet<>(pagePolicyMap.values())
-                .stream()
-                .filter(policy -> policy.getPermission().equals(MANAGE_PAGES.getValue())
-                        || policy.getPermission().equals(READ_PAGES.getValue()))
-                .collect(Collectors.toSet());
-
-        return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, Page.class, Action.class)
-                .stream()
-                .collect(Collectors.toMap(Policy::getPermission, Function.identity()));
-    }
-
    public Flux<Action> updateWithPagePermissionsToAllItsActions(String pageId, Map<String, Policy> newActionPoliciesMap, boolean addPolicyToObject) {

        return actionRepository
@ -255,4 +211,14 @@ public class PolicyUtils {
                .collectList()
                .flatMapMany(updatedActions -> actionRepository.saveAll(updatedActions));
    }
+
+    public Map<String, Policy> generateInheritedPoliciesFromSourcePolicies(Map<String, Policy> sourcePolicyMap,
+                                                                           Class sourceEntity,
+                                                                           Class destinationEntity) {
+        Set<Policy> extractedInterestingPolicySet = new HashSet<>(sourcePolicyMap.values());
+
+        return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, sourceEntity, destinationEntity)
+                .stream()
+                .collect(Collectors.toMap(Policy::getPermission, Function.identity()));
+    }
 }
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationServiceImpl.java
@ -213,8 +213,8 @@ public class ApplicationServiceImpl extends BaseService<ApplicationRepository, A
        user.setIsAnonymous(true);

        Map<String, Policy> applicationPolicyMap = policyUtils.generatePolicyFromPermission(Set.of(applicationPermission), user);
-        Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap);
-        Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap);
+        Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
+        Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);
        Map<String, Policy> datasourcePolicyMap = policyUtils.generatePolicyFromPermission(Set.of(datasourcePermission), user);

        Flux<Page> updatedPagesFlux = policyUtils.updateWithApplicationPermissionsToAllItsPages(application.getId(), pagePolicyMap, isPublic);
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserOrganizationServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserOrganizationServiceImpl.java
@ -152,10 +152,10 @@ public class UserOrganizationServiceImpl implements UserOrganizationService {
        // Generate all the policies for Organization, Application, Page and Actions for the current user
        Set<AclPermission> rolePermissions = role.getPermissions();
        Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermission(rolePermissions, user);
-        Map<String, Policy> applicationPolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Application.class);
-        Map<String, Policy> datasourcePolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Datasource.class);
-        Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap);
-        Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap);
+        Map<String, Policy> applicationPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Application.class);
+        Map<String, Policy> datasourcePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Datasource.class);
+        Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
+        Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);

        //Now update the organization policies
        Organization updatedOrganization = policyUtils.addPoliciesToExistingObject(orgPolicyMap, organization);
@ -215,10 +215,10 @@ public class UserOrganizationServiceImpl implements UserOrganizationService {
        // Generate all the policies for Organization, Application, Page and Actions
        Set<AclPermission> rolePermissions = role.getPermissions();
        Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermission(rolePermissions, user);
-        Map<String, Policy> applicationPolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Application.class);
-        Map<String, Policy> datasourcePolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Datasource.class);
-        Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap);
-        Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap);
+        Map<String, Policy> applicationPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Application.class);
+        Map<String, Policy> datasourcePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Datasource.class);
+        Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
+        Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);

        //Now update the organization policies
        Organization updatedOrganization = policyUtils.removePoliciesFromExistingObject(orgPolicyMap, organization);
@ -333,10 +333,10 @@ public class UserOrganizationServiceImpl implements UserOrganizationService {
        // Generate all the policies for Organization, Application, Page and Actions for the current user
        Set<AclPermission> rolePermissions = role.getPermissions();
        Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermissionForMultipleUsers(rolePermissions, users);
-        Map<String, Policy> applicationPolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Application.class);
-        Map<String, Policy> datasourcePolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Datasource.class);
-        Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap);
-        Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap);
+        Map<String, Policy> applicationPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Application.class);
+        Map<String, Policy> datasourcePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Datasource.class);
+        Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
+        Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);

        //Now update the organization policies
        Organization updatedOrganization = (Organization) policyUtils.addPoliciesToExistingObject(orgPolicyMap, organization);
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java
@ -282,8 +282,7 @@ public class UserServiceImpl extends BaseService<UserRepository, User, String> i
                            .findByEmail(user.getEmail())
                            .switchIfEmpty(Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, "token", token)))
                            .flatMap(passwordResetTokenRepository::delete)
-                            .thenReturn(userFromDb)
-                            .flatMap(repository::save)
+                            .then(repository.save(userFromDb))
                            .thenReturn(true);
                });
    }