Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Bug Fix : When role changes from developer to admin, the user was not being given make application public permission for the application (#302)

Browse Source 
* During add role to an organziation, the application was only inheriting from subset of the organization permissions. Generalized this code to ensure that this doesnt happen again in the future when more permissions are introduced. Refactored some code as well.
This commit is contained in:
Trisha Anand 2020-08-13 18:53:00 +05:30 committed by GitHub
parent 1b09c02f2e
commit 52e7ed4f02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/server/appsmith-server/src/main/java/com/appsmith/server/acl/PolicyGenerator.java
View File

@ -176,11 +176,11 @@ public class PolicyGenerator {
return childPolicySet; return childPolicySet;
} }
public Set<Policy> getAllChildPolicies(Set<Policy> policySet, Class inheritingEntity, Class destinationEntity) { public Set<Policy> getAllChildPolicies(Set<Policy> policySet, Class sourceEntity, Class destinationEntity) {
Set<Policy> policies = policySet.stream() Set<Policy> policies = policySet.stream()
.map(policy -> { .map(policy -> {
AclPermission aclPermission = AclPermission AclPermission aclPermission = AclPermission
.getPermissionByValue(policy.getPermission(), inheritingEntity); .getPermissionByValue(policy.getPermission(), sourceEntity);
// Get all the child policies for the given policy and aclPermission // Get all the child policies for the given policy and aclPermission
return getChildPolicies(policy, aclPermission, destinationEntity); return getChildPolicies(policy, aclPermission, destinationEntity);
}).flatMap(Collection::stream) }).flatMap(Collection::stream)

54
app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/PolicyUtils.java
View File

@ -7,7 +7,6 @@ import com.appsmith.server.acl.PolicyGenerator;
import com.appsmith.server.domains.Action; import com.appsmith.server.domains.Action;
import com.appsmith.server.domains.Application; import com.appsmith.server.domains.Application;
import com.appsmith.server.domains.Datasource; import com.appsmith.server.domains.Datasource;
import com.appsmith.server.domains.Organization;
import com.appsmith.server.domains.Page; import com.appsmith.server.domains.Page;
import com.appsmith.server.domains.User; import com.appsmith.server.domains.User;
import com.appsmith.server.repositories.ActionRepository; import com.appsmith.server.repositories.ActionRepository;
@ -27,13 +26,6 @@ import java.util.Set;
import java.util.function.Function; import java.util.function.Function;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static com.appsmith.server.acl.AclPermission.MANAGE_APPLICATIONS;
import static com.appsmith.server.acl.AclPermission.MANAGE_PAGES;
import static com.appsmith.server.acl.AclPermission.ORGANIZATION_MANAGE_APPLICATIONS;
import static com.appsmith.server.acl.AclPermission.ORGANIZATION_READ_APPLICATIONS;
import static com.appsmith.server.acl.AclPermission.READ_APPLICATIONS;
import static com.appsmith.server.acl.AclPermission.READ_PAGES;
@Component @Component
public class PolicyUtils { public class PolicyUtils {
@ -148,18 +140,6 @@ public class PolicyUtils {
.collect(Collectors.toMap(Policy::getPermission, Function.identity())); .collect(Collectors.toMap(Policy::getPermission, Function.identity()));
} }
public Map<String, Policy> generateChildrenPoliciesFromOrganizationPolicies(Map<String, Policy> orgPolicyMap, Class destinationEntity) {
Set<Policy> extractedInterestingPolicySet = new HashSet<>(orgPolicyMap.values())
.stream()
.filter(policy -> policy.getPermission().equals(ORGANIZATION_MANAGE_APPLICATIONS.getValue())
|| policy.getPermission().equals(ORGANIZATION_READ_APPLICATIONS.getValue()))
.collect(Collectors.toSet());
return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, Organization.class, destinationEntity)
.stream()
.collect(Collectors.toMap(Policy::getPermission, Function.identity()));
}
public Flux<Datasource> updateWithNewPoliciesToDatasourcesByOrgId(String orgId, Map<String, Policy> newPoliciesMap, boolean addPolicyToObject) { public Flux<Datasource> updateWithNewPoliciesToDatasourcesByOrgId(String orgId, Map<String, Policy> newPoliciesMap, boolean addPolicyToObject) {
return datasourceRepository return datasourceRepository
@ -194,18 +174,6 @@ public class PolicyUtils {
.flatMapMany(updatedApplications -> applicationRepository.saveAll(updatedApplications)); .flatMapMany(updatedApplications -> applicationRepository.saveAll(updatedApplications));
} }
public Map<String, Policy> generatePagePoliciesFromApplicationPolicies(Map<String, Policy> applicationPolicyMap) {
Set<Policy> extractedInterestingPolicySet = new HashSet<>(applicationPolicyMap.values())
.stream()
.filter(policy -> policy.getPermission().equals(MANAGE_APPLICATIONS.getValue())
|| policy.getPermission().equals(READ_APPLICATIONS.getValue()))
.collect(Collectors.toSet());
return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, Application.class, Page.class)
.stream()
.collect(Collectors.toMap(Policy::getPermission, Function.identity()));
}
public Flux<Page> updateWithApplicationPermissionsToAllItsPages(String applicationId, Map<String, Policy> newPagePoliciesMap, boolean addPolicyToObject) { public Flux<Page> updateWithApplicationPermissionsToAllItsPages(String applicationId, Map<String, Policy> newPagePoliciesMap, boolean addPolicyToObject) {
return pageRepository return pageRepository
@ -222,18 +190,6 @@ public class PolicyUtils {
.flatMapMany(updatedPages -> pageRepository.saveAll(updatedPages)); .flatMapMany(updatedPages -> pageRepository.saveAll(updatedPages));
} }
public Map<String, Policy> generateActionPoliciesFromPagePolicies(Map<String, Policy> pagePolicyMap) {
Set<Policy> extractedInterestingPolicySet = new HashSet<>(pagePolicyMap.values())
.stream()
.filter(policy -> policy.getPermission().equals(MANAGE_PAGES.getValue())
|| policy.getPermission().equals(READ_PAGES.getValue()))
.collect(Collectors.toSet());
return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, Page.class, Action.class)
.stream()
.collect(Collectors.toMap(Policy::getPermission, Function.identity()));
}
public Flux<Action> updateWithPagePermissionsToAllItsActions(String pageId, Map<String, Policy> newActionPoliciesMap, boolean addPolicyToObject) { public Flux<Action> updateWithPagePermissionsToAllItsActions(String pageId, Map<String, Policy> newActionPoliciesMap, boolean addPolicyToObject) {
return actionRepository return actionRepository
@ -255,4 +211,14 @@ public class PolicyUtils {
.collectList() .collectList()
.flatMapMany(updatedActions -> actionRepository.saveAll(updatedActions)); .flatMapMany(updatedActions -> actionRepository.saveAll(updatedActions));
} }
public Map<String, Policy> generateInheritedPoliciesFromSourcePolicies(Map<String, Policy> sourcePolicyMap,
Class sourceEntity,
Class destinationEntity) {
Set<Policy> extractedInterestingPolicySet = new HashSet<>(sourcePolicyMap.values());
return policyGenerator.getAllChildPolicies(extractedInterestingPolicySet, sourceEntity, destinationEntity)
.stream()
.collect(Collectors.toMap(Policy::getPermission, Function.identity()));
}
} }

4
app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationServiceImpl.java
View File

@ -213,8 +213,8 @@ public class ApplicationServiceImpl extends BaseService<ApplicationRepository, A
user.setIsAnonymous(true); user.setIsAnonymous(true);
Map<String, Policy> applicationPolicyMap = policyUtils.generatePolicyFromPermission(Set.of(applicationPermission), user); Map<String, Policy> applicationPolicyMap = policyUtils.generatePolicyFromPermission(Set.of(applicationPermission), user);
Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap); Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap); Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);
Map<String, Policy> datasourcePolicyMap = policyUtils.generatePolicyFromPermission(Set.of(datasourcePermission), user); Map<String, Policy> datasourcePolicyMap = policyUtils.generatePolicyFromPermission(Set.of(datasourcePermission), user);
Flux<Page> updatedPagesFlux = policyUtils.updateWithApplicationPermissionsToAllItsPages(application.getId(), pagePolicyMap, isPublic); Flux<Page> updatedPagesFlux = policyUtils.updateWithApplicationPermissionsToAllItsPages(application.getId(), pagePolicyMap, isPublic);

24
app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserOrganizationServiceImpl.java
View File

@ -152,10 +152,10 @@ public class UserOrganizationServiceImpl implements UserOrganizationService {
// Generate all the policies for Organization, Application, Page and Actions for the current user // Generate all the policies for Organization, Application, Page and Actions for the current user
Set<AclPermission> rolePermissions = role.getPermissions(); Set<AclPermission> rolePermissions = role.getPermissions();
Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermission(rolePermissions, user); Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermission(rolePermissions, user);
Map<String, Policy> applicationPolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Application.class); Map<String, Policy> applicationPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Application.class);
Map<String, Policy> datasourcePolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Datasource.class); Map<String, Policy> datasourcePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Datasource.class);
Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap); Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap); Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);
//Now update the organization policies //Now update the organization policies
Organization updatedOrganization = policyUtils.addPoliciesToExistingObject(orgPolicyMap, organization); Organization updatedOrganization = policyUtils.addPoliciesToExistingObject(orgPolicyMap, organization);
@ -215,10 +215,10 @@ public class UserOrganizationServiceImpl implements UserOrganizationService {
// Generate all the policies for Organization, Application, Page and Actions // Generate all the policies for Organization, Application, Page and Actions
Set<AclPermission> rolePermissions = role.getPermissions(); Set<AclPermission> rolePermissions = role.getPermissions();
Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermission(rolePermissions, user); Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermission(rolePermissions, user);
Map<String, Policy> applicationPolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Application.class); Map<String, Policy> applicationPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Application.class);
Map<String, Policy> datasourcePolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Datasource.class); Map<String, Policy> datasourcePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Datasource.class);
Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap); Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap); Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);
//Now update the organization policies //Now update the organization policies
Organization updatedOrganization = policyUtils.removePoliciesFromExistingObject(orgPolicyMap, organization); Organization updatedOrganization = policyUtils.removePoliciesFromExistingObject(orgPolicyMap, organization);
@ -333,10 +333,10 @@ public class UserOrganizationServiceImpl implements UserOrganizationService {
// Generate all the policies for Organization, Application, Page and Actions for the current user // Generate all the policies for Organization, Application, Page and Actions for the current user
Set<AclPermission> rolePermissions = role.getPermissions(); Set<AclPermission> rolePermissions = role.getPermissions();
Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermissionForMultipleUsers(rolePermissions, users); Map<String, Policy> orgPolicyMap = policyUtils.generatePolicyFromPermissionForMultipleUsers(rolePermissions, users);
Map<String, Policy> applicationPolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Application.class); Map<String, Policy> applicationPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Application.class);
Map<String, Policy> datasourcePolicyMap = policyUtils.generateChildrenPoliciesFromOrganizationPolicies(orgPolicyMap, Datasource.class); Map<String, Policy> datasourcePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(orgPolicyMap, Organization.class, Datasource.class);
Map<String, Policy> pagePolicyMap = policyUtils.generatePagePoliciesFromApplicationPolicies(applicationPolicyMap); Map<String, Policy> pagePolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(applicationPolicyMap, Application.class, Page.class);
Map<String, Policy> actionPolicyMap = policyUtils.generateActionPoliciesFromPagePolicies(pagePolicyMap); Map<String, Policy> actionPolicyMap = policyUtils.generateInheritedPoliciesFromSourcePolicies(pagePolicyMap, Page.class, Action.class);
//Now update the organization policies //Now update the organization policies
Organization updatedOrganization = (Organization) policyUtils.addPoliciesToExistingObject(orgPolicyMap, organization); Organization updatedOrganization = (Organization) policyUtils.addPoliciesToExistingObject(orgPolicyMap, organization);

3
app/server/appsmith-server/src/main/java/com/appsmith/server/services/UserServiceImpl.java
View File

@ -282,8 +282,7 @@ public class UserServiceImpl extends BaseService<UserRepository, User, String> i
.findByEmail(user.getEmail()) .findByEmail(user.getEmail())
.switchIfEmpty(Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, "token", token))) .switchIfEmpty(Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, "token", token)))
.flatMap(passwordResetTokenRepository::delete) .flatMap(passwordResetTokenRepository::delete)
.thenReturn(userFromDb) .then(repository.save(userFromDb))
.flatMap(repository::save)
.thenReturn(true); .thenReturn(true);
}); });
} }