From 8014f0bc5d4adef3e0a3648352e59f63537a4dd8 Mon Sep 17 00:00:00 2001 From: Trisha Anand Date: Wed, 30 Aug 2023 09:27:50 +0530 Subject: [PATCH] fix: Using correct permissions on datasource and application during crud page instead of edit permissions (#26746) CRUD Page generation used edit datasource and edit application permissions till now. Updated the same to create page actions and create pages permissions respectively to support custom role creation on BE. Fixes #26738 --- .../solutions/ce/CreateDBTablePageSolutionCEImpl.java | 7 +++++-- .../server/solutions/ce/DatasourcePermissionCE.java | 2 ++ .../server/solutions/ce/DatasourcePermissionCEImpl.java | 5 +++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/CreateDBTablePageSolutionCEImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/CreateDBTablePageSolutionCEImpl.java index e23fdd1035..cb9bb46437 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/CreateDBTablePageSolutionCEImpl.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/CreateDBTablePageSolutionCEImpl.java @@ -226,7 +226,7 @@ public class CreateDBTablePageSolutionCEImpl implements CreateDBTablePageSolutio Mono pageMono = getOrCreatePage(defaultApplicationId, defaultPageId, tableName, branchName); Mono datasourceStorageMono = datasourceService - .findById(datasourceId, datasourcePermission.getEditPermission()) + .findById(datasourceId, datasourcePermission.getActionCreatePermission()) .switchIfEmpty(Mono.error( new AppsmithException(AppsmithError.ACL_NO_RESOURCE_FOUND, FieldName.DATASOURCE, datasourceId))) .flatMap(datasource -> datasourceStorageService.findByDatasourceAndEnvironmentIdForExecution( @@ -495,7 +495,10 @@ public class CreateDBTablePageSolutionCEImpl implements CreateDBTablePageSolutio } return applicationService - .findBranchedApplicationId(branchName, defaultApplicationId, applicationPermission.getEditPermission()) + .findBranchedApplicationId( + branchName, defaultApplicationId, applicationPermission.getPageCreatePermission()) + .switchIfEmpty(Mono.error(new AppsmithException( + AppsmithError.NO_RESOURCE_FOUND, FieldName.APPLICATION, defaultApplicationId))) .flatMapMany(childApplicationId -> newPageService.findByApplicationId( childApplicationId, pagePermission.getEditPermission(), false)) .collectList() diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCE.java index aef64682e9..317baaa97c 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCE.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCE.java @@ -6,4 +6,6 @@ public interface DatasourcePermissionCE { AclPermission getDeletePermission(); AclPermission getExecutePermission(); + + AclPermission getActionCreatePermission(); } diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCEImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCEImpl.java index 965cc6040e..5b2d64516c 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCEImpl.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/solutions/ce/DatasourcePermissionCEImpl.java @@ -22,4 +22,9 @@ public class DatasourcePermissionCEImpl implements DatasourcePermissionCE, Domai public AclPermission getExecutePermission() { return AclPermission.EXECUTE_DATASOURCES; } + + @Override + public AclPermission getActionCreatePermission() { + return AclPermission.MANAGE_DATASOURCES; + } }