From 936c013b3b743954a6bc52c690afdeef0639afa8 Mon Sep 17 00:00:00 2001
From: Trisha Anand <trisha@appsmith.com>
Date: Wed, 15 Jul 2020 20:15:10 +0530
Subject: [PATCH] Bug fixes : 401 for public applications + Empty set of
 actions for get in case cookies is anonymous (#104)

* Bug fixes :
1. Get actions in view mode should be open for unauthorized requests. Fixed that.
2. set transient fields in action is called post fetching all the actions (after taking care of all the permissions). At this point, we shouldnt be using permissions to fetch datasource.
---
 .../com/appsmith/server/configurations/SecurityConfig.java   | 2 +-
 .../java/com/appsmith/server/services/ActionServiceImpl.java | 3 +--
 .../java/com/appsmith/server/services/DatasourceService.java | 2 ++
 .../com/appsmith/server/services/DatasourceServiceImpl.java  | 5 +++++
 4 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
index f1341e71bc..609b18de30 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/SecurityConfig.java
@@ -133,7 +133,7 @@ public class SecurityConfig {
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/invite/verify"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.PUT, USER_URL + "/invite/confirm"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, USER_URL + "/me"),
-                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, ACTION_URL),
+                        ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, ACTION_URL + "/**"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, PAGE_URL + "/**"),
                         ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, APPLICATION_URL + "/**"))
                 .permitAll()
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ActionServiceImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ActionServiceImpl.java
index ddee5a57c9..cc745145ce 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ActionServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ActionServiceImpl.java
@@ -62,7 +62,6 @@ import static com.appsmith.server.acl.AclPermission.EXECUTE_DATASOURCES;
 import static com.appsmith.server.acl.AclPermission.MANAGE_DATASOURCES;
 import static com.appsmith.server.acl.AclPermission.MANAGE_PAGES;
 import static com.appsmith.server.acl.AclPermission.READ_ACTIONS;
-import static com.appsmith.server.acl.AclPermission.READ_DATASOURCES;
 import static com.appsmith.server.acl.AclPermission.READ_PAGES;
 
 @Slf4j
@@ -629,7 +628,7 @@ public class ActionServiceImpl extends BaseService<ActionRepository, Action, Str
             if (datasource.getId() != null) {
                 // its a global datasource. Get the datasource from the collection
                 pluginIdUpdateMono = datasourceService
-                        .findById(datasource.getId(), READ_DATASOURCES)
+                        .findById(datasource.getId())
                         .map(datasource1 -> {
                             action.setPluginId(datasource1.getPluginId());
                             return action;
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceService.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceService.java
index c08b718054..d852718283 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceService.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceService.java
@@ -15,6 +15,8 @@ public interface DatasourceService extends CrudService<Datasource, String> {
 
     Mono<Datasource> findById(String id, AclPermission aclPermission);
 
+    Mono<Datasource> findById(String id);
+
     Set<String> extractKeysFromDatasource(Datasource datasource);
 
     Mono<Datasource> validateDatasource(Datasource datasource);
diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceServiceImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceServiceImpl.java
index ceba305988..ceb2fe87d8 100644
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceServiceImpl.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/DatasourceServiceImpl.java
@@ -263,6 +263,11 @@ public class DatasourceServiceImpl extends BaseService<DatasourceRepository, Dat
         return repository.findById(id, aclPermission);
     }
 
+    @Override
+    public Mono<Datasource> findById(String id) {
+        return repository.findById(id);
+    }
+
     @Override
     public Set<String> extractKeysFromDatasource(Datasource datasource) {
         if (datasource.getDatasourceConfiguration() == null) {