Allow app-viewers to invite others as app-viewers (#2961)
* Allow app-viewers to invite others as app-viewers * Fix description for new permissions * Migration for setting invite policy for app viewers
This commit is contained in:
Shrikant Sharat Kandula
GitHub
parent
4870c0d743
commit
8440d4e4e3
|
|
@ -23,7 +23,12 @@ public enum AppsmithRole {
|
|||
Set.of(MANAGE_ORGANIZATIONS, ORGANIZATION_INVITE_USERS)),
|
||||
ORGANIZATION_DEVELOPER("Developer", "Can edit and view applications along with inviting other users to the organization", Set.of(READ_ORGANIZATIONS,
|
||||
ORGANIZATION_MANAGE_APPLICATIONS, ORGANIZATION_READ_APPLICATIONS, ORGANIZATION_PUBLISH_APPLICATIONS, ORGANIZATION_INVITE_USERS)),
|
||||
ORGANIZATION_VIEWER("App Viewer", "Can only view applications", Set.of(READ_ORGANIZATIONS, ORGANIZATION_READ_APPLICATIONS));
|
||||
ORGANIZATION_VIEWER(
|
||||
"App Viewer",
|
||||
"Can view applications and invite other users to view applications",
|
||||
Set.of(READ_ORGANIZATIONS, ORGANIZATION_READ_APPLICATIONS, ORGANIZATION_INVITE_USERS)
|
||||
),
|
||||
;
|
||||
|
||||
private Set<AclPermission> permissions;
|
||||
private String name;
|
||||
|
|
|
|||
|
|
@ -26,11 +26,13 @@ import com.appsmith.server.domains.Plugin;
|
|||
import com.appsmith.server.domains.PluginType;
|
||||
import com.appsmith.server.domains.QApplication;
|
||||
import com.appsmith.server.domains.QDatasource;
|
||||
import com.appsmith.server.domains.QOrganization;
|
||||
import com.appsmith.server.domains.QPlugin;
|
||||
import com.appsmith.server.domains.Role;
|
||||
import com.appsmith.server.domains.Sequence;
|
||||
import com.appsmith.server.domains.User;
|
||||
import com.appsmith.server.domains.UserData;
|
||||
import com.appsmith.server.domains.UserRole;
|
||||
import com.appsmith.server.dtos.ActionDTO;
|
||||
import com.appsmith.server.dtos.DslActionDTO;
|
||||
import com.appsmith.server.dtos.OrganizationPluginStatus;
|
||||
|
|
@ -60,6 +62,7 @@ import org.springframework.data.mongodb.core.index.CompoundIndexDefinition;
|
|||
import org.springframework.data.mongodb.core.index.Index;
|
||||
import org.springframework.data.mongodb.core.index.IndexOperations;
|
||||
import org.springframework.data.mongodb.core.query.Criteria;
|
||||
import org.springframework.data.mongodb.core.query.Update;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
import org.springframework.util.StreamUtils;
|
||||
|
||||
|
|
@ -1637,4 +1640,30 @@ public class DatabaseChangelog {
|
|||
|
||||
installPluginToAllOrganizations(mongoTemplate, plugin.getId());
|
||||
}
|
||||
|
||||
@ChangeSet(order = "052", id = "add-app-viewer-invite-policy", author = "")
|
||||
public void addAppViewerInvitePolicy(MongoTemplate mongoTemplate) {
|
||||
final List<Organization> organizations = mongoTemplate.find(
|
||||
query(new Criteria().andOperator(
|
||||
where(fieldName(QOrganization.organization.userRoles) + ".role").is(AppsmithRole.ORGANIZATION_VIEWER.name())
|
||||
)),
|
||||
Organization.class
|
||||
);
|
||||
|
||||
for (final Organization org : organizations) {
|
||||
final Set<String> viewers = org.getUserRoles().stream()
|
||||
.filter(role -> AppsmithRole.ORGANIZATION_VIEWER == role.getRole())
|
||||
.map(UserRole::getUsername)
|
||||
.collect(Collectors.toSet());
|
||||
mongoTemplate.updateFirst(
|
||||
query(new Criteria().andOperator(
|
||||
where(fieldName(QOrganization.organization.id)).is(org.getId()),
|
||||
where(fieldName(QOrganization.organization.policies) + ".permission").is(ORGANIZATION_INVITE_USERS.getValue())
|
||||
)),
|
||||
new Update().addToSet("policies.$.users").each(viewers.toArray()),
|
||||
Organization.class
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user