diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomApplicationRepositoryImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomApplicationRepositoryImpl.java index 5444323a07..0c15a60cbd 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomApplicationRepositoryImpl.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomApplicationRepositoryImpl.java @@ -3,18 +3,17 @@ package com.appsmith.server.repositories; import com.appsmith.server.acl.AclPermission; import com.appsmith.server.domains.Application; import com.appsmith.server.domains.QApplication; -import com.appsmith.server.domains.User; import lombok.NonNull; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.mongodb.core.ReactiveMongoOperations; import org.springframework.data.mongodb.core.convert.MongoConverter; import org.springframework.data.mongodb.core.query.Criteria; -import org.springframework.data.mongodb.core.query.Query; -import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; +import java.util.List; + import static org.springframework.data.mongodb.core.query.Criteria.where; @Component @@ -34,33 +33,15 @@ public class CustomApplicationRepositoryImpl extends BaseAppsmithRepositoryImpl< @Override public Mono findByIdAndOrganizationId(String id, String orgId, AclPermission permission) { - return ReactiveSecurityContextHolder.getContext() - .map(ctx -> ctx.getAuthentication()) - .flatMap(auth -> { - User user = (User) auth.getPrincipal(); - Query query = new Query(getIdCriteria(id)); - query.addCriteria(where(fieldName(QApplication.application.organizationId)).is(orgId)); - query.addCriteria(new Criteria().andOperator(notDeleted(), userAcl(user, permission))); + Criteria orgIdCriteria = where(fieldName(QApplication.application.organizationId)).is(orgId); + Criteria idCriteria = getIdCriteria(id); - return mongoOperations.query(Application.class) - .matching(query) - .one(); - }); + return queryOne(List.of(idCriteria, orgIdCriteria), permission); } @Override public Mono findByName(String name, AclPermission permission) { - return ReactiveSecurityContextHolder.getContext() - .map(ctx -> ctx.getAuthentication()) - .map(auth -> auth.getPrincipal()) - .flatMap(principal -> { - User user = (User) principal; - Query query = new Query(where(fieldName(QApplication.application.name)).is(name)); - query.addCriteria(new Criteria().andOperator(notDeleted(), userAcl(user, permission))); - - return mongoOperations.query(Application.class) - .matching(query) - .one(); - }); + Criteria nameCriteria = where(fieldName(QApplication.application.name)).is(name); + return queryOne(List.of(nameCriteria), permission); } } diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomOrganizationRepositoryImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomOrganizationRepositoryImpl.java index e3aa0c95d4..c67bef7a74 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomOrganizationRepositoryImpl.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/repositories/CustomOrganizationRepositoryImpl.java @@ -1,10 +1,9 @@ package com.appsmith.server.repositories; import com.appsmith.server.acl.AclPermission; -import com.appsmith.server.domains.Application; import com.appsmith.server.domains.Organization; -import com.appsmith.server.domains.QApplication; import com.appsmith.server.domains.QOrganization; +import com.appsmith.server.domains.QPlugin; import com.appsmith.server.domains.User; import lombok.extern.slf4j.Slf4j; import org.springframework.data.mongodb.core.ReactiveMongoOperations; @@ -15,6 +14,8 @@ import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; +import java.util.List; + import static org.springframework.data.mongodb.core.query.Criteria.where; @Component @@ -29,35 +30,16 @@ public class CustomOrganizationRepositoryImpl extends BaseAppsmithRepositoryImpl @Override public Mono findByName(String name, AclPermission aclPermission) { log.debug("Going to find organization by Name: {}", name); - return ReactiveSecurityContextHolder.getContext() - .switchIfEmpty(Mono.error(new Exception("Can't find user"))) - .map(ctx -> ctx.getAuthentication()) - .flatMap(auth -> { - User user = (User) auth.getPrincipal(); - Query query = new Query(); - query.addCriteria(where(fieldName(QOrganization.organization.name)).is(name)); - query.addCriteria(new Criteria().andOperator(notDeleted(), userAcl(user, aclPermission))); + Criteria nameCriterita = where(fieldName(QOrganization.organization.name)).is(name); - return mongoOperations.query(Organization.class) - .matching(query) - .one(); - }); + return queryOne(List.of(nameCriterita), aclPermission); } @Override public Mono findByIdAndPluginsPluginId(String organizationId, String pluginId, AclPermission aclPermission) { - return ReactiveSecurityContextHolder.getContext() - .map(ctx -> ctx.getAuthentication()) - .flatMap(auth -> { - User user = (User) auth.getPrincipal(); - Query query = new Query(getIdCriteria(organizationId)); - query.addCriteria(where(fieldName(QOrganization.organization.plugins.any().pluginId)).is(pluginId)); - query.addCriteria(new Criteria().andOperator(notDeleted(), userAcl(user, aclPermission))); - - return mongoOperations.query(Organization.class) - .matching(query) - .one(); - }); + Criteria idCriteria = where(fieldName(QOrganization.organization.id)).is(organizationId); + Criteria pluginIdCriteria = where(fieldName(QOrganization.organization.plugins.any().pluginId)).is(pluginId); + return queryOne(List.of(idCriteria, pluginIdCriteria), aclPermission); } } diff --git a/app/server/appsmith-server/src/test/java/com/appsmith/server/services/UserServiceTest.java b/app/server/appsmith-server/src/test/java/com/appsmith/server/services/UserServiceTest.java index a3162f5872..e979f70d62 100644 --- a/app/server/appsmith-server/src/test/java/com/appsmith/server/services/UserServiceTest.java +++ b/app/server/appsmith-server/src/test/java/com/appsmith/server/services/UserServiceTest.java @@ -9,6 +9,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.security.test.context.support.WithUserDetails; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.junit4.SpringRunner; import reactor.core.publisher.Mono; @@ -28,17 +29,16 @@ public class UserServiceTest { OrganizationService organizationService; Mono userMono; + Mono organizationMono; @Before public void setup() { - userMono = userService.findByEmail("usertest@usertest.com"); organizationMono = organizationService.getByName("Spring Test Organization"); } //Test the update organization flow. - @Test public void updateInvalidUserWithAnything() { User updateUser = new User(); @@ -56,6 +56,7 @@ public class UserServiceTest { } @Test + @WithUserDetails(value = "api_user") public void updateUserWithValidOrganization() { User updateUser = new User(); //Add valid organization id to the updateUser object.