From e5282dac1172db818a2c6da4758be8e183cdf5a2 Mon Sep 17 00:00:00 2001 From: Trisha Anand Date: Wed, 17 Jun 2020 17:34:26 +0530 Subject: [PATCH] In case a page is opened in edit mode, it should open with permission of MANAGE_PAGE. In case the user is a viewer, the page must not open. --- .../com/appsmith/server/controllers/PageController.java | 8 ++++++++ .../server/services/ApplicationPageServiceImpl.java | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/PageController.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/PageController.java index e54a6bed9d..c3d76e4bb8 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/PageController.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/PageController.java @@ -56,6 +56,14 @@ public class PageController extends BaseController { .map(resources -> new ResponseDTO<>(HttpStatus.OK.value(), resources, null)); } + @Override + @GetMapping("/{pageId}") + public Mono> getById(@PathVariable String pageId) { + return applicationPageService.getPage(pageId, false) + .map(page -> new ResponseDTO<>(HttpStatus.OK.value(), page, null)); + } + + @GetMapping("/{pageId}/view") public Mono> getPageView(@PathVariable String pageId) { return applicationPageService.getPage(pageId, true) diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationPageServiceImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationPageServiceImpl.java index 24b69f4d03..bea28e1a2f 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationPageServiceImpl.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ApplicationPageServiceImpl.java @@ -118,7 +118,8 @@ public class ApplicationPageServiceImpl implements ApplicationPageService { } public Mono getPage(String pageId, Boolean viewMode) { - return pageService.findById(pageId, READ_PAGES) + AclPermission permission = viewMode ? READ_PAGES : MANAGE_PAGES; + return pageService.findById(pageId, permission) .switchIfEmpty(Mono.error(new AppsmithException(AppsmithError.INVALID_PARAMETER, FieldName.PAGE_ID))) .map(page -> { List layoutList = page.getLayouts();