From ef79d5f8476593d9c0647c2247a14fb9c0b2ee56 Mon Sep 17 00:00:00 2001 From: subratadeypappu Date: Tue, 14 Oct 2025 11:17:15 +0600 Subject: [PATCH] chore: Enforce permission while updating instance-config (#41289) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description [Slack Thread](https://theappsmith.slack.com/archives/C03RPDB936Z/p1759920222623799) EE Counterpart PR: https://github.com/appsmithorg/appsmith-ee/pull/8242 Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.All" ### :mag: Cypress test results > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: > Commit: 698d87930627197831d1ec9f89c40a02928d1b28 > Cypress dashboard. > Tags: `@tag.All` > Spec: >
Fri, 10 Oct 2025 15:02:32 UTC ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No ## Summary by CodeRabbit * **Breaking Changes** * Config REST endpoints for fetching/updating by name and ACL-guarded config update paths have been removed; clients relying on those endpoints or permissioned fetch/update should adjust. * **Bug Fixes** * Simplified config access surface to reduce permission-related complexity and potential inconsistencies. --- .../server/controllers/ConfigController.java | 16 -------- .../controllers/ce/ConfigControllerCE.java | 37 ------------------- .../server/services/ce/ConfigServiceCE.java | 8 ---- .../services/ce/ConfigServiceCEImpl.java | 26 ------------- 4 files changed, 87 deletions(-) delete mode 100644 app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ConfigController.java delete mode 100644 app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/ConfigControllerCE.java diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ConfigController.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ConfigController.java deleted file mode 100644 index e9cb086fc4..0000000000 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ConfigController.java +++ /dev/null @@ -1,16 +0,0 @@ -package com.appsmith.server.controllers; - -import com.appsmith.server.constants.Url; -import com.appsmith.server.controllers.ce.ConfigControllerCE; -import com.appsmith.server.services.ConfigService; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; - -@RestController -@RequestMapping(Url.CONFIG_URL) -public class ConfigController extends ConfigControllerCE { - - public ConfigController(ConfigService service) { - super(service); - } -} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/ConfigControllerCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/ConfigControllerCE.java deleted file mode 100644 index a0580ea45b..0000000000 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/ConfigControllerCE.java +++ /dev/null @@ -1,37 +0,0 @@ -package com.appsmith.server.controllers.ce; - -import com.appsmith.external.views.Views; -import com.appsmith.server.constants.Url; -import com.appsmith.server.domains.Config; -import com.appsmith.server.dtos.ResponseDTO; -import com.appsmith.server.services.ConfigService; -import com.fasterxml.jackson.annotation.JsonView; -import org.springframework.http.HttpStatus; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PutMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import reactor.core.publisher.Mono; - -@RequestMapping(Url.CONFIG_URL) -public class ConfigControllerCE { - - private final ConfigService service; - - public ConfigControllerCE(ConfigService service) { - this.service = service; - } - - @JsonView(Views.Public.class) - @GetMapping("/name/{name}") - public Mono> getByName(@PathVariable String name) { - return service.getByName(name).map(resource -> new ResponseDTO<>(HttpStatus.OK, resource)); - } - - @JsonView(Views.Public.class) - @PutMapping("/name/{name}") - public Mono> updateByName(@PathVariable String name, @RequestBody Config config) { - return service.updateByName(config).map(resource -> new ResponseDTO<>(HttpStatus.OK, resource)); - } -} diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCE.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCE.java index 1f4644a5b2..ca64d9a358 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCE.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCE.java @@ -1,8 +1,6 @@ package com.appsmith.server.services.ce; -import com.appsmith.server.acl.AclPermission; import com.appsmith.server.domains.Config; -import com.appsmith.server.domains.User; import reactor.core.publisher.Mono; import java.util.Map; @@ -11,8 +9,6 @@ public interface ConfigServiceCE { Mono getByName(String name); - Mono updateByName(Config config); - Mono save(Config config); Mono save(String name, Map config); @@ -21,10 +17,6 @@ public interface ConfigServiceCE { Mono delete(String name); - Mono getByName(String name, AclPermission permission); - - Mono getByNameAsUser(String name, User user, AclPermission permission); - /** * Get the instance variables from the instance config * @return Map containing the instance variables diff --git a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCEImpl.java b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCEImpl.java index fb544da3b9..8f44fe63ae 100644 --- a/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCEImpl.java +++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCEImpl.java @@ -1,9 +1,7 @@ package com.appsmith.server.services.ce; -import com.appsmith.server.acl.AclPermission; import com.appsmith.server.constants.FieldName; import com.appsmith.server.domains.Config; -import com.appsmith.server.domains.User; import com.appsmith.server.exceptions.AppsmithError; import com.appsmith.server.exceptions.AppsmithException; import com.appsmith.server.repositories.ConfigRepository; @@ -34,20 +32,6 @@ public class ConfigServiceCEImpl implements ConfigServiceCE { Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.CONFIG, name))); } - @Override - public Mono updateByName(Config config) { - final String name = config.getName(); - return repository - .findByName(name) - .switchIfEmpty( - Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.CONFIG, name))) - .flatMap(dbConfig -> { - log.debug("Found config with name: {} and id: {}", name, dbConfig.getId()); - dbConfig.setConfig(config.getConfig()); - return repository.save(dbConfig); - }); - } - @Override public Mono save(Config config) { return repository @@ -85,16 +69,6 @@ public class ConfigServiceCEImpl implements ConfigServiceCE { .flatMap(repository::delete); } - @Override - public Mono getByName(String name, AclPermission permission) { - return repository.findByName(name, permission); - } - - @Override - public Mono getByNameAsUser(String name, User user, AclPermission permission) { - return repository.findByNameAsUser(name, user, permission); - } - @Override public Mono> getInstanceVariables() { return getByName(FieldName.INSTANCE_CONFIG).map(config -> {