Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

chore: Enforce permission while updating instance-config (#41289)

Browse Source 
## Description
[Slack
Thread](https://theappsmith.slack.com/archives/C03RPDB936Z/p1759920222623799)
EE Counterpart PR: https://github.com/appsmithorg/appsmith-ee/pull/8242


Fixes #`Issue Number`  
_or_  
Fixes `Issue URL`
> [!WARNING]  
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._

## Automation

/ok-to-test tags="@tag.All"

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/18408366993>
> Commit: 698d87930627197831d1ec9f89c40a02928d1b28
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=18408366993&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Fri, 10 Oct 2025 15:02:32 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Breaking Changes**
* Config REST endpoints for fetching/updating by name and ACL-guarded
config update paths have been removed; clients relying on those
endpoints or permissioned fetch/update should adjust.

* **Bug Fixes**
* Simplified config access surface to reduce permission-related
complexity and potential inconsistencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This commit is contained in:
subratadeypappu 2025-10-14 11:17:15 +06:00 committed by GitHub
parent 7711058ce3
commit ef79d5f847
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 0 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ConfigController.java
View File

@ -1,16 +0,0 @@
package com.appsmith.server.controllers;
import com.appsmith.server.constants.Url;
import com.appsmith.server.controllers.ce.ConfigControllerCE;
import com.appsmith.server.services.ConfigService;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping(Url.CONFIG_URL)
public class ConfigController extends ConfigControllerCE {
public ConfigController(ConfigService service) {
super(service);
}
}

37
app/server/appsmith-server/src/main/java/com/appsmith/server/controllers/ce/ConfigControllerCE.java
View File

@ -1,37 +0,0 @@
package com.appsmith.server.controllers.ce;
import com.appsmith.external.views.Views;
import com.appsmith.server.constants.Url;
import com.appsmith.server.domains.Config;
import com.appsmith.server.dtos.ResponseDTO;
import com.appsmith.server.services.ConfigService;
import com.fasterxml.jackson.annotation.JsonView;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import reactor.core.publisher.Mono;
@RequestMapping(Url.CONFIG_URL)
public class ConfigControllerCE {
private final ConfigService service;
public ConfigControllerCE(ConfigService service) {
this.service = service;
}
@JsonView(Views.Public.class)
@GetMapping("/name/{name}")
public Mono<ResponseDTO<Config>> getByName(@PathVariable String name) {
return service.getByName(name).map(resource -> new ResponseDTO<>(HttpStatus.OK, resource));
}
@JsonView(Views.Public.class)
@PutMapping("/name/{name}")
public Mono<ResponseDTO<Config>> updateByName(@PathVariable String name, @RequestBody Config config) {
return service.updateByName(config).map(resource -> new ResponseDTO<>(HttpStatus.OK, resource));
}
}

8
app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCE.java
View File

@ -1,8 +1,6 @@
package com.appsmith.server.services.ce; package com.appsmith.server.services.ce;
import com.appsmith.server.acl.AclPermission;
import com.appsmith.server.domains.Config; import com.appsmith.server.domains.Config;
import com.appsmith.server.domains.User;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import java.util.Map; import java.util.Map;
@ -11,8 +9,6 @@ public interface ConfigServiceCE {
Mono<Config> getByName(String name); Mono<Config> getByName(String name);
Mono<Config> updateByName(Config config);
Mono<Config> save(Config config); Mono<Config> save(Config config);
Mono<Config> save(String name, Map<String, Object> config); Mono<Config> save(String name, Map<String, Object> config);
@ -21,10 +17,6 @@ public interface ConfigServiceCE {
Mono<Void> delete(String name); Mono<Void> delete(String name);
Mono<Config> getByName(String name, AclPermission permission);
Mono<Config> getByNameAsUser(String name, User user, AclPermission permission);
/** /**
* Get the instance variables from the instance config * Get the instance variables from the instance config
* @return Map containing the instance variables * @return Map containing the instance variables

26
app/server/appsmith-server/src/main/java/com/appsmith/server/services/ce/ConfigServiceCEImpl.java
View File

@ -1,9 +1,7 @@
package com.appsmith.server.services.ce; package com.appsmith.server.services.ce;
import com.appsmith.server.acl.AclPermission;
import com.appsmith.server.constants.FieldName; import com.appsmith.server.constants.FieldName;
import com.appsmith.server.domains.Config; import com.appsmith.server.domains.Config;
import com.appsmith.server.domains.User;
import com.appsmith.server.exceptions.AppsmithError; import com.appsmith.server.exceptions.AppsmithError;
import com.appsmith.server.exceptions.AppsmithException; import com.appsmith.server.exceptions.AppsmithException;
import com.appsmith.server.repositories.ConfigRepository; import com.appsmith.server.repositories.ConfigRepository;
@ -34,20 +32,6 @@ public class ConfigServiceCEImpl implements ConfigServiceCE {
Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.CONFIG, name))); Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.CONFIG, name)));
} }
@Override
public Mono<Config> updateByName(Config config) {
final String name = config.getName();
return repository
.findByName(name)
.switchIfEmpty(
Mono.error(new AppsmithException(AppsmithError.NO_RESOURCE_FOUND, FieldName.CONFIG, name)))
.flatMap(dbConfig -> {
log.debug("Found config with name: {} and id: {}", name, dbConfig.getId());
dbConfig.setConfig(config.getConfig());
return repository.save(dbConfig);
});
}
@Override @Override
public Mono<Config> save(Config config) { public Mono<Config> save(Config config) {
return repository return repository
@ -85,16 +69,6 @@ public class ConfigServiceCEImpl implements ConfigServiceCE {
.flatMap(repository::delete); .flatMap(repository::delete);
} }
@Override
public Mono<Config> getByName(String name, AclPermission permission) {
return repository.findByName(name, permission);
}
@Override
public Mono<Config> getByNameAsUser(String name, User user, AclPermission permission) {
return repository.findByNameAsUser(name, user, permission);
}
@Override @Override
public Mono<Map<String, Object>> getInstanceVariables() { public Mono<Map<String, Object>> getInstanceVariables() {
return getByName(FieldName.INSTANCE_CONFIG).map(config -> { return getByName(FieldName.INSTANCE_CONFIG).map(config -> {